From 1fb02038e87a1b489511d558fdadb673d8f4753f Mon Sep 17 00:00:00 2001 From: 0xMarcio Date: Mon, 29 Sep 2025 16:08:36 +0000 Subject: [PATCH] Update CVE sources 2025-09-29 16:08 --- 2024/CVE-2024-0001.md | 34 +++ 2024/CVE-2024-0002.md | 19 ++ 2024/CVE-2024-0003.md | 19 ++ 2024/CVE-2024-0004.md | 18 ++ 2024/CVE-2024-0005.md | 20 ++ 2024/CVE-2024-0010.md | 1 + 2024/CVE-2024-0012.md | 42 ++++ 2024/CVE-2024-0023.md | 1 + 2024/CVE-2024-0030.md | 1 + 2024/CVE-2024-0039.md | 1 + 2024/CVE-2024-0040.md | 1 + 2024/CVE-2024-0044.md | 22 +- 2024/CVE-2024-0054.md | 2 +- 2024/CVE-2024-0055.md | 2 +- 2024/CVE-2024-0056.md | 1 + 2024/CVE-2024-0057.md | 1 + 2024/CVE-2024-0132.md | 26 ++ 2024/CVE-2024-0135.md | 19 ++ 2024/CVE-2024-0195.md | 21 ++ 2024/CVE-2024-0200.md | 19 ++ 2024/CVE-2024-0204.md | 16 ++ 2024/CVE-2024-0208.md | 2 +- 2024/CVE-2024-0220.md | 3 +- 2024/CVE-2024-0229.md | 2 +- 2024/CVE-2024-0230.md | 5 + 2024/CVE-2024-0235.md | 1 + 2024/CVE-2024-0241.md | 17 ++ 2024/CVE-2024-0247.md | 2 +- 2024/CVE-2024-0249.md | 17 ++ 2024/CVE-2024-0253.md | 1 + 2024/CVE-2024-0261.md | 1 + 2024/CVE-2024-0263.md | 1 + 2024/CVE-2024-0269.md | 1 + 2024/CVE-2024-0305.md | 17 ++ 2024/CVE-2024-0311.md | 3 +- 2024/CVE-2024-0323.md | 2 +- 2024/CVE-2024-0324.md | 18 ++ 2024/CVE-2024-0352.md | 1 + 2024/CVE-2024-0360.md | 17 ++ 2024/CVE-2024-0365.md | 1 + 2024/CVE-2024-0368.md | 18 ++ 2024/CVE-2024-0379.md | 18 ++ 2024/CVE-2024-0399.md | 1 + 2024/CVE-2024-0402.md | 2 + 2024/CVE-2024-0405.md | 17 ++ 2024/CVE-2024-0406.md | 6 +- 2024/CVE-2024-0418.md | 1 + 2024/CVE-2024-0419.md | 2 +- 2024/CVE-2024-0443.md | 21 ++ 2024/CVE-2024-0446.md | 14 +- 2024/CVE-2024-0448.md | 17 ++ 2024/CVE-2024-0456.md | 2 +- 2024/CVE-2024-0507.md | 19 ++ 2024/CVE-2024-0509.md | 18 ++ 2024/CVE-2024-0517.md | 9 + 2024/CVE-2024-0519.md | 3 + 2024/CVE-2024-0520.md | 18 ++ 2024/CVE-2024-0522.md | 1 + 2024/CVE-2024-0532.md | 5 +- 2024/CVE-2024-0535.md | 17 ++ 2024/CVE-2024-0546.md | 2 +- 2024/CVE-2024-0547.md | 2 +- 2024/CVE-2024-0548.md | 2 +- 2024/CVE-2024-0564.md | 4 +- 2024/CVE-2024-0566.md | 1 + 2024/CVE-2024-0582.md | 16 ++ 2024/CVE-2024-0588.md | 18 ++ 2024/CVE-2024-0589.md | 2 +- 2024/CVE-2024-0590.md | 18 ++ 2024/CVE-2024-0605.md | 17 ++ 2024/CVE-2024-0606.md | 17 ++ 2024/CVE-2024-0623.md | 2 + 2024/CVE-2024-0624.md | 2 + 2024/CVE-2024-0646.md | 3 +- 2024/CVE-2024-0654.md | 1 + 2024/CVE-2024-0683.md | 18 ++ 2024/CVE-2024-0692.md | 1 + 2024/CVE-2024-0693.md | 2 +- 2024/CVE-2024-0695.md | 2 +- 2024/CVE-2024-0708.md | 17 ++ 2024/CVE-2024-0723.md | 2 +- 2024/CVE-2024-0725.md | 2 +- 2024/CVE-2024-0727.md | 6 +- 2024/CVE-2024-0731.md | 2 +- 2024/CVE-2024-0732.md | 2 +- 2024/CVE-2024-0736.md | 2 +- 2024/CVE-2024-0737.md | 1 + 2024/CVE-2024-0741.md | 1 + 2024/CVE-2024-0744.md | 2 + 2024/CVE-2024-0748.md | 17 ++ 2024/CVE-2024-0760.md | 19 ++ 2024/CVE-2024-0762.md | 35 +++ 2024/CVE-2024-0763.md | 2 +- 2024/CVE-2024-0769.md | 1 + 2024/CVE-2024-0771.md | 17 ++ 2024/CVE-2024-0772.md | 1 + 2024/CVE-2024-0774.md | 1 + 2024/CVE-2024-0783.md | 1 + 2024/CVE-2024-0795.md | 2 +- 2024/CVE-2024-0815.md | 1 + 2024/CVE-2024-0834.md | 17 ++ 2024/CVE-2024-0841.md | 2 +- 2024/CVE-2024-0847.md | 17 ++ 2024/CVE-2024-0848.md | 17 ++ 2024/CVE-2024-0849.md | 4 +- 2024/CVE-2024-0852.md | 17 ++ 2024/CVE-2024-0854.md | 5 +- 2024/CVE-2024-0859.md | 17 ++ 2024/CVE-2024-0861.md | 2 +- 2024/CVE-2024-0864.md | 5 +- 2024/CVE-2024-0874.md | 2 + 2024/CVE-2024-0885.md | 2 +- 2024/CVE-2024-0886.md | 2 +- 2024/CVE-2024-0887.md | 2 +- 2024/CVE-2024-0888.md | 17 ++ 2024/CVE-2024-0889.md | 2 +- 2024/CVE-2024-0901.md | 2 + 2024/CVE-2024-0920.md | 1 + 2024/CVE-2024-0932.md | 1 + 2024/CVE-2024-0936.md | 1 + 2024/CVE-2024-0937.md | 1 + 2024/CVE-2024-0970.md | 17 ++ 2024/CVE-2024-0985.md | 2 + 2024/CVE-2024-10004.md | 17 ++ 2024/CVE-2024-10009.md | 17 ++ 2024/CVE-2024-1001.md | 2 +- 2024/CVE-2024-10010.md | 17 ++ 2024/CVE-2024-10019.md | 17 ++ 2024/CVE-2024-1002.md | 18 ++ 2024/CVE-2024-10021.md | 17 ++ 2024/CVE-2024-10022.md | 17 ++ 2024/CVE-2024-10023.md | 17 ++ 2024/CVE-2024-10024.md | 17 ++ 2024/CVE-2024-10025.md | 19 ++ 2024/CVE-2024-10027.md | 17 ++ 2024/CVE-2024-10041.md | 23 ++ 2024/CVE-2024-10054.md | 17 ++ 2024/CVE-2024-10073.md | 17 ++ 2024/CVE-2024-10076.md | 19 ++ 2024/CVE-2024-10087.md | 17 ++ 2024/CVE-2024-10088.md | 17 ++ 2024/CVE-2024-10089.md | 17 ++ 2024/CVE-2024-10090.md | 17 ++ 2024/CVE-2024-10095.md | 17 ++ 2024/CVE-2024-10098.md | 17 ++ 2024/CVE-2024-10102.md | 17 ++ 2024/CVE-2024-10103.md | 17 ++ 2024/CVE-2024-10104.md | 17 ++ 2024/CVE-2024-10105.md | 17 ++ 2024/CVE-2024-10107.md | 17 ++ 2024/CVE-2024-10123.md | 18 ++ 2024/CVE-2024-10124.md | 19 ++ 2024/CVE-2024-10130.md | 17 ++ 2024/CVE-2024-10136.md | 17 ++ 2024/CVE-2024-10137.md | 17 ++ 2024/CVE-2024-10138.md | 17 ++ 2024/CVE-2024-10139.md | 17 ++ 2024/CVE-2024-10140.md | 17 ++ 2024/CVE-2024-10141.md | 18 ++ 2024/CVE-2024-10143.md | 17 ++ 2024/CVE-2024-10144.md | 17 ++ 2024/CVE-2024-10145.md | 17 ++ 2024/CVE-2024-10146.md | 17 ++ 2024/CVE-2024-10149.md | 17 ++ 2024/CVE-2024-10151.md | 17 ++ 2024/CVE-2024-10152.md | 17 ++ 2024/CVE-2024-1016.md | 2 +- 2024/CVE-2024-10165.md | 17 ++ 2024/CVE-2024-10166.md | 17 ++ 2024/CVE-2024-10167.md | 17 ++ 2024/CVE-2024-10169.md | 17 ++ 2024/CVE-2024-1017.md | 2 +- 2024/CVE-2024-10171.md | 17 ++ 2024/CVE-2024-10173.md | 18 ++ 2024/CVE-2024-10196.md | 17 ++ 2024/CVE-2024-10197.md | 17 ++ 2024/CVE-2024-10198.md | 17 ++ 2024/CVE-2024-10199.md | 17 ++ 2024/CVE-2024-10220.md | 25 ++ 2024/CVE-2024-10224.md | 17 ++ 2024/CVE-2024-10229.md | 17 ++ 2024/CVE-2024-1023.md | 8 +- 2024/CVE-2024-10230.md | 17 ++ 2024/CVE-2024-10231.md | 17 ++ 2024/CVE-2024-10245.md | 17 ++ 2024/CVE-2024-10247.md | 17 ++ 2024/CVE-2024-10252.md | 17 ++ 2024/CVE-2024-10280.md | 26 ++ 2024/CVE-2024-10309.md | 17 ++ 2024/CVE-2024-10314.md | 17 ++ 2024/CVE-2024-10315.md | 17 ++ 2024/CVE-2024-10327.md | 17 ++ 2024/CVE-2024-10344.md | 17 ++ 2024/CVE-2024-10345.md | 17 ++ 2024/CVE-2024-10348.md | 17 ++ 2024/CVE-2024-10349.md | 17 ++ 2024/CVE-2024-10350.md | 17 ++ 2024/CVE-2024-10354.md | 17 ++ 2024/CVE-2024-10355.md | 17 ++ 2024/CVE-2024-10362.md | 17 ++ 2024/CVE-2024-10368.md | 17 ++ 2024/CVE-2024-10369.md | 17 ++ 2024/CVE-2024-10370.md | 17 ++ 2024/CVE-2024-10372.md | 17 ++ 2024/CVE-2024-10395.md | 17 ++ 2024/CVE-2024-10400.md | 27 +++ 2024/CVE-2024-10408.md | 17 ++ 2024/CVE-2024-10409.md | 17 ++ 2024/CVE-2024-10410.md | 17 ++ 2024/CVE-2024-10415.md | 17 ++ 2024/CVE-2024-10416.md | 17 ++ 2024/CVE-2024-10417.md | 17 ++ 2024/CVE-2024-10418.md | 18 ++ 2024/CVE-2024-10419.md | 17 ++ 2024/CVE-2024-10426.md | 17 ++ 2024/CVE-2024-10427.md | 17 ++ 2024/CVE-2024-10430.md | 17 ++ 2024/CVE-2024-10431.md | 17 ++ 2024/CVE-2024-10434.md | 17 ++ 2024/CVE-2024-10435.md | 17 ++ 2024/CVE-2024-10441.md | 19 ++ 2024/CVE-2024-10442.md | 18 ++ 2024/CVE-2024-10443.md | 18 ++ 2024/CVE-2024-10448.md | 18 ++ 2024/CVE-2024-10449.md | 17 ++ 2024/CVE-2024-10450.md | 17 ++ 2024/CVE-2024-10455.md | 17 ++ 2024/CVE-2024-10460.md | 20 ++ 2024/CVE-2024-10461.md | 20 ++ 2024/CVE-2024-10462.md | 20 ++ 2024/CVE-2024-10470.md | 18 ++ 2024/CVE-2024-10471.md | 17 ++ 2024/CVE-2024-10472.md | 17 ++ 2024/CVE-2024-10473.md | 17 ++ 2024/CVE-2024-10474.md | 17 ++ 2024/CVE-2024-10475.md | 17 ++ 2024/CVE-2024-10480.md | 17 ++ 2024/CVE-2024-10482.md | 17 ++ 2024/CVE-2024-10483.md | 17 ++ 2024/CVE-2024-10487.md | 17 ++ 2024/CVE-2024-10488.md | 17 ++ 2024/CVE-2024-10491.md | 17 ++ 2024/CVE-2024-10493.md | 17 ++ 2024/CVE-2024-10499.md | 17 ++ 2024/CVE-2024-10504.md | 17 ++ 2024/CVE-2024-10506.md | 17 ++ 2024/CVE-2024-10507.md | 17 ++ 2024/CVE-2024-10508.md | 18 ++ 2024/CVE-2024-10509.md | 17 ++ 2024/CVE-2024-10510.md | 17 ++ 2024/CVE-2024-10511.md | 17 ++ 2024/CVE-2024-10515.md | 17 ++ 2024/CVE-2024-10516.md | 17 ++ 2024/CVE-2024-10517.md | 17 ++ 2024/CVE-2024-10518.md | 17 ++ 2024/CVE-2024-10524.md | 17 ++ 2024/CVE-2024-10542.md | 18 ++ 2024/CVE-2024-10545.md | 17 ++ 2024/CVE-2024-10546.md | 17 ++ 2024/CVE-2024-10551.md | 17 ++ 2024/CVE-2024-10554.md | 17 ++ 2024/CVE-2024-10555.md | 17 ++ 2024/CVE-2024-10556.md | 17 ++ 2024/CVE-2024-10557.md | 18 ++ 2024/CVE-2024-10558.md | 17 ++ 2024/CVE-2024-10560.md | 17 ++ 2024/CVE-2024-10561.md | 17 ++ 2024/CVE-2024-10562.md | 17 ++ 2024/CVE-2024-10563.md | 17 ++ 2024/CVE-2024-10565.md | 17 ++ 2024/CVE-2024-10566.md | 17 ++ 2024/CVE-2024-10568.md | 17 ++ 2024/CVE-2024-10571.md | 17 ++ 2024/CVE-2024-10573.md | 19 ++ 2024/CVE-2024-10578.md | 18 ++ 2024/CVE-2024-10586.md | 18 ++ 2024/CVE-2024-10596.md | 17 ++ 2024/CVE-2024-10600.md | 27 +++ 2024/CVE-2024-10605.md | 18 ++ 2024/CVE-2024-10607.md | 17 ++ 2024/CVE-2024-10608.md | 17 ++ 2024/CVE-2024-10609.md | 17 ++ 2024/CVE-2024-1062.md | 2 + 2024/CVE-2024-10628.md | 21 ++ 2024/CVE-2024-10629.md | 19 ++ 2024/CVE-2024-10631.md | 17 ++ 2024/CVE-2024-10632.md | 17 ++ 2024/CVE-2024-10634.md | 18 ++ 2024/CVE-2024-10637.md | 17 ++ 2024/CVE-2024-10638.md | 17 ++ 2024/CVE-2024-10639.md | 17 ++ 2024/CVE-2024-10654.md | 20 ++ 2024/CVE-2024-1066.md | 2 +- 2024/CVE-2024-10660.md | 27 +++ 2024/CVE-2024-10668.md | 17 ++ 2024/CVE-2024-10673.md | 18 ++ 2024/CVE-2024-10674.md | 18 ++ 2024/CVE-2024-10677.md | 17 ++ 2024/CVE-2024-10678.md | 17 ++ 2024/CVE-2024-10679.md | 17 ++ 2024/CVE-2024-10680.md | 17 ++ 2024/CVE-2024-10697.md | 26 ++ 2024/CVE-2024-10700.md | 19 ++ 2024/CVE-2024-10702.md | 17 ++ 2024/CVE-2024-10703.md | 17 ++ 2024/CVE-2024-10704.md | 17 ++ 2024/CVE-2024-10706.md | 17 ++ 2024/CVE-2024-10708.md | 17 ++ 2024/CVE-2024-10709.md | 17 ++ 2024/CVE-2024-1071.md | 3 + 2024/CVE-2024-10710.md | 17 ++ 2024/CVE-2024-10728.md | 17 ++ 2024/CVE-2024-10733.md | 17 ++ 2024/CVE-2024-10737.md | 17 ++ 2024/CVE-2024-10738.md | 17 ++ 2024/CVE-2024-10739.md | 17 ++ 2024/CVE-2024-10740.md | 17 ++ 2024/CVE-2024-10741.md | 17 ++ 2024/CVE-2024-10742.md | 17 ++ 2024/CVE-2024-10750.md | 17 ++ 2024/CVE-2024-10751.md | 17 ++ 2024/CVE-2024-10752.md | 19 ++ 2024/CVE-2024-10758.md | 18 ++ 2024/CVE-2024-10759.md | 17 ++ 2024/CVE-2024-10760.md | 17 ++ 2024/CVE-2024-10764.md | 19 ++ 2024/CVE-2024-10765.md | 19 ++ 2024/CVE-2024-10766.md | 19 ++ 2024/CVE-2024-10771.md | 20 ++ 2024/CVE-2024-10772.md | 18 ++ 2024/CVE-2024-10773.md | 20 ++ 2024/CVE-2024-10774.md | 18 ++ 2024/CVE-2024-10776.md | 18 ++ 2024/CVE-2024-10781.md | 18 ++ 2024/CVE-2024-10791.md | 19 ++ 2024/CVE-2024-10792.md | 17 ++ 2024/CVE-2024-10793.md | 19 ++ 2024/CVE-2024-10805.md | 19 ++ 2024/CVE-2024-10808.md | 19 ++ 2024/CVE-2024-10809.md | 19 ++ 2024/CVE-2024-10810.md | 20 ++ 2024/CVE-2024-10813.md | 17 ++ 2024/CVE-2024-10815.md | 17 ++ 2024/CVE-2024-10818.md | 17 ++ 2024/CVE-2024-10826.md | 17 ++ 2024/CVE-2024-10828.md | 17 ++ 2024/CVE-2024-10838.md | 17 ++ 2024/CVE-2024-10844.md | 19 ++ 2024/CVE-2024-10845.md | 19 ++ 2024/CVE-2024-10858.md | 17 ++ 2024/CVE-2024-1086.md | 36 +++ 2024/CVE-2024-10864.md | 19 ++ 2024/CVE-2024-10865.md | 19 ++ 2024/CVE-2024-10892.md | 17 ++ 2024/CVE-2024-10893.md | 17 ++ 2024/CVE-2024-10896.md | 17 ++ 2024/CVE-2024-10903.md | 17 ++ 2024/CVE-2024-10905.md | 17 ++ 2024/CVE-2024-10913.md | 17 ++ 2024/CVE-2024-10914.md | 49 ++++ 2024/CVE-2024-10915.md | 22 ++ 2024/CVE-2024-10919.md | 18 ++ 2024/CVE-2024-10924.md | 45 ++++ 2024/CVE-2024-10926.md | 18 ++ 2024/CVE-2024-10930.md | 18 ++ 2024/CVE-2024-10939.md | 17 ++ 2024/CVE-2024-10941.md | 17 ++ 2024/CVE-2024-10946.md | 18 ++ 2024/CVE-2024-10947.md | 18 ++ 2024/CVE-2024-10958.md | 17 ++ 2024/CVE-2024-10963.md | 25 ++ 2024/CVE-2024-10966.md | 18 ++ 2024/CVE-2024-10967.md | 18 ++ 2024/CVE-2024-10968.md | 18 ++ 2024/CVE-2024-10969.md | 18 ++ 2024/CVE-2024-1097.md | 17 ++ 2024/CVE-2024-10971.md | 17 ++ 2024/CVE-2024-10976.md | 19 ++ 2024/CVE-2024-10977.md | 19 ++ 2024/CVE-2024-10978.md | 19 ++ 2024/CVE-2024-10979.md | 22 ++ 2024/CVE-2024-10980.md | 17 ++ 2024/CVE-2024-10987.md | 18 ++ 2024/CVE-2024-10989.md | 18 ++ 2024/CVE-2024-10991.md | 18 ++ 2024/CVE-2024-10993.md | 18 ++ 2024/CVE-2024-10994.md | 18 ++ 2024/CVE-2024-10995.md | 18 ++ 2024/CVE-2024-10996.md | 18 ++ 2024/CVE-2024-10998.md | 18 ++ 2024/CVE-2024-10999.md | 18 ++ 2024/CVE-2024-11000.md | 18 ++ 2024/CVE-2024-11003.md | 18 ++ 2024/CVE-2024-11008.md | 17 ++ 2024/CVE-2024-1102.md | 4 +- 2024/CVE-2024-11022.md | 18 ++ 2024/CVE-2024-11026.md | 18 ++ 2024/CVE-2024-11040.md | 18 ++ 2024/CVE-2024-11042.md | 18 ++ 2024/CVE-2024-11049.md | 17 ++ 2024/CVE-2024-11050.md | 18 ++ 2024/CVE-2024-11051.md | 18 ++ 2024/CVE-2024-11053.md | 18 ++ 2024/CVE-2024-11056.md | 18 ++ 2024/CVE-2024-11061.md | 18 ++ 2024/CVE-2024-11075.md | 17 ++ 2024/CVE-2024-11079.md | 20 ++ 2024/CVE-2024-11083.md | 17 ++ 2024/CVE-2024-11084.md | 17 ++ 2024/CVE-2024-11089.md | 17 ++ 2024/CVE-2024-11090.md | 17 ++ 2024/CVE-2024-11102.md | 18 ++ 2024/CVE-2024-11106.md | 17 ++ 2024/CVE-2024-11107.md | 17 ++ 2024/CVE-2024-11108.md | 17 ++ 2024/CVE-2024-11109.md | 17 ++ 2024/CVE-2024-1111.md | 17 ++ 2024/CVE-2024-11111.md | 17 ++ 2024/CVE-2024-11114.md | 17 ++ 2024/CVE-2024-11116.md | 17 ++ 2024/CVE-2024-1112.md | 1 + 2024/CVE-2024-11120.md | 22 ++ 2024/CVE-2024-11121.md | 18 ++ 2024/CVE-2024-11122.md | 18 ++ 2024/CVE-2024-11123.md | 17 ++ 2024/CVE-2024-11140.md | 17 ++ 2024/CVE-2024-11141.md | 18 ++ 2024/CVE-2024-11153.md | 17 ++ 2024/CVE-2024-11178.md | 17 ++ 2024/CVE-2024-11182.md | 19 ++ 2024/CVE-2024-11183.md | 17 ++ 2024/CVE-2024-11184.md | 17 ++ 2024/CVE-2024-11187.md | 17 ++ 2024/CVE-2024-11189.md | 17 ++ 2024/CVE-2024-11190.md | 17 ++ 2024/CVE-2024-11199.md | 17 ++ 2024/CVE-2024-11201.md | 17 ++ 2024/CVE-2024-11205.md | 17 ++ 2024/CVE-2024-11221.md | 17 ++ 2024/CVE-2024-11223.md | 17 ++ 2024/CVE-2024-11237.md | 19 ++ 2024/CVE-2024-11240.md | 18 ++ 2024/CVE-2024-11243.md | 18 ++ 2024/CVE-2024-11248.md | 18 ++ 2024/CVE-2024-11251.md | 18 ++ 2024/CVE-2024-11252.md | 18 ++ 2024/CVE-2024-11257.md | 18 ++ 2024/CVE-2024-11258.md | 18 ++ 2024/CVE-2024-11261.md | 17 ++ 2024/CVE-2024-11262.md | 18 ++ 2024/CVE-2024-11266.md | 17 ++ 2024/CVE-2024-11267.md | 17 ++ 2024/CVE-2024-11269.md | 17 ++ 2024/CVE-2024-11272.md | 17 ++ 2024/CVE-2024-11273.md | 17 ++ 2024/CVE-2024-11280.md | 17 ++ 2024/CVE-2024-11282.md | 17 ++ 2024/CVE-2024-1129.md | 17 ++ 2024/CVE-2024-11290.md | 17 ++ 2024/CVE-2024-11291.md | 17 ++ 2024/CVE-2024-11292.md | 17 ++ 2024/CVE-2024-11294.md | 17 ++ 2024/CVE-2024-11295.md | 17 ++ 2024/CVE-2024-11297.md | 17 ++ 2024/CVE-2024-11303.md | 17 ++ 2024/CVE-2024-11305.md | 19 ++ 2024/CVE-2024-11306.md | 18 ++ 2024/CVE-2024-11318.md | 17 ++ 2024/CVE-2024-11319.md | 17 ++ 2024/CVE-2024-11320.md | 17 ++ 2024/CVE-2024-11322.md | 17 ++ 2024/CVE-2024-11351.md | 17 ++ 2024/CVE-2024-11356.md | 17 ++ 2024/CVE-2024-11357.md | 17 ++ 2024/CVE-2024-11372.md | 17 ++ 2024/CVE-2024-11373.md | 17 ++ 2024/CVE-2024-11381.md | 17 ++ 2024/CVE-2024-11392.md | 19 ++ 2024/CVE-2024-11393.md | 18 ++ 2024/CVE-2024-11394.md | 18 ++ 2024/CVE-2024-11395.md | 17 ++ 2024/CVE-2024-11396.md | 17 ++ 2024/CVE-2024-11404.md | 19 ++ 2024/CVE-2024-11423.md | 19 ++ 2024/CVE-2024-1143.md | 1 + 2024/CVE-2024-11451.md | 17 ++ 2024/CVE-2024-11477.md | 18 ++ 2024/CVE-2024-11484.md | 18 ++ 2024/CVE-2024-11485.md | 18 ++ 2024/CVE-2024-11486.md | 18 ++ 2024/CVE-2024-11487.md | 18 ++ 2024/CVE-2024-11502.md | 17 ++ 2024/CVE-2024-11503.md | 17 ++ 2024/CVE-2024-11591.md | 18 ++ 2024/CVE-2024-11592.md | 18 ++ 2024/CVE-2024-11605.md | 17 ++ 2024/CVE-2024-11606.md | 17 ++ 2024/CVE-2024-11607.md | 18 ++ 2024/CVE-2024-11613.md | 18 ++ 2024/CVE-2024-11616.md | 17 ++ 2024/CVE-2024-11621.md | 17 ++ 2024/CVE-2024-1163.md | 5 +- 2024/CVE-2024-11635.md | 17 ++ 2024/CVE-2024-11636.md | 17 ++ 2024/CVE-2024-11638.md | 17 ++ 2024/CVE-2024-11639.md | 17 ++ 2024/CVE-2024-11643.md | 17 ++ 2024/CVE-2024-11644.md | 17 ++ 2024/CVE-2024-11645.md | 17 ++ 2024/CVE-2024-11646.md | 18 ++ 2024/CVE-2024-11650.md | 18 ++ 2024/CVE-2024-11667.md | 23 ++ 2024/CVE-2024-11670.md | 17 ++ 2024/CVE-2024-11671.md | 17 ++ 2024/CVE-2024-11672.md | 17 ++ 2024/CVE-2024-11673.md | 18 ++ 2024/CVE-2024-11675.md | 19 ++ 2024/CVE-2024-11676.md | 18 ++ 2024/CVE-2024-11677.md | 18 ++ 2024/CVE-2024-11680.md | 29 +++ 2024/CVE-2024-11691.md | 21 ++ 2024/CVE-2024-11692.md | 20 ++ 2024/CVE-2024-11693.md | 20 ++ 2024/CVE-2024-11695.md | 20 ++ 2024/CVE-2024-11697.md | 20 ++ 2024/CVE-2024-11700.md | 18 ++ 2024/CVE-2024-11704.md | 20 ++ 2024/CVE-2024-11716.md | 17 ++ 2024/CVE-2024-11717.md | 18 ++ 2024/CVE-2024-11718.md | 17 ++ 2024/CVE-2024-11719.md | 18 ++ 2024/CVE-2024-11728.md | 18 ++ 2024/CVE-2024-11745.md | 18 ++ 2024/CVE-2024-11772.md | 17 ++ 2024/CVE-2024-1179.md | 1 + 2024/CVE-2024-11824.md | 17 ++ 2024/CVE-2024-11831.md | 56 +++++ 2024/CVE-2024-1184.md | 1 + 2024/CVE-2024-11841.md | 17 ++ 2024/CVE-2024-11842.md | 17 ++ 2024/CVE-2024-11843.md | 17 ++ 2024/CVE-2024-11846.md | 17 ++ 2024/CVE-2024-11847.md | 17 ++ 2024/CVE-2024-11848.md | 17 ++ 2024/CVE-2024-11849.md | 17 ++ 2024/CVE-2024-1185.md | 1 + 2024/CVE-2024-11850.md | 17 ++ 2024/CVE-2024-11857.md | 17 ++ 2024/CVE-2024-1186.md | 2 +- 2024/CVE-2024-11860.md | 18 ++ 2024/CVE-2024-1187.md | 4 +- 2024/CVE-2024-1188.md | 2 +- 2024/CVE-2024-1189.md | 2 +- 2024/CVE-2024-1190.md | 17 ++ 2024/CVE-2024-1191.md | 17 ++ 2024/CVE-2024-1192.md | 17 ++ 2024/CVE-2024-11921.md | 17 ++ 2024/CVE-2024-11922.md | 17 ++ 2024/CVE-2024-11924.md | 17 ++ 2024/CVE-2024-1193.md | 2 +- 2024/CVE-2024-11930.md | 17 ++ 2024/CVE-2024-1194.md | 1 + 2024/CVE-2024-11955.md | 17 ++ 2024/CVE-2024-11958.md | 17 ++ 2024/CVE-2024-11959.md | 18 ++ 2024/CVE-2024-11960.md | 18 ++ 2024/CVE-2024-11972.md | 19 ++ 2024/CVE-2024-11977.md | 17 ++ 2024/CVE-2024-11986.md | 17 ++ 2024/CVE-2024-12002.md | 21 ++ 2024/CVE-2024-12006.md | 17 ++ 2024/CVE-2024-12007.md | 18 ++ 2024/CVE-2024-12008.md | 19 ++ 2024/CVE-2024-12015.md | 17 ++ 2024/CVE-2024-12019.md | 18 ++ 2024/CVE-2024-12020.md | 17 ++ 2024/CVE-2024-12025.md | 17 ++ 2024/CVE-2024-12029.md | 17 ++ 2024/CVE-2024-12035.md | 17 ++ 2024/CVE-2024-1204.md | 1 + 2024/CVE-2024-12053.md | 17 ++ 2024/CVE-2024-1207.md | 2 + 2024/CVE-2024-12084.md | 26 ++ 2024/CVE-2024-12085.md | 41 ++++ 2024/CVE-2024-12086.md | 22 ++ 2024/CVE-2024-12087.md | 24 ++ 2024/CVE-2024-12088.md | 24 ++ 2024/CVE-2024-12096.md | 17 ++ 2024/CVE-2024-12107.md | 17 ++ 2024/CVE-2024-12109.md | 17 ++ 2024/CVE-2024-1211.md | 17 ++ 2024/CVE-2024-1212.md | 5 + 2024/CVE-2024-12133.md | 24 ++ 2024/CVE-2024-12148.md | 17 ++ 2024/CVE-2024-12149.md | 17 ++ 2024/CVE-2024-12151.md | 17 ++ 2024/CVE-2024-12157.md | 17 ++ 2024/CVE-2024-12163.md | 17 ++ 2024/CVE-2024-12172.md | 17 ++ 2024/CVE-2024-12173.md | 17 ++ 2024/CVE-2024-12196.md | 17 ++ 2024/CVE-2024-12209.md | 19 ++ 2024/CVE-2024-1221.md | 2 +- 2024/CVE-2024-1222.md | 2 +- 2024/CVE-2024-1223.md | 2 +- 2024/CVE-2024-12232.md | 18 ++ 2024/CVE-2024-12233.md | 18 ++ 2024/CVE-2024-12234.md | 18 ++ 2024/CVE-2024-12243.md | 25 ++ 2024/CVE-2024-12245.md | 18 ++ 2024/CVE-2024-12252.md | 19 ++ 2024/CVE-2024-12254.md | 20 ++ 2024/CVE-2024-12270.md | 17 ++ 2024/CVE-2024-12273.md | 17 ++ 2024/CVE-2024-12274.md | 17 ++ 2024/CVE-2024-12275.md | 17 ++ 2024/CVE-2024-12280.md | 17 ++ 2024/CVE-2024-12282.md | 18 ++ 2024/CVE-2024-12284.md | 19 ++ 2024/CVE-2024-12301.md | 17 ++ 2024/CVE-2024-12302.md | 17 ++ 2024/CVE-2024-12305.md | 17 ++ 2024/CVE-2024-12306.md | 18 ++ 2024/CVE-2024-12307.md | 17 ++ 2024/CVE-2024-12308.md | 17 ++ 2024/CVE-2024-12311.md | 17 ++ 2024/CVE-2024-12312.md | 17 ++ 2024/CVE-2024-12321.md | 17 ++ 2024/CVE-2024-1234.md | 97 ++++++++ 2024/CVE-2024-12342.md | 19 ++ 2024/CVE-2024-12343.md | 18 ++ 2024/CVE-2024-12344.md | 17 ++ 2024/CVE-2024-12345.md | 62 +++++ 2024/CVE-2024-12346.md | 18 ++ 2024/CVE-2024-12347.md | 18 ++ 2024/CVE-2024-1235.md | 17 ++ 2024/CVE-2024-12356.md | 18 ++ 2024/CVE-2024-12365.md | 19 ++ 2024/CVE-2024-12368.md | 18 ++ 2024/CVE-2024-12379.md | 17 ++ 2024/CVE-2024-12381.md | 17 ++ 2024/CVE-2024-12382.md | 17 ++ 2024/CVE-2024-12400.md | 17 ++ 2024/CVE-2024-12404.md | 17 ++ 2024/CVE-2024-12425.md | 17 ++ 2024/CVE-2024-12426.md | 17 ++ 2024/CVE-2024-12436.md | 17 ++ 2024/CVE-2024-1247.md | 2 + 2024/CVE-2024-12471.md | 18 ++ 2024/CVE-2024-12476.md | 21 ++ 2024/CVE-2024-12483.md | 18 ++ 2024/CVE-2024-12484.md | 18 ++ 2024/CVE-2024-1250.md | 2 +- 2024/CVE-2024-12535.md | 17 ++ 2024/CVE-2024-12542.md | 18 ++ 2024/CVE-2024-12558.md | 18 ++ 2024/CVE-2024-12566.md | 17 ++ 2024/CVE-2024-12567.md | 17 ++ 2024/CVE-2024-12568.md | 17 ++ 2024/CVE-2024-12581.md | 18 ++ 2024/CVE-2024-12583.md | 17 ++ 2024/CVE-2024-12585.md | 18 ++ 2024/CVE-2024-12586.md | 17 ++ 2024/CVE-2024-12587.md | 17 ++ 2024/CVE-2024-12594.md | 17 ++ 2024/CVE-2024-12595.md | 17 ++ 2024/CVE-2024-12632.md | 18 ++ 2024/CVE-2024-12638.md | 17 ++ 2024/CVE-2024-12641.md | 18 ++ 2024/CVE-2024-12663.md | 18 ++ 2024/CVE-2024-12664.md | 18 ++ 2024/CVE-2024-12665.md | 18 ++ 2024/CVE-2024-12667.md | 17 ++ 2024/CVE-2024-12679.md | 17 ++ 2024/CVE-2024-12680.md | 17 ++ 2024/CVE-2024-12682.md | 17 ++ 2024/CVE-2024-12683.md | 17 ++ 2024/CVE-2024-12686.md | 18 ++ 2024/CVE-2024-12692.md | 17 ++ 2024/CVE-2024-12693.md | 17 ++ 2024/CVE-2024-12695.md | 18 ++ 2024/CVE-2024-12704.md | 17 ++ 2024/CVE-2024-12705.md | 17 ++ 2024/CVE-2024-12708.md | 17 ++ 2024/CVE-2024-12709.md | 18 ++ 2024/CVE-2024-12714.md | 17 ++ 2024/CVE-2024-12715.md | 17 ++ 2024/CVE-2024-12716.md | 17 ++ 2024/CVE-2024-12717.md | 17 ++ 2024/CVE-2024-12718.md | 17 ++ 2024/CVE-2024-12722.md | 17 ++ 2024/CVE-2024-12723.md | 17 ++ 2024/CVE-2024-12724.md | 17 ++ 2024/CVE-2024-12725.md | 17 ++ 2024/CVE-2024-12726.md | 17 ++ 2024/CVE-2024-12731.md | 17 ++ 2024/CVE-2024-12732.md | 17 ++ 2024/CVE-2024-12733.md | 17 ++ 2024/CVE-2024-12734.md | 17 ++ 2024/CVE-2024-12735.md | 17 ++ 2024/CVE-2024-12736.md | 17 ++ 2024/CVE-2024-12737.md | 17 ++ 2024/CVE-2024-12739.md | 17 ++ 2024/CVE-2024-12743.md | 17 ++ 2024/CVE-2024-12747.md | 24 ++ 2024/CVE-2024-12749.md | 17 ++ 2024/CVE-2024-12750.md | 17 ++ 2024/CVE-2024-12754.md | 17 ++ 2024/CVE-2024-12767.md | 17 ++ 2024/CVE-2024-12768.md | 17 ++ 2024/CVE-2024-12769.md | 17 ++ 2024/CVE-2024-12770.md | 17 ++ 2024/CVE-2024-12772.md | 17 ++ 2024/CVE-2024-12773.md | 17 ++ 2024/CVE-2024-12774.md | 17 ++ 2024/CVE-2024-12797.md | 20 ++ 2024/CVE-2024-12798.md | 20 ++ 2024/CVE-2024-12800.md | 17 ++ 2024/CVE-2024-12801.md | 18 ++ 2024/CVE-2024-12807.md | 17 ++ 2024/CVE-2024-12808.md | 17 ++ 2024/CVE-2024-12812.md | 17 ++ 2024/CVE-2024-1283.md | 2 + 2024/CVE-2024-12847.md | 18 ++ 2024/CVE-2024-12848.md | 17 ++ 2024/CVE-2024-12849.md | 27 +++ 2024/CVE-2024-12856.md | 19 ++ 2024/CVE-2024-12872.md | 17 ++ 2024/CVE-2024-12873.md | 17 ++ 2024/CVE-2024-12874.md | 17 ++ 2024/CVE-2024-12877.md | 19 ++ 2024/CVE-2024-12878.md | 17 ++ 2024/CVE-2024-12883.md | 18 ++ 2024/CVE-2024-12884.md | 19 ++ 2024/CVE-2024-12905.md | 20 ++ 2024/CVE-2024-12907.md | 17 ++ 2024/CVE-2024-12908.md | 17 ++ 2024/CVE-2024-12909.md | 17 ++ 2024/CVE-2024-12910.md | 17 ++ 2024/CVE-2024-12911.md | 17 ++ 2024/CVE-2024-12912.md | 18 ++ 2024/CVE-2024-12928.md | 18 ++ 2024/CVE-2024-12930.md | 18 ++ 2024/CVE-2024-12933.md | 18 ++ 2024/CVE-2024-12935.md | 18 ++ 2024/CVE-2024-12938.md | 18 ++ 2024/CVE-2024-12949.md | 18 ++ 2024/CVE-2024-12950.md | 18 ++ 2024/CVE-2024-12970.md | 17 ++ 2024/CVE-2024-1300.md | 8 +- 2024/CVE-2024-13012.md | 18 ++ 2024/CVE-2024-13015.md | 18 ++ 2024/CVE-2024-13016.md | 18 ++ 2024/CVE-2024-13017.md | 18 ++ 2024/CVE-2024-13018.md | 18 ++ 2024/CVE-2024-13019.md | 18 ++ 2024/CVE-2024-13020.md | 18 ++ 2024/CVE-2024-13028.md | 18 ++ 2024/CVE-2024-13029.md | 17 ++ 2024/CVE-2024-13031.md | 18 ++ 2024/CVE-2024-13032.md | 17 ++ 2024/CVE-2024-13036.md | 18 ++ 2024/CVE-2024-13050.md | 17 ++ 2024/CVE-2024-13052.md | 17 ++ 2024/CVE-2024-13053.md | 17 ++ 2024/CVE-2024-13054.md | 17 ++ 2024/CVE-2024-13055.md | 17 ++ 2024/CVE-2024-13056.md | 17 ++ 2024/CVE-2024-13057.md | 18 ++ 2024/CVE-2024-13080.md | 18 ++ 2024/CVE-2024-13081.md | 18 ++ 2024/CVE-2024-13082.md | 18 ++ 2024/CVE-2024-13083.md | 18 ++ 2024/CVE-2024-13084.md | 18 ++ 2024/CVE-2024-13085.md | 18 ++ 2024/CVE-2024-13094.md | 17 ++ 2024/CVE-2024-13095.md | 17 ++ 2024/CVE-2024-13096.md | 18 ++ 2024/CVE-2024-13097.md | 17 ++ 2024/CVE-2024-13098.md | 17 ++ 2024/CVE-2024-13099.md | 17 ++ 2024/CVE-2024-13100.md | 17 ++ 2024/CVE-2024-13101.md | 17 ++ 2024/CVE-2024-13112.md | 17 ++ 2024/CVE-2024-13113.md | 17 ++ 2024/CVE-2024-13114.md | 17 ++ 2024/CVE-2024-13115.md | 18 ++ 2024/CVE-2024-13116.md | 17 ++ 2024/CVE-2024-13117.md | 17 ++ 2024/CVE-2024-13118.md | 17 ++ 2024/CVE-2024-13119.md | 17 ++ 2024/CVE-2024-13120.md | 17 ++ 2024/CVE-2024-13121.md | 17 ++ 2024/CVE-2024-13122.md | 17 ++ 2024/CVE-2024-13123.md | 17 ++ 2024/CVE-2024-13124.md | 17 ++ 2024/CVE-2024-13125.md | 17 ++ 2024/CVE-2024-13126.md | 17 ++ 2024/CVE-2024-13127.md | 17 ++ 2024/CVE-2024-13128.md | 17 ++ 2024/CVE-2024-1313.md | 1 + 2024/CVE-2024-13146.md | 17 ++ 2024/CVE-2024-13159.md | 22 ++ 2024/CVE-2024-13160.md | 20 ++ 2024/CVE-2024-13161.md | 19 ++ 2024/CVE-2024-13176.md | 18 ++ 2024/CVE-2024-13184.md | 17 ++ 2024/CVE-2024-13198.md | 18 ++ 2024/CVE-2024-13199.md | 18 ++ 2024/CVE-2024-13203.md | 18 ++ 2024/CVE-2024-13204.md | 18 ++ 2024/CVE-2024-13205.md | 18 ++ 2024/CVE-2024-13207.md | 17 ++ 2024/CVE-2024-13208.md | 17 ++ 2024/CVE-2024-13209.md | 19 ++ 2024/CVE-2024-13218.md | 17 ++ 2024/CVE-2024-13219.md | 17 ++ 2024/CVE-2024-13220.md | 17 ++ 2024/CVE-2024-13221.md | 17 ++ 2024/CVE-2024-13222.md | 17 ++ 2024/CVE-2024-13223.md | 17 ++ 2024/CVE-2024-13224.md | 17 ++ 2024/CVE-2024-13225.md | 17 ++ 2024/CVE-2024-13226.md | 17 ++ 2024/CVE-2024-13306.md | 17 ++ 2024/CVE-2024-1331.md | 1 + 2024/CVE-2024-13313.md | 17 ++ 2024/CVE-2024-13314.md | 17 ++ 2024/CVE-2024-13322.md | 18 ++ 2024/CVE-2024-13325.md | 17 ++ 2024/CVE-2024-13326.md | 17 ++ 2024/CVE-2024-13327.md | 17 ++ 2024/CVE-2024-13328.md | 17 ++ 2024/CVE-2024-13329.md | 17 ++ 2024/CVE-2024-13330.md | 17 ++ 2024/CVE-2024-13331.md | 17 ++ 2024/CVE-2024-13332.md | 17 ++ 2024/CVE-2024-13334.md | 17 ++ 2024/CVE-2024-13345.md | 17 ++ 2024/CVE-2024-13346.md | 19 ++ 2024/CVE-2024-13347.md | 17 ++ 2024/CVE-2024-13352.md | 17 ++ 2024/CVE-2024-13357.md | 17 ++ 2024/CVE-2024-13375.md | 17 ++ 2024/CVE-2024-13381.md | 17 ++ 2024/CVE-2024-13382.md | 17 ++ 2024/CVE-2024-13383.md | 17 ++ 2024/CVE-2024-13384.md | 17 ++ 2024/CVE-2024-1342.md | 6 +- 2024/CVE-2024-13454.md | 17 ++ 2024/CVE-2024-1347.md | 2 +- 2024/CVE-2024-13478.md | 18 ++ 2024/CVE-2024-13479.md | 18 ++ 2024/CVE-2024-13481.md | 18 ++ 2024/CVE-2024-13482.md | 18 ++ 2024/CVE-2024-13483.md | 18 ++ 2024/CVE-2024-13485.md | 18 ++ 2024/CVE-2024-13486.md | 17 ++ 2024/CVE-2024-13488.md | 18 ++ 2024/CVE-2024-13489.md | 18 ++ 2024/CVE-2024-13492.md | 17 ++ 2024/CVE-2024-13493.md | 17 ++ 2024/CVE-2024-13496.md | 17 ++ 2024/CVE-2024-13513.md | 18 ++ 2024/CVE-2024-13524.md | 17 ++ 2024/CVE-2024-13543.md | 17 ++ 2024/CVE-2024-13544.md | 17 ++ 2024/CVE-2024-13569.md | 17 ++ 2024/CVE-2024-13570.md | 17 ++ 2024/CVE-2024-13571.md | 17 ++ 2024/CVE-2024-13574.md | 17 ++ 2024/CVE-2024-13580.md | 18 ++ 2024/CVE-2024-13585.md | 17 ++ 2024/CVE-2024-13597.md | 17 ++ 2024/CVE-2024-13598.md | 17 ++ 2024/CVE-2024-13602.md | 17 ++ 2024/CVE-2024-13603.md | 17 ++ 2024/CVE-2024-13605.md | 17 ++ 2024/CVE-2024-13608.md | 17 ++ 2024/CVE-2024-13610.md | 17 ++ 2024/CVE-2024-13615.md | 17 ++ 2024/CVE-2024-13616.md | 17 ++ 2024/CVE-2024-13617.md | 17 ++ 2024/CVE-2024-13618.md | 17 ++ 2024/CVE-2024-13619.md | 17 ++ 2024/CVE-2024-13621.md | 17 ++ 2024/CVE-2024-13624.md | 17 ++ 2024/CVE-2024-13625.md | 17 ++ 2024/CVE-2024-13626.md | 17 ++ 2024/CVE-2024-13627.md | 17 ++ 2024/CVE-2024-13628.md | 17 ++ 2024/CVE-2024-13629.md | 17 ++ 2024/CVE-2024-13630.md | 17 ++ 2024/CVE-2024-13631.md | 17 ++ 2024/CVE-2024-13632.md | 17 ++ 2024/CVE-2024-13633.md | 17 ++ 2024/CVE-2024-13634.md | 17 ++ 2024/CVE-2024-13667.md | 17 ++ 2024/CVE-2024-13668.md | 17 ++ 2024/CVE-2024-13669.md | 17 ++ 2024/CVE-2024-13678.md | 17 ++ 2024/CVE-2024-13681.md | 17 ++ 2024/CVE-2024-13685.md | 17 ++ 2024/CVE-2024-13688.md | 17 ++ 2024/CVE-2024-13689.md | 17 ++ 2024/CVE-2024-13691.md | 17 ++ 2024/CVE-2024-13722.md | 17 ++ 2024/CVE-2024-13723.md | 17 ++ 2024/CVE-2024-13726.md | 17 ++ 2024/CVE-2024-13727.md | 17 ++ 2024/CVE-2024-13729.md | 17 ++ 2024/CVE-2024-13730.md | 17 ++ 2024/CVE-2024-13759.md | 17 ++ 2024/CVE-2024-1380.md | 18 ++ 2024/CVE-2024-13800.md | 18 ++ 2024/CVE-2024-13804.md | 17 ++ 2024/CVE-2024-13822.md | 17 ++ 2024/CVE-2024-13823.md | 17 ++ 2024/CVE-2024-13825.md | 17 ++ 2024/CVE-2024-13826.md | 18 ++ 2024/CVE-2024-13828.md | 17 ++ 2024/CVE-2024-13836.md | 17 ++ 2024/CVE-2024-13853.md | 17 ++ 2024/CVE-2024-13862.md | 17 ++ 2024/CVE-2024-13863.md | 17 ++ 2024/CVE-2024-13864.md | 17 ++ 2024/CVE-2024-13865.md | 17 ++ 2024/CVE-2024-13868.md | 17 ++ 2024/CVE-2024-13869.md | 18 ++ 2024/CVE-2024-13874.md | 17 ++ 2024/CVE-2024-13875.md | 17 ++ 2024/CVE-2024-13876.md | 17 ++ 2024/CVE-2024-13877.md | 17 ++ 2024/CVE-2024-13878.md | 17 ++ 2024/CVE-2024-13880.md | 17 ++ 2024/CVE-2024-13881.md | 17 ++ 2024/CVE-2024-13884.md | 17 ++ 2024/CVE-2024-13885.md | 17 ++ 2024/CVE-2024-13891.md | 17 ++ 2024/CVE-2024-13892.md | 18 ++ 2024/CVE-2024-13893.md | 18 ++ 2024/CVE-2024-13894.md | 18 ++ 2024/CVE-2024-13896.md | 17 ++ 2024/CVE-2024-13903.md | 18 ++ 2024/CVE-2024-13918.md | 17 ++ 2024/CVE-2024-13925.md | 17 ++ 2024/CVE-2024-13926.md | 17 ++ 2024/CVE-2024-13944.md | 19 ++ 2024/CVE-2024-13959.md | 17 ++ 2024/CVE-2024-13960.md | 18 ++ 2024/CVE-2024-13961.md | 18 ++ 2024/CVE-2024-13962.md | 17 ++ 2024/CVE-2024-13966.md | 17 ++ 2024/CVE-2024-1441.md | 1 + 2024/CVE-2024-1442.md | 17 ++ 2024/CVE-2024-1443.md | 1 + 2024/CVE-2024-1454.md | 2 - 2024/CVE-2024-1459.md | 2 +- 2024/CVE-2024-1460.md | 1 + 2024/CVE-2024-1488.md | 2 +- 2024/CVE-2024-1512.md | 16 ++ 2024/CVE-2024-1520.md | 1 + 2024/CVE-2024-1522.md | 1 + 2024/CVE-2024-1525.md | 2 +- 2024/CVE-2024-1544.md | 1 + 2024/CVE-2024-1545.md | 2 + 2024/CVE-2024-1549.md | 2 +- 2024/CVE-2024-1550.md | 2 +- 2024/CVE-2024-1551.md | 2 +- 2024/CVE-2024-1554.md | 2 +- 2024/CVE-2024-1555.md | 2 +- 2024/CVE-2024-1561.md | 21 ++ 2024/CVE-2024-1563.md | 2 +- 2024/CVE-2024-1569.md | 1 + 2024/CVE-2024-1592.md | 17 ++ 2024/CVE-2024-1597.md | 2 + 2024/CVE-2024-1600.md | 1 + 2024/CVE-2024-1601.md | 1 + 2024/CVE-2024-1604.md | 4 +- 2024/CVE-2024-1605.md | 4 +- 2024/CVE-2024-1621.md | 17 ++ 2024/CVE-2024-1635.md | 15 +- 2024/CVE-2024-1646.md | 1 + 2024/CVE-2024-1651.md | 2 + 2024/CVE-2024-1663.md | 17 ++ 2024/CVE-2024-1669.md | 2 + 2024/CVE-2024-1681.md | 17 ++ 2024/CVE-2024-1682.md | 17 ++ 2024/CVE-2024-1698.md | 20 ++ 2024/CVE-2024-1708.md | 2 + 2024/CVE-2024-1709.md | 8 + 2024/CVE-2024-1710.md | 17 ++ 2024/CVE-2024-1727.md | 1 + 2024/CVE-2024-1728.md | 18 ++ 2024/CVE-2024-1753.md | 2 +- 2024/CVE-2024-1764.md | 17 ++ 2024/CVE-2024-1780.md | 17 ++ 2024/CVE-2024-1782.md | 1 + 2024/CVE-2024-1783.md | 1 + 2024/CVE-2024-1800.md | 1 + 2024/CVE-2024-1833.md | 5 +- 2024/CVE-2024-1874.md | 1 + 2024/CVE-2024-1882.md | 2 +- 2024/CVE-2024-1883.md | 4 +- 2024/CVE-2024-1892.md | 2 +- 2024/CVE-2024-1898.md | 17 ++ 2024/CVE-2024-1900.md | 17 ++ 2024/CVE-2024-1901.md | 17 ++ 2024/CVE-2024-1931.md | 1 + 2024/CVE-2024-1936.md | 2 +- 2024/CVE-2024-1939.md | 2 + 2024/CVE-2024-1957.md | 1 + 2024/CVE-2024-1968.md | 17 ++ 2024/CVE-2024-20003.md | 1 + 2024/CVE-2024-20017.md | 7 + 2024/CVE-2024-20018.md | 1 + 2024/CVE-2024-20021.md | 1 + 2024/CVE-2024-20024.md | 1 + 2024/CVE-2024-20076.md | 17 ++ 2024/CVE-2024-20077.md | 17 ++ 2024/CVE-2024-20088.md | 17 ++ 2024/CVE-2024-2009.md | 1 + 2024/CVE-2024-20090.md | 17 ++ 2024/CVE-2024-20091.md | 17 ++ 2024/CVE-2024-20092.md | 17 ++ 2024/CVE-2024-20093.md | 17 ++ 2024/CVE-2024-20095.md | 17 ++ 2024/CVE-2024-20096.md | 17 ++ 2024/CVE-2024-20097.md | 17 ++ 2024/CVE-2024-20104.md | 17 ++ 2024/CVE-2024-20105.md | 17 ++ 2024/CVE-2024-20106.md | 17 ++ 2024/CVE-2024-20107.md | 17 ++ 2024/CVE-2024-20116.md | 17 ++ 2024/CVE-2024-20130.md | 17 ++ 2024/CVE-2024-20136.md | 17 ++ 2024/CVE-2024-20137.md | 17 ++ 2024/CVE-2024-2022.md | 17 ++ 2024/CVE-2024-20253.md | 29 +++ 2024/CVE-2024-20269.md | 17 ++ 2024/CVE-2024-20300.md | 17 ++ 2024/CVE-2024-20338.md | 1 + 2024/CVE-2024-20353.md | 1 + 2024/CVE-2024-20356.md | 5 + 2024/CVE-2024-20358.md | 1 + 2024/CVE-2024-20365.md | 17 ++ 2024/CVE-2024-20377.md | 17 ++ 2024/CVE-2024-20387.md | 17 ++ 2024/CVE-2024-20388.md | 19 ++ 2024/CVE-2024-20399.md | 5 +- 2024/CVE-2024-20403.md | 17 ++ 2024/CVE-2024-20404.md | 1 + 2024/CVE-2024-20405.md | 1 + 2024/CVE-2024-20409.md | 17 ++ 2024/CVE-2024-20424.md | 17 ++ 2024/CVE-2024-20433.md | 19 ++ 2024/CVE-2024-20434.md | 17 ++ 2024/CVE-2024-20439.md | 20 ++ 2024/CVE-2024-2044.md | 12 + 2024/CVE-2024-20440.md | 17 ++ 2024/CVE-2024-20455.md | 19 ++ 2024/CVE-2024-20467.md | 17 ++ 2024/CVE-2024-20469.md | 17 ++ 2024/CVE-2024-20481.md | 19 ++ 2024/CVE-2024-20515.md | 17 ++ 2024/CVE-2024-2053.md | 3 +- 2024/CVE-2024-20656.md | 4 + 2024/CVE-2024-20661.md | 29 ++- 2024/CVE-2024-20666.md | 1 + 2024/CVE-2024-20670.md | 1 + 2024/CVE-2024-20671.md | 2 + 2024/CVE-2024-20674.md | 2 + 2024/CVE-2024-20696.md | 3 + 2024/CVE-2024-20698.md | 1 + 2024/CVE-2024-20746.md | 1 + 2024/CVE-2024-20767.md | 21 +- 2024/CVE-2024-20820.md | 1 + 2024/CVE-2024-20832.md | 1 + 2024/CVE-2024-20865.md | 1 + 2024/CVE-2024-20889.md | 17 ++ 2024/CVE-2024-20890.md | 17 ++ 2024/CVE-2024-20918.md | 17 ++ 2024/CVE-2024-20919.md | 17 ++ 2024/CVE-2024-20921.md | 17 ++ 2024/CVE-2024-20931.md | 19 ++ 2024/CVE-2024-20953.md | 1 + 2024/CVE-2024-21006.md | 22 ++ 2024/CVE-2024-21011.md | 1 + 2024/CVE-2024-21012.md | 1 + 2024/CVE-2024-21096.md | 3 +- 2024/CVE-2024-21182.md | 19 ++ 2024/CVE-2024-21193.md | 17 ++ 2024/CVE-2024-21194.md | 17 ++ 2024/CVE-2024-21196.md | 17 ++ 2024/CVE-2024-21197.md | 17 ++ 2024/CVE-2024-21198.md | 17 ++ 2024/CVE-2024-21199.md | 17 ++ 2024/CVE-2024-21201.md | 17 ++ 2024/CVE-2024-21212.md | 17 ++ 2024/CVE-2024-21213.md | 17 ++ 2024/CVE-2024-21216.md | 17 ++ 2024/CVE-2024-21219.md | 17 ++ 2024/CVE-2024-21230.md | 19 ++ 2024/CVE-2024-21231.md | 17 ++ 2024/CVE-2024-21236.md | 17 ++ 2024/CVE-2024-21237.md | 17 ++ 2024/CVE-2024-21239.md | 17 ++ 2024/CVE-2024-21241.md | 17 ++ 2024/CVE-2024-21287.md | 18 ++ 2024/CVE-2024-21302.md | 3 +- 2024/CVE-2024-21305.md | 3 + 2024/CVE-2024-21306.md | 3 + 2024/CVE-2024-21310.md | 3 + 2024/CVE-2024-21319.md | 2 + 2024/CVE-2024-21320.md | 2 + 2024/CVE-2024-21338.md | 14 ++ 2024/CVE-2024-21345.md | 1 + 2024/CVE-2024-21386.md | 1 + 2024/CVE-2024-21403.md | 17 ++ 2024/CVE-2024-21409.md | 44 ++++ 2024/CVE-2024-21412.md | 2 + 2024/CVE-2024-21413.md | 60 +++++ 2024/CVE-2024-21431.md | 1 + 2024/CVE-2024-21447.md | 1 + 2024/CVE-2024-21455.md | 17 ++ 2024/CVE-2024-21483.md | 4 +- 2024/CVE-2024-21489.md | 17 ++ 2024/CVE-2024-21490.md | 1 + 2024/CVE-2024-21503.md | 1 + 2024/CVE-2024-21505.md | 1 + 2024/CVE-2024-21506.md | 1 + 2024/CVE-2024-21510.md | 17 ++ 2024/CVE-2024-21512.md | 17 ++ 2024/CVE-2024-21513.md | 5 +- 2024/CVE-2024-21516.md | 4 +- 2024/CVE-2024-21528.md | 17 ++ 2024/CVE-2024-21529.md | 17 ++ 2024/CVE-2024-21530.md | 17 ++ 2024/CVE-2024-21531.md | 17 ++ 2024/CVE-2024-21532.md | 19 ++ 2024/CVE-2024-21533.md | 19 ++ 2024/CVE-2024-21534.md | 25 ++ 2024/CVE-2024-21535.md | 17 ++ 2024/CVE-2024-21536.md | 17 ++ 2024/CVE-2024-21537.md | 17 ++ 2024/CVE-2024-21538.md | 42 ++++ 2024/CVE-2024-21539.md | 17 ++ 2024/CVE-2024-21541.md | 20 ++ 2024/CVE-2024-21542.md | 17 ++ 2024/CVE-2024-21543.md | 17 ++ 2024/CVE-2024-21544.md | 17 ++ 2024/CVE-2024-21546.md | 18 ++ 2024/CVE-2024-21547.md | 17 ++ 2024/CVE-2024-21548.md | 17 ++ 2024/CVE-2024-21549.md | 17 ++ 2024/CVE-2024-21591.md | 17 ++ 2024/CVE-2024-21610.md | 3 +- 2024/CVE-2024-21626.md | 16 ++ 2024/CVE-2024-21650.md | 1 + 2024/CVE-2024-2166.md | 17 ++ 2024/CVE-2024-21683.md | 19 ++ 2024/CVE-2024-21689.md | 2 + 2024/CVE-2024-2169.md | 1 + 2024/CVE-2024-21733.md | 20 ++ 2024/CVE-2024-21742.md | 2 +- 2024/CVE-2024-21754.md | 2 + 2024/CVE-2024-21762.md | 28 +++ 2024/CVE-2024-21775.md | 2 + 2024/CVE-2024-21791.md | 17 ++ 2024/CVE-2024-21793.md | 17 ++ 2024/CVE-2024-21798.md | 4 + 2024/CVE-2024-21799.md | 18 ++ 2024/CVE-2024-21803.md | 18 ++ 2024/CVE-2024-2188.md | 2 + 2024/CVE-2024-21887.md | 23 ++ 2024/CVE-2024-21890.md | 1 + 2024/CVE-2024-21891.md | 4 + 2024/CVE-2024-21892.md | 13 + 2024/CVE-2024-21893.md | 6 + 2024/CVE-2024-21896.md | 3 + 2024/CVE-2024-21899.md | 1 + 2024/CVE-2024-21907.md | 3 + 2024/CVE-2024-21908.md | 1 + 2024/CVE-2024-21909.md | 1 + 2024/CVE-2024-21910.md | 1 + 2024/CVE-2024-21911.md | 1 + 2024/CVE-2024-21937.md | 21 ++ 2024/CVE-2024-2194.md | 1 + 2024/CVE-2024-21957.md | 17 ++ 2024/CVE-2024-21958.md | 17 ++ 2024/CVE-2024-21960.md | 17 ++ 2024/CVE-2024-2201.md | 17 ++ 2024/CVE-2024-22017.md | 2 + 2024/CVE-2024-22019.md | 8 + 2024/CVE-2024-22024.md | 16 ++ 2024/CVE-2024-22029.md | 40 +++ 2024/CVE-2024-22043.md | 19 ++ 2024/CVE-2024-22047.md | 1 + 2024/CVE-2024-22048.md | 1 + 2024/CVE-2024-22049.md | 1 + 2024/CVE-2024-22050.md | 17 ++ 2024/CVE-2024-22051.md | 1 + 2024/CVE-2024-22102.md | 17 ++ 2024/CVE-2024-22103.md | 17 ++ 2024/CVE-2024-22104.md | 17 ++ 2024/CVE-2024-22105.md | 17 ++ 2024/CVE-2024-22106.md | 17 ++ 2024/CVE-2024-22120.md | 34 +++ 2024/CVE-2024-22127.md | 2 +- 2024/CVE-2024-2218.md | 1 + 2024/CVE-2024-22195.md | 3 + 2024/CVE-2024-22198.md | 1 + 2024/CVE-2024-22208.md | 2 +- 2024/CVE-2024-2222.md | 3 + 2024/CVE-2024-22234.md | 2 + 2024/CVE-2024-22235.md | 1 + 2024/CVE-2024-22243.md | 4 + 2024/CVE-2024-22252.md | 1 + 2024/CVE-2024-22253.md | 23 ++ 2024/CVE-2024-22254.md | 1 + 2024/CVE-2024-22255.md | 23 ++ 2024/CVE-2024-22259.md | 1 + 2024/CVE-2024-22262.md | 4 + 2024/CVE-2024-22263.md | 5 + 2024/CVE-2024-22268.md | 19 ++ 2024/CVE-2024-22274.md | 5 + 2024/CVE-2024-22275.md | 1 + 2024/CVE-2024-2236.md | 7 + 2024/CVE-2024-22365.md | 7 + 2024/CVE-2024-22371.md | 19 ++ 2024/CVE-2024-22376.md | 18 ++ 2024/CVE-2024-22399.md | 28 +++ 2024/CVE-2024-2241.md | 2 +- 2024/CVE-2024-22412.md | 1 + 2024/CVE-2024-22419.md | 4 +- 2024/CVE-2024-2242.md | 4 + 2024/CVE-2024-22452.md | 1 + 2024/CVE-2024-22526.md | 2 + 2024/CVE-2024-22529.md | 2 +- 2024/CVE-2024-22547.md | 2 + 2024/CVE-2024-2257.md | 1 + 2024/CVE-2024-22637.md | 1 + 2024/CVE-2024-22722.md | 2 +- 2024/CVE-2024-22733.md | 17 ++ 2024/CVE-2024-22734.md | 2 +- 2024/CVE-2024-22773.md | 1 + 2024/CVE-2024-22851.md | 1 + 2024/CVE-2024-22853.md | 17 ++ 2024/CVE-2024-22871.md | 1 + 2024/CVE-2024-22891.md | 1 + 2024/CVE-2024-22894.md | 1 + 2024/CVE-2024-22899.md | 1 + 2024/CVE-2024-22902.md | 2 + 2024/CVE-2024-22922.md | 1 + 2024/CVE-2024-22983.md | 1 + 2024/CVE-2024-23052.md | 17 ++ 2024/CVE-2024-23091.md | 1 + 2024/CVE-2024-23113.md | 14 ++ 2024/CVE-2024-23120.md | 14 +- 2024/CVE-2024-23121.md | 14 +- 2024/CVE-2024-23122.md | 14 +- 2024/CVE-2024-23123.md | 14 +- 2024/CVE-2024-23124.md | 14 +- 2024/CVE-2024-23125.md | 14 +- 2024/CVE-2024-23126.md | 14 +- 2024/CVE-2024-23130.md | 12 +- 2024/CVE-2024-23131.md | 12 +- 2024/CVE-2024-23132.md | 14 +- 2024/CVE-2024-23133.md | 14 +- 2024/CVE-2024-23135.md | 14 +- 2024/CVE-2024-23136.md | 14 +- 2024/CVE-2024-23138.md | 14 +- 2024/CVE-2024-23139.md | 4 +- 2024/CVE-2024-23226.md | 24 ++ 2024/CVE-2024-23296.md | 1 + 2024/CVE-2024-23298.md | 1 + 2024/CVE-2024-2330.md | 17 ++ 2024/CVE-2024-23309.md | 17 ++ 2024/CVE-2024-23321.md | 17 ++ 2024/CVE-2024-23331.md | 1 + 2024/CVE-2024-23334.md | 36 +++ 2024/CVE-2024-23339.md | 2 + 2024/CVE-2024-23342.md | 1 + 2024/CVE-2024-23346.md | 9 +- 2024/CVE-2024-23372.md | 17 ++ 2024/CVE-2024-23373.md | 17 ++ 2024/CVE-2024-23380.md | 17 ++ 2024/CVE-2024-23385.md | 17 ++ 2024/CVE-2024-2340.md | 17 ++ 2024/CVE-2024-23443.md | 17 ++ 2024/CVE-2024-23450.md | 2 +- 2024/CVE-2024-23556.md | 17 ++ 2024/CVE-2024-2359.md | 17 ++ 2024/CVE-2024-23594.md | 17 ++ 2024/CVE-2024-23609.md | 2 +- 2024/CVE-2024-23612.md | 2 +- 2024/CVE-2024-2362.md | 17 ++ 2024/CVE-2024-2363.md | 3 +- 2024/CVE-2024-23650.md | 18 ++ 2024/CVE-2024-23651.md | 2 + 2024/CVE-2024-23652.md | 2 + 2024/CVE-2024-23653.md | 4 + 2024/CVE-2024-23656.md | 2 +- 2024/CVE-2024-23660.md | 1 + 2024/CVE-2024-23666.md | 19 ++ 2024/CVE-2024-23672.md | 2 + 2024/CVE-2024-23673.md | 1 + 2024/CVE-2024-23692.md | 32 +++ 2024/CVE-2024-23708.md | 1 + 2024/CVE-2024-23709.md | 1 + 2024/CVE-2024-23710.md | 17 ++ 2024/CVE-2024-23722.md | 1 + 2024/CVE-2024-23724.md | 4 + 2024/CVE-2024-23733.md | 17 ++ 2024/CVE-2024-23739.md | 1 + 2024/CVE-2024-23744.md | 1 + 2024/CVE-2024-2379.md | 3 +- 2024/CVE-2024-23829.md | 2 +- 2024/CVE-2024-2383.md | 17 ++ 2024/CVE-2024-23831.md | 17 ++ 2024/CVE-2024-2387.md | 3 + 2024/CVE-2024-2389.md | 20 ++ 2024/CVE-2024-23897.md | 59 +++++ 2024/CVE-2024-23898.md | 3 + 2024/CVE-2024-23910.md | 4 + 2024/CVE-2024-23911.md | 20 ++ 2024/CVE-2024-23917.md | 1 + 2024/CVE-2024-23944.md | 17 ++ 2024/CVE-2024-23957.md | 17 ++ 2024/CVE-2024-23983.md | 18 ++ 2024/CVE-2024-23995.md | 2 +- 2024/CVE-2024-23997.md | 2 +- 2024/CVE-2024-23998.md | 2 +- 2024/CVE-2024-2403.md | 17 ++ 2024/CVE-2024-24034.md | 1 + 2024/CVE-2024-24035.md | 1 + 2024/CVE-2024-24041.md | 3 + 2024/CVE-2024-2408.md | 1 + 2024/CVE-2024-24321.md | 2 +- 2024/CVE-2024-24409.md | 18 ++ 2024/CVE-2024-24416.md | 17 ++ 2024/CVE-2024-24417.md | 17 ++ 2024/CVE-2024-24418.md | 17 ++ 2024/CVE-2024-24419.md | 17 ++ 2024/CVE-2024-24420.md | 17 ++ 2024/CVE-2024-24421.md | 17 ++ 2024/CVE-2024-24422.md | 17 ++ 2024/CVE-2024-24423.md | 17 ++ 2024/CVE-2024-24424.md | 17 ++ 2024/CVE-2024-24425.md | 17 ++ 2024/CVE-2024-24426.md | 17 ++ 2024/CVE-2024-24427.md | 17 ++ 2024/CVE-2024-24428.md | 17 ++ 2024/CVE-2024-24429.md | 17 ++ 2024/CVE-2024-24430.md | 17 ++ 2024/CVE-2024-24431.md | 17 ++ 2024/CVE-2024-24432.md | 17 ++ 2024/CVE-2024-24442.md | 17 ++ 2024/CVE-2024-24443.md | 17 ++ 2024/CVE-2024-24444.md | 17 ++ 2024/CVE-2024-24445.md | 17 ++ 2024/CVE-2024-24446.md | 17 ++ 2024/CVE-2024-24447.md | 17 ++ 2024/CVE-2024-24449.md | 17 ++ 2024/CVE-2024-24450.md | 18 ++ 2024/CVE-2024-24451.md | 18 ++ 2024/CVE-2024-24549.md | 4 + 2024/CVE-2024-24564.md | 4 +- 2024/CVE-2024-24571.md | 2 +- 2024/CVE-2024-24572.md | 2 +- 2024/CVE-2024-24573.md | 2 +- 2024/CVE-2024-24576.md | 3 + 2024/CVE-2024-24590.md | 5 + 2024/CVE-2024-24680.md | 1 + 2024/CVE-2024-24684.md | 17 ++ 2024/CVE-2024-24685.md | 17 ++ 2024/CVE-2024-24686.md | 17 ++ 2024/CVE-2024-24690.md | 2 +- 2024/CVE-2024-24691.md | 4 +- 2024/CVE-2024-24693.md | 2 +- 2024/CVE-2024-24698.md | 2 +- 2024/CVE-2024-24722.md | 2 +- 2024/CVE-2024-24725.md | 1 + 2024/CVE-2024-24740.md | 2 +- 2024/CVE-2024-24759.md | 17 ++ 2024/CVE-2024-24762.md | 4 + 2024/CVE-2024-2477.md | 1 + 2024/CVE-2024-24777.md | 17 ++ 2024/CVE-2024-24780.md | 20 ++ 2024/CVE-2024-24783.md | 1 + 2024/CVE-2024-24784.md | 1 + 2024/CVE-2024-24785.md | 1 + 2024/CVE-2024-24786.md | 5 + 2024/CVE-2024-24789.md | 1 + 2024/CVE-2024-24790.md | 4 + 2024/CVE-2024-24791.md | 3 + 2024/CVE-2024-24795.md | 3 +- 2024/CVE-2024-24806.md | 1 + 2024/CVE-2024-24809.md | 1 + 2024/CVE-2024-24813.md | 1 + 2024/CVE-2024-2485.md | 1 + 2024/CVE-2024-2489.md | 1 + 2024/CVE-2024-2490.md | 1 + 2024/CVE-2024-24914.md | 17 ++ 2024/CVE-2024-24919.md | 53 ++++ 2024/CVE-2024-24926.md | 17 ++ 2024/CVE-2024-24942.md | 1 + 2024/CVE-2024-24989.md | 19 ++ 2024/CVE-2024-24990.md | 19 ++ 2024/CVE-2024-24993.md | 17 ++ 2024/CVE-2024-25062.md | 4 + 2024/CVE-2024-25065.md | 3 + 2024/CVE-2024-25066.md | 17 ++ 2024/CVE-2024-25073.md | 17 ++ 2024/CVE-2024-25074.md | 17 ++ 2024/CVE-2024-25086.md | 17 ++ 2024/CVE-2024-25087.md | 17 ++ 2024/CVE-2024-25088.md | 17 ++ 2024/CVE-2024-25092.md | 2 + 2024/CVE-2024-25096.md | 17 ++ 2024/CVE-2024-25102.md | 2 +- 2024/CVE-2024-25103.md | 1 + 2024/CVE-2024-2511.md | 5 +- 2024/CVE-2024-25111.md | 1 + 2024/CVE-2024-25124.md | 1 + 2024/CVE-2024-25153.md | 17 ++ 2024/CVE-2024-25180.md | 4 +- 2024/CVE-2024-25197.md | 1 + 2024/CVE-2024-25198.md | 1 + 2024/CVE-2024-25199.md | 1 + 2024/CVE-2024-25202.md | 2 + 2024/CVE-2024-25270.md | 18 ++ 2024/CVE-2024-25291.md | 2 +- 2024/CVE-2024-25292.md | 2 +- 2024/CVE-2024-25293.md | 1 + 2024/CVE-2024-25302.md | 1 + 2024/CVE-2024-25304.md | 1 + 2024/CVE-2024-25305.md | 1 + 2024/CVE-2024-25306.md | 1 + 2024/CVE-2024-25308.md | 1 + 2024/CVE-2024-25309.md | 1 + 2024/CVE-2024-25310.md | 1 + 2024/CVE-2024-25312.md | 1 + 2024/CVE-2024-25313.md | 1 + 2024/CVE-2024-25314.md | 1 + 2024/CVE-2024-25315.md | 1 + 2024/CVE-2024-25316.md | 1 + 2024/CVE-2024-25318.md | 1 + 2024/CVE-2024-25381.md | 1 + 2024/CVE-2024-25411.md | 17 ++ 2024/CVE-2024-25412.md | 17 ++ 2024/CVE-2024-25422.md | 1 + 2024/CVE-2024-25431.md | 17 ++ 2024/CVE-2024-2546.md | 1 + 2024/CVE-2024-2547.md | 1 + 2024/CVE-2024-2548.md | 17 ++ 2024/CVE-2024-25503.md | 2 +- 2024/CVE-2024-25506.md | 17 ++ 2024/CVE-2024-2552.md | 19 ++ 2024/CVE-2024-25561.md | 18 ++ 2024/CVE-2024-25575.md | 1 + 2024/CVE-2024-25579.md | 4 + 2024/CVE-2024-2558.md | 1 + 2024/CVE-2024-25580.md | 1 + 2024/CVE-2024-2559.md | 1 + 2024/CVE-2024-2560.md | 1 + 2024/CVE-2024-25600.md | 42 ++++ 2024/CVE-2024-2561.md | 9 + 2024/CVE-2024-25617.md | 1 + 2024/CVE-2024-25623.md | 1 + 2024/CVE-2024-25625.md | 1 + 2024/CVE-2024-25629.md | 1 + 2024/CVE-2024-25636.md | 17 ++ 2024/CVE-2024-25641.md | 10 + 2024/CVE-2024-25644.md | 2 +- 2024/CVE-2024-25645.md | 2 +- 2024/CVE-2024-25648.md | 1 + 2024/CVE-2024-25652.md | 8 +- 2024/CVE-2024-2566.md | 1 + 2024/CVE-2024-25676.md | 1 + 2024/CVE-2024-25694.md | 17 ++ 2024/CVE-2024-25710.md | 2 + 2024/CVE-2024-25723.md | 17 ++ 2024/CVE-2024-25741.md | 1 + 2024/CVE-2024-25742.md | 3 +- 2024/CVE-2024-25743.md | 2 + 2024/CVE-2024-2581.md | 1 + 2024/CVE-2024-25817.md | 1 + 2024/CVE-2024-25852.md | 18 ++ 2024/CVE-2024-25885.md | 17 ++ 2024/CVE-2024-25897.md | 1 + 2024/CVE-2024-25940.md | 1 + 2024/CVE-2024-25978.md | 1 + 2024/CVE-2024-25979.md | 1 + 2024/CVE-2024-25980.md | 1 + 2024/CVE-2024-25981.md | 1 + 2024/CVE-2024-25982.md | 1 + 2024/CVE-2024-25983.md | 1 + 2024/CVE-2024-26011.md | 26 ++ 2024/CVE-2024-26026.md | 17 ++ 2024/CVE-2024-26027.md | 18 ++ 2024/CVE-2024-2605.md | 2 +- 2024/CVE-2024-26050.md | 2 +- 2024/CVE-2024-2606.md | 2 +- 2024/CVE-2024-2608.md | 2 +- 2024/CVE-2024-2609.md | 2 +- 2024/CVE-2024-26092.md | 17 ++ 2024/CVE-2024-2610.md | 2 +- 2024/CVE-2024-2611.md | 2 +- 2024/CVE-2024-26119.md | 4 +- 2024/CVE-2024-26130.md | 1 + 2024/CVE-2024-26139.md | 18 ++ 2024/CVE-2024-26160.md | 2 + 2024/CVE-2024-26169.md | 1 + 2024/CVE-2024-26198.md | 1 + 2024/CVE-2024-2620.md | 1 + 2024/CVE-2024-2621.md | 1 + 2024/CVE-2024-26218.md | 1 + 2024/CVE-2024-2622.md | 1 + 2024/CVE-2024-26229.md | 12 + 2024/CVE-2024-26230.md | 3 + 2024/CVE-2024-2624.md | 17 ++ 2024/CVE-2024-2625.md | 1 + 2024/CVE-2024-26251.md | 21 ++ 2024/CVE-2024-26263.md | 4 +- 2024/CVE-2024-26275.md | 28 +++ 2024/CVE-2024-26277.md | 28 +++ 2024/CVE-2024-26281.md | 2 +- 2024/CVE-2024-26284.md | 2 +- 2024/CVE-2024-26304.md | 18 ++ 2024/CVE-2024-26308.md | 1 + 2024/CVE-2024-26314.md | 17 ++ 2024/CVE-2024-26317.md | 17 ++ 2024/CVE-2024-2643.md | 17 ++ 2024/CVE-2024-26454.md | 1 + 2024/CVE-2024-26458.md | 5 + 2024/CVE-2024-26461.md | 5 + 2024/CVE-2024-26462.md | 5 + 2024/CVE-2024-26481.md | 1 + 2024/CVE-2024-26483.md | 1 + 2024/CVE-2024-2658.md | 17 ++ 2024/CVE-2024-26581.md | 4 + 2024/CVE-2024-26594.md | 2 +- 2024/CVE-2024-26595.md | 2 +- 2024/CVE-2024-26596.md | 2 +- 2024/CVE-2024-26656.md | 2 +- 2024/CVE-2024-26669.md | 18 ++ 2024/CVE-2024-2667.md | 1 + 2024/CVE-2024-26672.md | 17 ++ 2024/CVE-2024-26687.md | 17 ++ 2024/CVE-2024-26713.md | 8 +- 2024/CVE-2024-26718.md | 2 +- 2024/CVE-2024-26720.md | 8 +- 2024/CVE-2024-26739.md | 17 ++ 2024/CVE-2024-26809.md | 17 ++ 2024/CVE-2024-26811.md | 2 +- 2024/CVE-2024-2682.md | 2 +- 2024/CVE-2024-26913.md | 18 ++ 2024/CVE-2024-26920.md | 2 +- 2024/CVE-2024-26921.md | 17 ++ 2024/CVE-2024-26925.md | 1 + 2024/CVE-2024-26926.md | 2 + 2024/CVE-2024-26928.md | 2 +- 2024/CVE-2024-26930.md | 18 ++ 2024/CVE-2024-26944.md | 17 ++ 2024/CVE-2024-26952.md | 17 ++ 2024/CVE-2024-2700.md | 2 +- 2024/CVE-2024-27011.md | 2 +- 2024/CVE-2024-27012.md | 2 +- 2024/CVE-2024-27017.md | 2 +- 2024/CVE-2024-27022.md | 2 +- 2024/CVE-2024-2703.md | 1 + 2024/CVE-2024-2704.md | 1 + 2024/CVE-2024-27042.md | 17 ++ 2024/CVE-2024-2705.md | 1 + 2024/CVE-2024-2706.md | 1 + 2024/CVE-2024-2707.md | 1 + 2024/CVE-2024-2708.md | 1 + 2024/CVE-2024-27088.md | 3 + 2024/CVE-2024-2709.md | 1 + 2024/CVE-2024-2710.md | 1 + 2024/CVE-2024-2711.md | 1 + 2024/CVE-2024-27115.md | 18 ++ 2024/CVE-2024-27120.md | 17 ++ 2024/CVE-2024-27126.md | 17 ++ 2024/CVE-2024-27130.md | 18 ++ 2024/CVE-2024-27132.md | 1 + 2024/CVE-2024-27173.md | 1 + 2024/CVE-2024-27198.md | 38 +++ 2024/CVE-2024-27199.md | 5 + 2024/CVE-2024-27281.md | 1 + 2024/CVE-2024-27282.md | 1 + 2024/CVE-2024-27286.md | 2 +- 2024/CVE-2024-27292.md | 20 ++ 2024/CVE-2024-2730.md | 17 ++ 2024/CVE-2024-27305.md | 17 ++ 2024/CVE-2024-27306.md | 1 + 2024/CVE-2024-2731.md | 17 ++ 2024/CVE-2024-27310.md | 5 +- 2024/CVE-2024-27316.md | 3 + 2024/CVE-2024-27322.md | 3 + 2024/CVE-2024-27347.md | 2 + 2024/CVE-2024-27348.md | 25 ++ 2024/CVE-2024-27388.md | 17 ++ 2024/CVE-2024-27394.md | 20 ++ 2024/CVE-2024-27397.md | 17 ++ 2024/CVE-2024-27398.md | 3 +- 2024/CVE-2024-27443.md | 1 + 2024/CVE-2024-27444.md | 3 + 2024/CVE-2024-27448.md | 1 + 2024/CVE-2024-27460.md | 1 + 2024/CVE-2024-2750.md | 17 ++ 2024/CVE-2024-27518.md | 1 + 2024/CVE-2024-27527.md | 17 ++ 2024/CVE-2024-27528.md | 17 ++ 2024/CVE-2024-27529.md | 17 ++ 2024/CVE-2024-27530.md | 17 ++ 2024/CVE-2024-27532.md | 17 ++ 2024/CVE-2024-27564.md | 6 +- 2024/CVE-2024-2759.md | 2 +- 2024/CVE-2024-27592.md | 1 + 2024/CVE-2024-2763.md | 1 + 2024/CVE-2024-27630.md | 1 + 2024/CVE-2024-27631.md | 1 + 2024/CVE-2024-27632.md | 1 + 2024/CVE-2024-2764.md | 1 + 2024/CVE-2024-2771.md | 20 ++ 2024/CVE-2024-27756.md | 1 + 2024/CVE-2024-27766.md | 17 ++ 2024/CVE-2024-2777.md | 5 +- 2024/CVE-2024-27804.md | 1 + 2024/CVE-2024-27808.md | 25 ++ 2024/CVE-2024-27815.md | 1 + 2024/CVE-2024-2782.md | 19 ++ 2024/CVE-2024-27821.md | 21 ++ 2024/CVE-2024-27876.md | 22 ++ 2024/CVE-2024-27912.md | 17 ++ 2024/CVE-2024-27914.md | 1 + 2024/CVE-2024-27923.md | 2 +- 2024/CVE-2024-27937.md | 1 + 2024/CVE-2024-27954.md | 21 ++ 2024/CVE-2024-27956.md | 30 +++ 2024/CVE-2024-2796.md | 17 ++ 2024/CVE-2024-27971.md | 1 + 2024/CVE-2024-27972.md | 1 + 2024/CVE-2024-27980.md | 23 ++ 2024/CVE-2024-27982.md | 17 ++ 2024/CVE-2024-27983.md | 3 + 2024/CVE-2024-28000.md | 7 + 2024/CVE-2024-28029.md | 2 +- 2024/CVE-2024-28038.md | 18 ++ 2024/CVE-2024-28046.md | 18 ++ 2024/CVE-2024-2805.md | 1 + 2024/CVE-2024-28052.md | 17 ++ 2024/CVE-2024-28056.md | 2 +- 2024/CVE-2024-2806.md | 1 + 2024/CVE-2024-2807.md | 1 + 2024/CVE-2024-2808.md | 1 + 2024/CVE-2024-28084.md | 1 + 2024/CVE-2024-28085.md | 4 + 2024/CVE-2024-28088.md | 3 + 2024/CVE-2024-2809.md | 1 + 2024/CVE-2024-28093.md | 2 +- 2024/CVE-2024-2810.md | 1 + 2024/CVE-2024-28103.md | 17 ++ 2024/CVE-2024-2811.md | 1 + 2024/CVE-2024-28114.md | 17 ++ 2024/CVE-2024-28116.md | 2 + 2024/CVE-2024-2812.md | 2 + 2024/CVE-2024-28125.md | 4 +- 2024/CVE-2024-2813.md | 1 + 2024/CVE-2024-28138.md | 17 ++ 2024/CVE-2024-28139.md | 17 ++ 2024/CVE-2024-2814.md | 1 + 2024/CVE-2024-28140.md | 17 ++ 2024/CVE-2024-28141.md | 17 ++ 2024/CVE-2024-28142.md | 17 ++ 2024/CVE-2024-28143.md | 17 ++ 2024/CVE-2024-28144.md | 17 ++ 2024/CVE-2024-28145.md | 17 ++ 2024/CVE-2024-28146.md | 17 ++ 2024/CVE-2024-2815.md | 1 + 2024/CVE-2024-2816.md | 1 + 2024/CVE-2024-28163.md | 2 +- 2024/CVE-2024-2817.md | 1 + 2024/CVE-2024-28176.md | 1 + 2024/CVE-2024-28192.md | 2 + 2024/CVE-2024-28193.md | 1 + 2024/CVE-2024-28213.md | 1 + 2024/CVE-2024-28219.md | 1 + 2024/CVE-2024-28224.md | 2 +- 2024/CVE-2024-28253.md | 17 ++ 2024/CVE-2024-28255.md | 18 ++ 2024/CVE-2024-28326.md | 2 +- 2024/CVE-2024-28397.md | 15 ++ 2024/CVE-2024-28401.md | 1 + 2024/CVE-2024-28402.md | 1 + 2024/CVE-2024-28403.md | 1 + 2024/CVE-2024-28404.md | 1 + 2024/CVE-2024-28418.md | 2 +- 2024/CVE-2024-28442.md | 3 +- 2024/CVE-2024-2850.md | 1 + 2024/CVE-2024-2851.md | 1 + 2024/CVE-2024-28519.md | 2 +- 2024/CVE-2024-2853.md | 1 + 2024/CVE-2024-28535.md | 1 + 2024/CVE-2024-28537.md | 1 + 2024/CVE-2024-2854.md | 1 + 2024/CVE-2024-28545.md | 1 + 2024/CVE-2024-28547.md | 1 + 2024/CVE-2024-2855.md | 1 + 2024/CVE-2024-28550.md | 1 + 2024/CVE-2024-28551.md | 1 + 2024/CVE-2024-28553.md | 1 + 2024/CVE-2024-2856.md | 2 + 2024/CVE-2024-28623.md | 1 + 2024/CVE-2024-28677.md | 1 + 2024/CVE-2024-2869.md | 17 ++ 2024/CVE-2024-28726.md | 17 ++ 2024/CVE-2024-28728.md | 17 ++ 2024/CVE-2024-28729.md | 17 ++ 2024/CVE-2024-28730.md | 17 ++ 2024/CVE-2024-28731.md | 17 ++ 2024/CVE-2024-28752.md | 7 + 2024/CVE-2024-28756.md | 1 + 2024/CVE-2024-28757.md | 2 + 2024/CVE-2024-2876.md | 12 + 2024/CVE-2024-28762.md | 17 ++ 2024/CVE-2024-28784.md | 18 ++ 2024/CVE-2024-2879.md | 19 ++ 2024/CVE-2024-2883.md | 2 + 2024/CVE-2024-28834.md | 2 +- 2024/CVE-2024-28848.md | 17 ++ 2024/CVE-2024-28851.md | 1 + 2024/CVE-2024-28863.md | 3 + 2024/CVE-2024-2887.md | 11 + 2024/CVE-2024-28885.md | 18 ++ 2024/CVE-2024-28888.md | 17 ++ 2024/CVE-2024-28894.md | 20 ++ 2024/CVE-2024-2891.md | 1 + 2024/CVE-2024-28953.md | 18 ++ 2024/CVE-2024-28955.md | 18 ++ 2024/CVE-2024-28957.md | 25 ++ 2024/CVE-2024-28981.md | 17 ++ 2024/CVE-2024-28982.md | 17 ++ 2024/CVE-2024-28983.md | 17 ++ 2024/CVE-2024-28984.md | 17 ++ 2024/CVE-2024-28986.md | 2 + 2024/CVE-2024-28987.md | 21 ++ 2024/CVE-2024-2899.md | 1 + 2024/CVE-2024-28995.md | 31 +++ 2024/CVE-2024-2900.md | 1 + 2024/CVE-2024-2901.md | 1 + 2024/CVE-2024-29014.md | 17 ++ 2024/CVE-2024-2902.md | 1 + 2024/CVE-2024-29025.md | 1 + 2024/CVE-2024-29028.md | 2 +- 2024/CVE-2024-29029.md | 2 +- 2024/CVE-2024-2903.md | 1 + 2024/CVE-2024-29030.md | 2 +- 2024/CVE-2024-29041.md | 6 + 2024/CVE-2024-2905.md | 1 + 2024/CVE-2024-29050.md | 55 +++++ 2024/CVE-2024-29059.md | 4 + 2024/CVE-2024-29075.md | 17 ++ 2024/CVE-2024-2910.md | 17 ++ 2024/CVE-2024-29102.md | 1 + 2024/CVE-2024-29131.md | 1 + 2024/CVE-2024-29133.md | 1 + 2024/CVE-2024-29146.md | 18 ++ 2024/CVE-2024-29155.md | 17 ++ 2024/CVE-2024-2918.md | 17 ++ 2024/CVE-2024-29180.md | 1 + 2024/CVE-2024-29197.md | 1 + 2024/CVE-2024-29201.md | 19 ++ 2024/CVE-2024-29202.md | 19 ++ 2024/CVE-2024-29209.md | 2 +- 2024/CVE-2024-2921.md | 2 +- 2024/CVE-2024-29210.md | 2 +- 2024/CVE-2024-29241.md | 1 + 2024/CVE-2024-29269.md | 23 ++ 2024/CVE-2024-2928.md | 19 ++ 2024/CVE-2024-29291.md | 1 + 2024/CVE-2024-29292.md | 17 ++ 2024/CVE-2024-2935.md | 2 +- 2024/CVE-2024-29376.md | 17 ++ 2024/CVE-2024-29404.md | 17 ++ 2024/CVE-2024-29409.md | 17 ++ 2024/CVE-2024-29415.md | 5 + 2024/CVE-2024-29419.md | 1 + 2024/CVE-2024-29506.md | 1 + 2024/CVE-2024-29507.md | 1 + 2024/CVE-2024-29508.md | 1 + 2024/CVE-2024-29509.md | 1 + 2024/CVE-2024-29510.md | 2 + 2024/CVE-2024-29511.md | 1 + 2024/CVE-2024-2961.md | 21 ++ 2024/CVE-2024-29643.md | 17 ++ 2024/CVE-2024-29671.md | 18 ++ 2024/CVE-2024-2980.md | 1 + 2024/CVE-2024-2981.md | 1 + 2024/CVE-2024-2982.md | 1 + 2024/CVE-2024-29824.md | 29 +++ 2024/CVE-2024-2983.md | 1 + 2024/CVE-2024-2984.md | 1 + 2024/CVE-2024-29844.md | 2 +- 2024/CVE-2024-29847.md | 19 ++ 2024/CVE-2024-2985.md | 1 + 2024/CVE-2024-29857.md | 2 + 2024/CVE-2024-29863.md | 2 + 2024/CVE-2024-29865.md | 2 +- 2024/CVE-2024-29868.md | 1 + 2024/CVE-2024-29881.md | 2 + 2024/CVE-2024-29889.md | 3 + 2024/CVE-2024-29943.md | 1 + 2024/CVE-2024-2995.md | 1 + 2024/CVE-2024-2997.md | 2 + 2024/CVE-2024-29972.md | 2 + 2024/CVE-2024-29973.md | 21 ++ 2024/CVE-2024-29974.md | 1 + 2024/CVE-2024-29975.md | 1 + 2024/CVE-2024-29976.md | 1 + 2024/CVE-2024-29978.md | 18 ++ 2024/CVE-2024-2998.md | 2 +- 2024/CVE-2024-29988.md | 2 + 2024/CVE-2024-29994.md | 34 +++ 2024/CVE-2024-29995.md | 45 ++++ 2024/CVE-2024-29996.md | 1 + 2024/CVE-2024-29997.md | 34 +++ 2024/CVE-2024-29998.md | 34 +++ 2024/CVE-2024-29999.md | 34 +++ 2024/CVE-2024-30000.md | 34 +++ 2024/CVE-2024-30001.md | 34 +++ 2024/CVE-2024-30002.md | 34 +++ 2024/CVE-2024-30003.md | 34 +++ 2024/CVE-2024-30004.md | 34 +++ 2024/CVE-2024-30005.md | 34 +++ 2024/CVE-2024-30012.md | 34 +++ 2024/CVE-2024-30021.md | 34 +++ 2024/CVE-2024-30025.md | 1 + 2024/CVE-2024-30037.md | 1 + 2024/CVE-2024-30040.md | 1 + 2024/CVE-2024-30043.md | 1 + 2024/CVE-2024-30051.md | 5 + 2024/CVE-2024-30052.md | 28 +++ 2024/CVE-2024-30078.md | 9 + 2024/CVE-2024-30084.md | 1 + 2024/CVE-2024-30085.md | 4 + 2024/CVE-2024-30088.md | 19 ++ 2024/CVE-2024-30090.md | 58 +++++ 2024/CVE-2024-30105.md | 28 +++ 2024/CVE-2024-3011.md | 1 + 2024/CVE-2024-3012.md | 1 + 2024/CVE-2024-30126.md | 17 ++ 2024/CVE-2024-3013.md | 1 + 2024/CVE-2024-30171.md | 1 + 2024/CVE-2024-30172.md | 2 + 2024/CVE-2024-30176.md | 17 ++ 2024/CVE-2024-30240.md | 1 + 2024/CVE-2024-30269.md | 12 + 2024/CVE-2024-30270.md | 2 + 2024/CVE-2024-30370.md | 17 ++ 2024/CVE-2024-3044.md | 17 ++ 2024/CVE-2024-30485.md | 18 ++ 2024/CVE-2024-30491.md | 1 + 2024/CVE-2024-3050.md | 1 + 2024/CVE-2024-30545.md | 17 ++ 2024/CVE-2024-30553.md | 17 ++ 2024/CVE-2024-30554.md | 17 ++ 2024/CVE-2024-30583.md | 1 + 2024/CVE-2024-30584.md | 1 + 2024/CVE-2024-30585.md | 1 + 2024/CVE-2024-30586.md | 1 + 2024/CVE-2024-30587.md | 1 + 2024/CVE-2024-30588.md | 1 + 2024/CVE-2024-30589.md | 1 + 2024/CVE-2024-30590.md | 1 + 2024/CVE-2024-30591.md | 1 + 2024/CVE-2024-30592.md | 1 + 2024/CVE-2024-30593.md | 1 + 2024/CVE-2024-30594.md | 1 + 2024/CVE-2024-30595.md | 1 + 2024/CVE-2024-30596.md | 1 + 2024/CVE-2024-30597.md | 1 + 2024/CVE-2024-30598.md | 1 + 2024/CVE-2024-30599.md | 1 + 2024/CVE-2024-30600.md | 1 + 2024/CVE-2024-30601.md | 1 + 2024/CVE-2024-30602.md | 1 + 2024/CVE-2024-30603.md | 1 + 2024/CVE-2024-30604.md | 1 + 2024/CVE-2024-30606.md | 1 + 2024/CVE-2024-30607.md | 1 + 2024/CVE-2024-30612.md | 1 + 2024/CVE-2024-30613.md | 1 + 2024/CVE-2024-3062.md | 17 ++ 2024/CVE-2024-30622.md | 1 + 2024/CVE-2024-30623.md | 1 + 2024/CVE-2024-30624.md | 1 + 2024/CVE-2024-30625.md | 1 + 2024/CVE-2024-30626.md | 1 + 2024/CVE-2024-30627.md | 1 + 2024/CVE-2024-30628.md | 1 + 2024/CVE-2024-30629.md | 1 + 2024/CVE-2024-30630.md | 1 + 2024/CVE-2024-30631.md | 1 + 2024/CVE-2024-30632.md | 1 + 2024/CVE-2024-30633.md | 1 + 2024/CVE-2024-30634.md | 1 + 2024/CVE-2024-30635.md | 1 + 2024/CVE-2024-30636.md | 1 + 2024/CVE-2024-30637.md | 1 + 2024/CVE-2024-30638.md | 1 + 2024/CVE-2024-30639.md | 1 + 2024/CVE-2024-30645.md | 1 + 2024/CVE-2024-3077.md | 18 ++ 2024/CVE-2024-30801.md | 18 ++ 2024/CVE-2024-30802.md | 3 +- 2024/CVE-2024-30804.md | 2 + 2024/CVE-2024-30840.md | 1 + 2024/CVE-2024-30848.md | 2 +- 2024/CVE-2024-30875.md | 18 ++ 2024/CVE-2024-30896.md | 18 ++ 2024/CVE-2024-30939.md | 1 + 2024/CVE-2024-3094.md | 36 +++ 2024/CVE-2024-30961.md | 17 ++ 2024/CVE-2024-30963.md | 17 ++ 2024/CVE-2024-30964.md | 17 ++ 2024/CVE-2024-30979.md | 1 + 2024/CVE-2024-30980.md | 1 + 2024/CVE-2024-30981.md | 1 + 2024/CVE-2024-30985.md | 1 + 2024/CVE-2024-30986.md | 1 + 2024/CVE-2024-30987.md | 1 + 2024/CVE-2024-30988.md | 1 + 2024/CVE-2024-30989.md | 1 + 2024/CVE-2024-30990.md | 1 + 2024/CVE-2024-31007.md | 17 ++ 2024/CVE-2024-3105.md | 1 + 2024/CVE-2024-31061.md | 2 +- 2024/CVE-2024-31062.md | 2 +- 2024/CVE-2024-31063.md | 2 +- 2024/CVE-2024-31064.md | 2 +- 2024/CVE-2024-31065.md | 2 +- 2024/CVE-2024-31074.md | 18 ++ 2024/CVE-2024-31079.md | 19 ++ 2024/CVE-2024-31114.md | 18 ++ 2024/CVE-2024-31141.md | 19 ++ 2024/CVE-2024-31152.md | 17 ++ 2024/CVE-2024-31204.md | 19 ++ 2024/CVE-2024-31207.md | 1 + 2024/CVE-2024-3121.md | 18 ++ 2024/CVE-2024-31211.md | 2 + 2024/CVE-2024-31228.md | 17 ++ 2024/CVE-2024-31317.md | 30 +++ 2024/CVE-2024-31319.md | 1 + 2024/CVE-2024-31320.md | 18 ++ 2024/CVE-2024-31333.md | 17 ++ 2024/CVE-2024-31337.md | 17 ++ 2024/CVE-2024-31344.md | 17 ++ 2024/CVE-2024-3137.md | 17 ++ 2024/CVE-2024-31370.md | 17 ++ 2024/CVE-2024-31387.md | 17 ++ 2024/CVE-2024-31392.md | 17 ++ 2024/CVE-2024-31420.md | 2 - 2024/CVE-2024-31448.md | 17 ++ 2024/CVE-2024-31449.md | 22 ++ 2024/CVE-2024-31459.md | 3 +- 2024/CVE-2024-31497.md | 4 + 2024/CVE-2024-31502.md | 2 +- 2024/CVE-2024-3154.md | 2 + 2024/CVE-2024-3156.md | 2 + 2024/CVE-2024-3157.md | 2 + 2024/CVE-2024-31580.md | 17 ++ 2024/CVE-2024-31585.md | 17 ++ 2024/CVE-2024-3159.md | 2 + 2024/CVE-2024-3163.md | 17 ++ 2024/CVE-2024-31666.md | 1 + 2024/CVE-2024-31695.md | 17 ++ 2024/CVE-2024-31744.md | 3 +- 2024/CVE-2024-31745.md | 2 + 2024/CVE-2024-31747.md | 1 + 2024/CVE-2024-31750.md | 18 ++ 2024/CVE-2024-3177.md | 19 ++ 2024/CVE-2024-31771.md | 1 + 2024/CVE-2024-31805.md | 17 ++ 2024/CVE-2024-31806.md | 17 ++ 2024/CVE-2024-31807.md | 17 ++ 2024/CVE-2024-31808.md | 17 ++ 2024/CVE-2024-31809.md | 17 ++ 2024/CVE-2024-31810.md | 17 ++ 2024/CVE-2024-31811.md | 17 ++ 2024/CVE-2024-31812.md | 17 ++ 2024/CVE-2024-31813.md | 17 ++ 2024/CVE-2024-31814.md | 17 ++ 2024/CVE-2024-31815.md | 17 ++ 2024/CVE-2024-31816.md | 17 ++ 2024/CVE-2024-31817.md | 17 ++ 2024/CVE-2024-31819.md | 3 + 2024/CVE-2024-3183.md | 2 + 2024/CVE-2024-31835.md | 17 ++ 2024/CVE-2024-31868.md | 2 +- 2024/CVE-2024-31903.md | 18 ++ 2024/CVE-2024-31952.md | 17 ++ 2024/CVE-2024-31953.md | 17 ++ 2024/CVE-2024-31964.md | 2 + 2024/CVE-2024-31970.md | 2 +- 2024/CVE-2024-31971.md | 2 +- 2024/CVE-2024-31972.md | 17 ++ 2024/CVE-2024-31973.md | 17 ++ 2024/CVE-2024-31975.md | 17 ++ 2024/CVE-2024-31976.md | 17 ++ 2024/CVE-2024-31977.md | 3 +- 2024/CVE-2024-31982.md | 11 + 2024/CVE-2024-31989.md | 1 + 2024/CVE-2024-31998.md | 17 ++ 2024/CVE-2024-3200.md | 17 ++ 2024/CVE-2024-32002.md | 75 ++++++ 2024/CVE-2024-32004.md | 7 + 2024/CVE-2024-32019.md | 11 +- 2024/CVE-2024-32020.md | 5 + 2024/CVE-2024-32021.md | 5 + 2024/CVE-2024-32022.md | 5 + 2024/CVE-2024-32025.md | 6 +- 2024/CVE-2024-32026.md | 6 +- 2024/CVE-2024-32027.md | 6 +- 2024/CVE-2024-32030.md | 1 + 2024/CVE-2024-32083.md | 17 ++ 2024/CVE-2024-32104.md | 1 + 2024/CVE-2024-32113.md | 4 + 2024/CVE-2024-32136.md | 1 + 2024/CVE-2024-32151.md | 18 ++ 2024/CVE-2024-3219.md | 4 +- 2024/CVE-2024-32258.md | 1 + 2024/CVE-2024-32281.md | 1 + 2024/CVE-2024-32282.md | 1 + 2024/CVE-2024-32283.md | 1 + 2024/CVE-2024-32285.md | 1 + 2024/CVE-2024-32286.md | 1 + 2024/CVE-2024-32287.md | 1 + 2024/CVE-2024-32288.md | 1 + 2024/CVE-2024-32290.md | 1 + 2024/CVE-2024-32292.md | 1 + 2024/CVE-2024-32293.md | 1 + 2024/CVE-2024-32299.md | 1 + 2024/CVE-2024-32301.md | 1 + 2024/CVE-2024-32302.md | 1 + 2024/CVE-2024-32303.md | 1 + 2024/CVE-2024-32305.md | 1 + 2024/CVE-2024-32306.md | 1 + 2024/CVE-2024-32307.md | 1 + 2024/CVE-2024-32310.md | 1 + 2024/CVE-2024-32311.md | 1 + 2024/CVE-2024-32312.md | 1 + 2024/CVE-2024-32313.md | 1 + 2024/CVE-2024-32314.md | 1 + 2024/CVE-2024-32315.md | 1 + 2024/CVE-2024-32316.md | 1 + 2024/CVE-2024-32317.md | 1 + 2024/CVE-2024-32318.md | 1 + 2024/CVE-2024-32320.md | 1 + 2024/CVE-2024-32325.md | 17 ++ 2024/CVE-2024-32326.md | 17 ++ 2024/CVE-2024-32332.md | 17 ++ 2024/CVE-2024-32333.md | 17 ++ 2024/CVE-2024-32334.md | 17 ++ 2024/CVE-2024-32335.md | 17 ++ 2024/CVE-2024-32428.md | 17 ++ 2024/CVE-2024-3246.md | 1 + 2024/CVE-2024-32462.md | 17 ++ 2024/CVE-2024-32465.md | 6 + 2024/CVE-2024-32468.md | 17 ++ 2024/CVE-2024-3248.md | 3 +- 2024/CVE-2024-3250.md | 1 + 2024/CVE-2024-32523.md | 2 + 2024/CVE-2024-32591.md | 17 ++ 2024/CVE-2024-32635.md | 22 ++ 2024/CVE-2024-32637.md | 22 ++ 2024/CVE-2024-32651.md | 5 + 2024/CVE-2024-32700.md | 1 + 2024/CVE-2024-32709.md | 17 ++ 2024/CVE-2024-3272.md | 17 ++ 2024/CVE-2024-3273.md | 20 ++ 2024/CVE-2024-32735.md | 2 +- 2024/CVE-2024-32736.md | 2 +- 2024/CVE-2024-32737.md | 2 +- 2024/CVE-2024-32738.md | 3 +- 2024/CVE-2024-32739.md | 2 +- 2024/CVE-2024-32752.md | 10 +- 2024/CVE-2024-32830.md | 19 ++ 2024/CVE-2024-32896.md | 17 ++ 2024/CVE-2024-32911.md | 17 ++ 2024/CVE-2024-3293.md | 1 + 2024/CVE-2024-32958.md | 1 + 2024/CVE-2024-3296.md | 3 - 2024/CVE-2024-32962.md | 3 +- 2024/CVE-2024-33060.md | 17 ++ 2024/CVE-2024-33111.md | 1 + 2024/CVE-2024-33113.md | 2 + 2024/CVE-2024-3313.md | 1 + 2024/CVE-2024-33180.md | 17 ++ 2024/CVE-2024-33209.md | 17 ++ 2024/CVE-2024-33210.md | 17 ++ 2024/CVE-2024-33218.md | 2 + 2024/CVE-2024-33219.md | 17 ++ 2024/CVE-2024-33231.md | 17 ++ 2024/CVE-2024-33297.md | 17 ++ 2024/CVE-2024-33298.md | 17 ++ 2024/CVE-2024-33299.md | 17 ++ 2024/CVE-2024-3332.md | 17 ++ 2024/CVE-2024-3333.md | 2 + 2024/CVE-2024-33365.md | 1 + 2024/CVE-2024-33371.md | 17 ++ 2024/CVE-2024-33401.md | 17 ++ 2024/CVE-2024-33433.md | 17 ++ 2024/CVE-2024-3344.md | 17 ++ 2024/CVE-2024-3345.md | 18 ++ 2024/CVE-2024-33452.md | 17 ++ 2024/CVE-2024-33453.md | 17 ++ 2024/CVE-2024-33510.md | 18 ++ 2024/CVE-2024-33599.md | 2 + 2024/CVE-2024-33600.md | 1 + 2024/CVE-2024-33601.md | 1 + 2024/CVE-2024-33602.md | 1 + 2024/CVE-2024-33605.md | 18 ++ 2024/CVE-2024-33610.md | 18 ++ 2024/CVE-2024-33616.md | 18 ++ 2024/CVE-2024-33617.md | 18 ++ 2024/CVE-2024-33644.md | 1 + 2024/CVE-2024-33663.md | 18 ++ 2024/CVE-2024-33664.md | 4 +- 2024/CVE-2024-33665.md | 17 ++ 2024/CVE-2024-33699.md | 17 ++ 2024/CVE-2024-33700.md | 17 ++ 2024/CVE-2024-33752.md | 17 ++ 2024/CVE-2024-3381.md | 1 + 2024/CVE-2024-3382.md | 1 + 2024/CVE-2024-33856.md | 3 +- 2024/CVE-2024-33857.md | 3 +- 2024/CVE-2024-33858.md | 2 +- 2024/CVE-2024-33859.md | 2 +- 2024/CVE-2024-33860.md | 2 +- 2024/CVE-2024-33871.md | 17 ++ 2024/CVE-2024-33883.md | 2 + 2024/CVE-2024-33898.md | 17 ++ 2024/CVE-2024-33899.md | 2 +- 2024/CVE-2024-33901.md | 2 +- 2024/CVE-2024-33905.md | 1 + 2024/CVE-2024-33911.md | 1 + 2024/CVE-2024-3393.md | 20 ++ 2024/CVE-2024-33943.md | 17 ++ 2024/CVE-2024-33996.md | 17 ++ 2024/CVE-2024-33997.md | 17 ++ 2024/CVE-2024-33998.md | 17 ++ 2024/CVE-2024-33999.md | 17 ++ 2024/CVE-2024-3400.md | 48 ++++ 2024/CVE-2024-34000.md | 17 ++ 2024/CVE-2024-34001.md | 17 ++ 2024/CVE-2024-34002.md | 1 + 2024/CVE-2024-34003.md | 1 + 2024/CVE-2024-34004.md | 1 + 2024/CVE-2024-34005.md | 1 + 2024/CVE-2024-34006.md | 17 ++ 2024/CVE-2024-34007.md | 17 ++ 2024/CVE-2024-34008.md | 17 ++ 2024/CVE-2024-34009.md | 17 ++ 2024/CVE-2024-34012.md | 17 ++ 2024/CVE-2024-34064.md | 4 + 2024/CVE-2024-34069.md | 1 + 2024/CVE-2024-3408.md | 17 ++ 2024/CVE-2024-34102.md | 37 +++ 2024/CVE-2024-34144.md | 1 + 2024/CVE-2024-34155.md | 19 ++ 2024/CVE-2024-34156.md | 21 ++ 2024/CVE-2024-34158.md | 20 ++ 2024/CVE-2024-34162.md | 18 ++ 2024/CVE-2024-34193.md | 17 ++ 2024/CVE-2024-34195.md | 17 ++ 2024/CVE-2024-34198.md | 17 ++ 2024/CVE-2024-34235.md | 17 ++ 2024/CVE-2024-34257.md | 1 + 2024/CVE-2024-34273.md | 1 + 2024/CVE-2024-34312.md | 2 + 2024/CVE-2024-34313.md | 1 + 2024/CVE-2024-34329.md | 3 +- 2024/CVE-2024-34331.md | 17 ++ 2024/CVE-2024-34343.md | 17 ++ 2024/CVE-2024-34350.md | 1 + 2024/CVE-2024-34351.md | 8 + 2024/CVE-2024-34359.md | 2 +- 2024/CVE-2024-34361.md | 1 + 2024/CVE-2024-34370.md | 19 ++ 2024/CVE-2024-34391.md | 4 +- 2024/CVE-2024-34392.md | 2 +- 2024/CVE-2024-34393.md | 4 +- 2024/CVE-2024-34394.md | 4 +- 2024/CVE-2024-34402.md | 17 ++ 2024/CVE-2024-34405.md | 17 ++ 2024/CVE-2024-34406.md | 17 ++ 2024/CVE-2024-34423.md | 17 ++ 2024/CVE-2024-34426.md | 17 ++ 2024/CVE-2024-3444.md | 1 + 2024/CVE-2024-34443.md | 17 ++ 2024/CVE-2024-34444.md | 18 ++ 2024/CVE-2024-34447.md | 1 + 2024/CVE-2024-34459.md | 1 + 2024/CVE-2024-34463.md | 18 ++ 2024/CVE-2024-34470.md | 18 ++ 2024/CVE-2024-34474.md | 1 + 2024/CVE-2024-3448.md | 1 + 2024/CVE-2024-34519.md | 17 ++ 2024/CVE-2024-34693.md | 2 + 2024/CVE-2024-34716.md | 6 + 2024/CVE-2024-34719.md | 17 ++ 2024/CVE-2024-34739.md | 17 ++ 2024/CVE-2024-34741.md | 17 ++ 2024/CVE-2024-34750.md | 18 ++ 2024/CVE-2024-34790.md | 17 ++ 2024/CVE-2024-34797.md | 17 ++ 2024/CVE-2024-34831.md | 17 ++ 2024/CVE-2024-34882.md | 17 ++ 2024/CVE-2024-34883.md | 17 ++ 2024/CVE-2024-34885.md | 17 ++ 2024/CVE-2024-34887.md | 17 ++ 2024/CVE-2024-34891.md | 17 ++ 2024/CVE-2024-34897.md | 17 ++ 2024/CVE-2024-34899.md | 2 +- 2024/CVE-2024-3495.md | 24 ++ 2024/CVE-2024-34959.md | 17 ++ 2024/CVE-2024-3498.md | 17 ++ 2024/CVE-2024-34990.md | 17 ++ 2024/CVE-2024-35056.md | 17 ++ 2024/CVE-2024-35057.md | 1 + 2024/CVE-2024-35058.md | 17 ++ 2024/CVE-2024-35059.md | 17 ++ 2024/CVE-2024-35060.md | 17 ++ 2024/CVE-2024-35061.md | 17 ++ 2024/CVE-2024-35106.md | 17 ++ 2024/CVE-2024-35133.md | 18 ++ 2024/CVE-2024-3516.md | 2 + 2024/CVE-2024-35161.md | 17 ++ 2024/CVE-2024-35176.md | 1 + 2024/CVE-2024-35177.md | 17 ++ 2024/CVE-2024-35195.md | 9 + 2024/CVE-2024-35198.md | 17 ++ 2024/CVE-2024-35200.md | 19 ++ 2024/CVE-2024-35205.md | 3 + 2024/CVE-2024-35230.md | 17 ++ 2024/CVE-2024-35242.md | 1 + 2024/CVE-2024-35244.md | 18 ++ 2024/CVE-2024-35250.md | 14 ++ 2024/CVE-2024-35255.md | 1 + 2024/CVE-2024-35260.md | 2 +- 2024/CVE-2024-35264.md | 25 ++ 2024/CVE-2024-35286.md | 18 ++ 2024/CVE-2024-35287.md | 17 ++ 2024/CVE-2024-35288.md | 17 ++ 2024/CVE-2024-35293.md | 17 ++ 2024/CVE-2024-35311.md | 17 ++ 2024/CVE-2024-35315.md | 18 ++ 2024/CVE-2024-35325.md | 2 +- 2024/CVE-2024-35410.md | 17 ++ 2024/CVE-2024-35423.md | 17 ++ 2024/CVE-2024-35431.md | 2 +- 2024/CVE-2024-35498.md | 18 ++ 2024/CVE-2024-35515.md | 17 ++ 2024/CVE-2024-35517.md | 17 ++ 2024/CVE-2024-35518.md | 17 ++ 2024/CVE-2024-35519.md | 18 ++ 2024/CVE-2024-3552.md | 21 ++ 2024/CVE-2024-35520.md | 17 ++ 2024/CVE-2024-35522.md | 17 ++ 2024/CVE-2024-35538.md | 1 + 2024/CVE-2024-35539.md | 2 +- 2024/CVE-2024-35540.md | 2 +- 2024/CVE-2024-35584.md | 17 ++ 2024/CVE-2024-35621.md | 17 ++ 2024/CVE-2024-35639.md | 17 ++ 2024/CVE-2024-35640.md | 17 ++ 2024/CVE-2024-35642.md | 17 ++ 2024/CVE-2024-3568.md | 5 + 2024/CVE-2024-35681.md | 17 ++ 2024/CVE-2024-3572.md | 17 ++ 2024/CVE-2024-3574.md | 17 ++ 2024/CVE-2024-35752.md | 1 + 2024/CVE-2024-35756.md | 17 ++ 2024/CVE-2024-3579.md | 1 + 2024/CVE-2024-35866.md | 17 ++ 2024/CVE-2024-35869.md | 17 ++ 2024/CVE-2024-35880.md | 17 ++ 2024/CVE-2024-35887.md | 17 ++ 2024/CVE-2024-35929.md | 17 ++ 2024/CVE-2024-35933.md | 17 ++ 2024/CVE-2024-35948.md | 17 ++ 2024/CVE-2024-35949.md | 17 ++ 2024/CVE-2024-3596.md | 3 + 2024/CVE-2024-36006.md | 17 ++ 2024/CVE-2024-36013.md | 18 ++ 2024/CVE-2024-36016.md | 17 ++ 2024/CVE-2024-36034.md | 17 ++ 2024/CVE-2024-36035.md | 17 ++ 2024/CVE-2024-36036.md | 3 + 2024/CVE-2024-36037.md | 3 + 2024/CVE-2024-36039.md | 17 ++ 2024/CVE-2024-36042.md | 21 ++ 2024/CVE-2024-3605.md | 17 ++ 2024/CVE-2024-36052.md | 2 +- 2024/CVE-2024-36060.md | 17 ++ 2024/CVE-2024-36061.md | 17 ++ 2024/CVE-2024-36062.md | 17 ++ 2024/CVE-2024-36063.md | 17 ++ 2024/CVE-2024-36064.md | 17 ++ 2024/CVE-2024-36066.md | 17 ++ 2024/CVE-2024-36104.md | 21 ++ 2024/CVE-2024-36111.md | 17 ++ 2024/CVE-2024-36137.md | 17 ++ 2024/CVE-2024-36138.md | 17 ++ 2024/CVE-2024-36248.md | 18 ++ 2024/CVE-2024-36251.md | 18 ++ 2024/CVE-2024-3635.md | 17 ++ 2024/CVE-2024-36383.md | 17 ++ 2024/CVE-2024-3640.md | 2 + 2024/CVE-2024-36401.md | 56 ++++- 2024/CVE-2024-36404.md | 3 +- 2024/CVE-2024-36412.md | 17 ++ 2024/CVE-2024-36416.md | 1 + 2024/CVE-2024-36424.md | 1 + 2024/CVE-2024-36426.md | 3 +- 2024/CVE-2024-36427.md | 17 ++ 2024/CVE-2024-36428.md | 17 ++ 2024/CVE-2024-36437.md | 17 ++ 2024/CVE-2024-36465.md | 17 ++ 2024/CVE-2024-36467.md | 18 ++ 2024/CVE-2024-36469.md | 17 ++ 2024/CVE-2024-36474.md | 17 ++ 2024/CVE-2024-36476.md | 17 ++ 2024/CVE-2024-36494.md | 17 ++ 2024/CVE-2024-36495.md | 2 +- 2024/CVE-2024-36498.md | 17 ++ 2024/CVE-2024-3651.md | 18 ++ 2024/CVE-2024-36510.md | 19 ++ 2024/CVE-2024-36514.md | 1 + 2024/CVE-2024-36515.md | 1 + 2024/CVE-2024-36516.md | 1 + 2024/CVE-2024-36517.md | 1 + 2024/CVE-2024-36518.md | 17 ++ 2024/CVE-2024-36526.md | 2 +- 2024/CVE-2024-36535.md | 2 +- 2024/CVE-2024-36539.md | 2 + 2024/CVE-2024-36540.md | 2 +- 2024/CVE-2024-3656.md | 20 ++ 2024/CVE-2024-3657.md | 3 + 2024/CVE-2024-36587.md | 2 + 2024/CVE-2024-36597.md | 19 ++ 2024/CVE-2024-36598.md | 3 + 2024/CVE-2024-36599.md | 19 ++ 2024/CVE-2024-3660.md | 5 +- 2024/CVE-2024-3661.md | 2 + 2024/CVE-2024-36623.md | 17 ++ 2024/CVE-2024-36694.md | 17 ++ 2024/CVE-2024-36728.md | 17 ++ 2024/CVE-2024-36729.md | 17 ++ 2024/CVE-2024-3673.md | 4 +- 2024/CVE-2024-36814.md | 17 ++ 2024/CVE-2024-36821.md | 1 + 2024/CVE-2024-36823.md | 17 ++ 2024/CVE-2024-36837.md | 1 + 2024/CVE-2024-36840.md | 1 + 2024/CVE-2024-36842.md | 20 ++ 2024/CVE-2024-36877.md | 3 + 2024/CVE-2024-36886.md | 3 +- 2024/CVE-2024-36899.md | 17 ++ 2024/CVE-2024-3690.md | 1 + 2024/CVE-2024-36904.md | 18 ++ 2024/CVE-2024-36908.md | 17 ++ 2024/CVE-2024-36913.md | 17 ++ 2024/CVE-2024-36971.md | 1 + 2024/CVE-2024-36974.md | 17 ++ 2024/CVE-2024-36978.md | 17 ++ 2024/CVE-2024-36991.md | 23 ++ 2024/CVE-2024-37032.md | 16 ++ 2024/CVE-2024-37051.md | 1 + 2024/CVE-2024-37052.md | 18 ++ 2024/CVE-2024-37054.md | 18 ++ 2024/CVE-2024-37060.md | 17 ++ 2024/CVE-2024-37079.md | 2 + 2024/CVE-2024-37080.md | 2 + 2024/CVE-2024-37081.md | 4 + 2024/CVE-2024-37084.md | 8 + 2024/CVE-2024-37085.md | 3 + 2024/CVE-2024-37091.md | 3 +- 2024/CVE-2024-37147.md | 1 + 2024/CVE-2024-37148.md | 17 ++ 2024/CVE-2024-37149.md | 18 ++ 2024/CVE-2024-37168.md | 17 ++ 2024/CVE-2024-3721.md | 10 +- 2024/CVE-2024-3727.md | 13 +- 2024/CVE-2024-37285.md | 17 ++ 2024/CVE-2024-37287.md | 1 + 2024/CVE-2024-37288.md | 17 ++ 2024/CVE-2024-37301.md | 2 +- 2024/CVE-2024-37334.md | 27 +++ 2024/CVE-2024-37359.md | 19 ++ 2024/CVE-2024-37360.md | 19 ++ 2024/CVE-2024-37361.md | 19 ++ 2024/CVE-2024-37362.md | 19 ++ 2024/CVE-2024-37363.md | 19 ++ 2024/CVE-2024-37371.md | 17 ++ 2024/CVE-2024-37382.md | 2 +- 2024/CVE-2024-37383.md | 19 ++ 2024/CVE-2024-37393.md | 1 + 2024/CVE-2024-37397.md | 17 ++ 2024/CVE-2024-37404.md | 19 ++ 2024/CVE-2024-37437.md | 17 ++ 2024/CVE-2024-3745.md | 1 + 2024/CVE-2024-37450.md | 17 ++ 2024/CVE-2024-37523.md | 17 ++ 2024/CVE-2024-37536.md | 17 ++ 2024/CVE-2024-37549.md | 17 ++ 2024/CVE-2024-37558.md | 17 ++ 2024/CVE-2024-37569.md | 2 + 2024/CVE-2024-37570.md | 2 + 2024/CVE-2024-37573.md | 17 ++ 2024/CVE-2024-37574.md | 17 ++ 2024/CVE-2024-37575.md | 17 ++ 2024/CVE-2024-37600.md | 17 ++ 2024/CVE-2024-37601.md | 17 ++ 2024/CVE-2024-37602.md | 17 ++ 2024/CVE-2024-37603.md | 17 ++ 2024/CVE-2024-37606.md | 18 ++ 2024/CVE-2024-37654.md | 17 ++ 2024/CVE-2024-3767.md | 5 +- 2024/CVE-2024-37726.md | 2 + 2024/CVE-2024-37728.md | 18 ++ 2024/CVE-2024-3774.md | 5 +- 2024/CVE-2024-37742.md | 1 + 2024/CVE-2024-37759.md | 13 + 2024/CVE-2024-37762.md | 1 + 2024/CVE-2024-37763.md | 1 + 2024/CVE-2024-37764.md | 1 + 2024/CVE-2024-37765.md | 1 + 2024/CVE-2024-3777.md | 4 +- 2024/CVE-2024-37770.md | 1 + 2024/CVE-2024-37782.md | 18 ++ 2024/CVE-2024-37783.md | 18 ++ 2024/CVE-2024-37791.md | 1 + 2024/CVE-2024-37816.md | 17 ++ 2024/CVE-2024-37844.md | 17 ++ 2024/CVE-2024-37845.md | 17 ++ 2024/CVE-2024-37846.md | 17 ++ 2024/CVE-2024-37847.md | 17 ++ 2024/CVE-2024-37855.md | 2 +- 2024/CVE-2024-37862.md | 17 ++ 2024/CVE-2024-37868.md | 17 ++ 2024/CVE-2024-37869.md | 17 ++ 2024/CVE-2024-37888.md | 1 + 2024/CVE-2024-37890.md | 1 + 2024/CVE-2024-37891.md | 2 + 2024/CVE-2024-37902.md | 17 ++ 2024/CVE-2024-37921.md | 17 ++ 2024/CVE-2024-38014.md | 57 +++++ 2024/CVE-2024-38018.md | 21 ++ 2024/CVE-2024-38022.md | 46 ++++ 2024/CVE-2024-38023.md | 21 ++ 2024/CVE-2024-38024.md | 21 ++ 2024/CVE-2024-3803.md | 17 ++ 2024/CVE-2024-38036.md | 18 ++ 2024/CVE-2024-3804.md | 17 ++ 2024/CVE-2024-38041.md | 2 + 2024/CVE-2024-38054.md | 55 +++++ 2024/CVE-2024-3806.md | 2 + 2024/CVE-2024-38061.md | 50 ++++ 2024/CVE-2024-38063.md | 46 +++- 2024/CVE-2024-3807.md | 2 + 2024/CVE-2024-38077.md | 15 ++ 2024/CVE-2024-38080.md | 27 +++ 2024/CVE-2024-38081.md | 45 ++++ 2024/CVE-2024-38083.md | 19 ++ 2024/CVE-2024-38084.md | 18 ++ 2024/CVE-2024-38093.md | 17 ++ 2024/CVE-2024-38094.md | 21 ++ 2024/CVE-2024-38095.md | 32 +++ 2024/CVE-2024-38097.md | 17 ++ 2024/CVE-2024-38098.md | 17 ++ 2024/CVE-2024-38100.md | 3 + 2024/CVE-2024-38112.md | 3 + 2024/CVE-2024-38124.md | 39 +++ 2024/CVE-2024-38127.md | 1 + 2024/CVE-2024-38143.md | 1 + 2024/CVE-2024-38144.md | 57 +++++ 2024/CVE-2024-38164.md | 17 ++ 2024/CVE-2024-38193.md | 56 +++++ 2024/CVE-2024-38200.md | 23 ++ 2024/CVE-2024-38202.md | 13 +- 2024/CVE-2024-38213.md | 2 + 2024/CVE-2024-38227.md | 21 ++ 2024/CVE-2024-3825.md | 17 ++ 2024/CVE-2024-3826.md | 17 ++ 2024/CVE-2024-38271.md | 17 ++ 2024/CVE-2024-38272.md | 17 ++ 2024/CVE-2024-38285.md | 17 ++ 2024/CVE-2024-38286.md | 17 ++ 2024/CVE-2024-38289.md | 2 +- 2024/CVE-2024-38305.md | 18 ++ 2024/CVE-2024-3832.md | 2 + 2024/CVE-2024-3833.md | 1 + 2024/CVE-2024-3834.md | 1 + 2024/CVE-2024-38365.md | 17 ++ 2024/CVE-2024-38366.md | 1 + 2024/CVE-2024-38392.md | 17 ++ 2024/CVE-2024-38399.md | 18 ++ 2024/CVE-2024-38402.md | 17 ++ 2024/CVE-2024-38426.md | 17 ++ 2024/CVE-2024-38428.md | 19 ++ 2024/CVE-2024-38434.md | 17 ++ 2024/CVE-2024-38440.md | 17 ++ 2024/CVE-2024-38459.md | 19 ++ 2024/CVE-2024-38472.md | 9 +- 2024/CVE-2024-38473.md | 8 + 2024/CVE-2024-38474.md | 25 ++ 2024/CVE-2024-38475.md | 15 ++ 2024/CVE-2024-38476.md | 24 ++ 2024/CVE-2024-38477.md | 23 ++ 2024/CVE-2024-38510.md | 17 ++ 2024/CVE-2024-3852.md | 20 ++ 2024/CVE-2024-38526.md | 4 +- 2024/CVE-2024-38537.md | 1 + 2024/CVE-2024-3854.md | 1 + 2024/CVE-2024-38541.md | 18 ++ 2024/CVE-2024-3855.md | 1 + 2024/CVE-2024-3856.md | 17 ++ 2024/CVE-2024-3857.md | 1 + 2024/CVE-2024-38570.md | 18 ++ 2024/CVE-2024-38575.md | 17 ++ 2024/CVE-2024-3858.md | 1 + 2024/CVE-2024-3859.md | 20 ++ 2024/CVE-2024-38608.md | 17 ++ 2024/CVE-2024-38630.md | 17 ++ 2024/CVE-2024-38652.md | 1 + 2024/CVE-2024-38653.md | 2 + 2024/CVE-2024-38688.md | 8 +- 2024/CVE-2024-38689.md | 17 ++ 2024/CVE-2024-38724.md | 1 + 2024/CVE-2024-38738.md | 17 ++ 2024/CVE-2024-3874.md | 1 + 2024/CVE-2024-3875.md | 1 + 2024/CVE-2024-3876.md | 1 + 2024/CVE-2024-3877.md | 1 + 2024/CVE-2024-3878.md | 1 + 2024/CVE-2024-3879.md | 1 + 2024/CVE-2024-38793.md | 1 + 2024/CVE-2024-3880.md | 1 + 2024/CVE-2024-38807.md | 1 + 2024/CVE-2024-38809.md | 19 ++ 2024/CVE-2024-3881.md | 1 + 2024/CVE-2024-38812.md | 21 ++ 2024/CVE-2024-38813.md | 20 ++ 2024/CVE-2024-38816.md | 39 +++ 2024/CVE-2024-38819.md | 30 +++ 2024/CVE-2024-3882.md | 1 + 2024/CVE-2024-38820.md | 17 ++ 2024/CVE-2024-38821.md | 19 ++ 2024/CVE-2024-38827.md | 17 ++ 2024/CVE-2024-38828.md | 22 ++ 2024/CVE-2024-38829.md | 17 ++ 2024/CVE-2024-38830.md | 17 ++ 2024/CVE-2024-38831.md | 17 ++ 2024/CVE-2024-38856.md | 36 +++ 2024/CVE-2024-38871.md | 18 ++ 2024/CVE-2024-3899.md | 17 ++ 2024/CVE-2024-38998.md | 7 +- 2024/CVE-2024-38999.md | 2 +- 2024/CVE-2024-3900.md | 17 ++ 2024/CVE-2024-3901.md | 17 ++ 2024/CVE-2024-39027.md | 2 +- 2024/CVE-2024-39031.md | 1 + 2024/CVE-2024-3905.md | 1 + 2024/CVE-2024-3906.md | 1 + 2024/CVE-2024-39069.md | 1 + 2024/CVE-2024-3907.md | 1 + 2024/CVE-2024-3908.md | 1 + 2024/CVE-2024-39081.md | 18 ++ 2024/CVE-2024-3909.md | 1 + 2024/CVE-2024-39090.md | 1 + 2024/CVE-2024-39091.md | 2 +- 2024/CVE-2024-39094.md | 17 ++ 2024/CVE-2024-3910.md | 1 + 2024/CVE-2024-39119.md | 2 +- 2024/CVE-2024-39123.md | 3 +- 2024/CVE-2024-39178.md | 18 ++ 2024/CVE-2024-39205.md | 18 ++ 2024/CVE-2024-39210.md | 1 + 2024/CVE-2024-39211.md | 1 + 2024/CVE-2024-3922.md | 2 + 2024/CVE-2024-39220.md | 17 ++ 2024/CVE-2024-39248.md | 1 + 2024/CVE-2024-39250.md | 1 + 2024/CVE-2024-39282.md | 17 ++ 2024/CVE-2024-3930.md | 17 ++ 2024/CVE-2024-39304.md | 1 + 2024/CVE-2024-39306.md | 1 + 2024/CVE-2024-39321.md | 2 +- 2024/CVE-2024-39332.md | 17 ++ 2024/CVE-2024-39338.md | 19 ++ 2024/CVE-2024-39343.md | 17 ++ 2024/CVE-2024-39345.md | 3 +- 2024/CVE-2024-39406.md | 2 +- 2024/CVE-2024-39408.md | 2 +- 2024/CVE-2024-39409.md | 2 +- 2024/CVE-2024-39410.md | 2 +- 2024/CVE-2024-39412.md | 2 +- 2024/CVE-2024-39479.md | 18 ++ 2024/CVE-2024-39487.md | 17 ++ 2024/CVE-2024-39503.md | 17 ++ 2024/CVE-2024-39508.md | 18 ++ 2024/CVE-2024-39549.md | 2 +- 2024/CVE-2024-39573.md | 22 ++ 2024/CVE-2024-39610.md | 18 ++ 2024/CVE-2024-39614.md | 1 + 2024/CVE-2024-39639.md | 17 ++ 2024/CVE-2024-39640.md | 17 ++ 2024/CVE-2024-39650.md | 17 ++ 2024/CVE-2024-39654.md | 17 ++ 2024/CVE-2024-39664.md | 17 ++ 2024/CVE-2024-39689.md | 4 +- 2024/CVE-2024-39694.md | 7 + 2024/CVE-2024-39698.md | 17 ++ 2024/CVE-2024-39700.md | 1 + 2024/CVE-2024-39702.md | 17 ++ 2024/CVE-2024-39704.md | 17 ++ 2024/CVE-2024-39713.md | 17 ++ 2024/CVE-2024-39717.md | 3 + 2024/CVE-2024-39719.md | 22 ++ 2024/CVE-2024-39720.md | 18 ++ 2024/CVE-2024-39721.md | 17 ++ 2024/CVE-2024-39722.md | 22 ++ 2024/CVE-2024-39766.md | 18 ++ 2024/CVE-2024-39828.md | 2 +- 2024/CVE-2024-39838.md | 17 ++ 2024/CVE-2024-39844.md | 1 + 2024/CVE-2024-39877.md | 4 + 2024/CVE-2024-39884.md | 5 + 2024/CVE-2024-39890.md | 17 ++ 2024/CVE-2024-39894.md | 17 ++ 2024/CVE-2024-39904.md | 2 +- 2024/CVE-2024-39907.md | 3 +- 2024/CVE-2024-39908.md | 1 + 2024/CVE-2024-39911.md | 18 +- 2024/CVE-2024-39912.md | 2 +- 2024/CVE-2024-39914.md | 17 ++ 2024/CVE-2024-39917.md | 17 ++ 2024/CVE-2024-39922.md | 32 +++ 2024/CVE-2024-39924.md | 18 ++ 2024/CVE-2024-39925.md | 17 ++ 2024/CVE-2024-39929.md | 4 + 2024/CVE-2024-39930.md | 5 +- 2024/CVE-2024-39943.md | 24 ++ 2024/CVE-2024-3995.md | 17 ++ 2024/CVE-2024-3996.md | 17 ++ 2024/CVE-2024-4002.md | 17 ++ 2024/CVE-2024-4004.md | 17 ++ 2024/CVE-2024-40068.md | 17 ++ 2024/CVE-2024-40069.md | 17 ++ 2024/CVE-2024-40070.md | 17 ++ 2024/CVE-2024-40071.md | 17 ++ 2024/CVE-2024-40072.md | 17 ++ 2024/CVE-2024-40073.md | 17 ++ 2024/CVE-2024-40074.md | 17 ++ 2024/CVE-2024-40083.md | 17 ++ 2024/CVE-2024-40084.md | 17 ++ 2024/CVE-2024-40085.md | 17 ++ 2024/CVE-2024-40086.md | 17 ++ 2024/CVE-2024-40087.md | 17 ++ 2024/CVE-2024-40088.md | 17 ++ 2024/CVE-2024-40089.md | 17 ++ 2024/CVE-2024-40090.md | 17 ++ 2024/CVE-2024-40091.md | 17 ++ 2024/CVE-2024-40094.md | 17 ++ 2024/CVE-2024-40110.md | 5 + 2024/CVE-2024-40111.md | 18 ++ 2024/CVE-2024-40116.md | 2 +- 2024/CVE-2024-40117.md | 2 +- 2024/CVE-2024-40119.md | 1 + 2024/CVE-2024-40137.md | 2 +- 2024/CVE-2024-40239.md | 17 ++ 2024/CVE-2024-4024.md | 2 +- 2024/CVE-2024-40240.md | 17 ++ 2024/CVE-2024-4029.md | 7 +- 2024/CVE-2024-40318.md | 1 + 2024/CVE-2024-4032.md | 3 +- 2024/CVE-2024-40324.md | 1 + 2024/CVE-2024-40348.md | 18 ++ 2024/CVE-2024-4040.md | 30 +++ 2024/CVE-2024-40420.md | 4 +- 2024/CVE-2024-40422.md | 5 +- 2024/CVE-2024-40430.md | 4 +- 2024/CVE-2024-40431.md | 18 ++ 2024/CVE-2024-40432.md | 17 ++ 2024/CVE-2024-40433.md | 2 +- 2024/CVE-2024-40443.md | 17 ++ 2024/CVE-2024-40445.md | 19 ++ 2024/CVE-2024-40446.md | 19 ++ 2024/CVE-2024-40453.md | 20 ++ 2024/CVE-2024-40457.md | 17 ++ 2024/CVE-2024-40458.md | 17 ++ 2024/CVE-2024-40459.md | 17 ++ 2024/CVE-2024-40460.md | 17 ++ 2024/CVE-2024-40461.md | 17 ++ 2024/CVE-2024-40462.md | 17 ++ 2024/CVE-2024-40492.md | 1 + 2024/CVE-2024-40498.md | 1 + 2024/CVE-2024-40505.md | 2 +- 2024/CVE-2024-40506.md | 18 ++ 2024/CVE-2024-40507.md | 18 ++ 2024/CVE-2024-40508.md | 18 ++ 2024/CVE-2024-40509.md | 18 ++ 2024/CVE-2024-40510.md | 18 ++ 2024/CVE-2024-40511.md | 18 ++ 2024/CVE-2024-40512.md | 18 ++ 2024/CVE-2024-4058.md | 2 + 2024/CVE-2024-40586.md | 17 ++ 2024/CVE-2024-40617.md | 1 + 2024/CVE-2024-4062.md | 17 ++ 2024/CVE-2024-40635.md | 20 ++ 2024/CVE-2024-40638.md | 18 ++ 2024/CVE-2024-4064.md | 1 + 2024/CVE-2024-4065.md | 1 + 2024/CVE-2024-40656.md | 17 ++ 2024/CVE-2024-4066.md | 1 + 2024/CVE-2024-40662.md | 17 ++ 2024/CVE-2024-40676.md | 17 ++ 2024/CVE-2024-4068.md | 1 + 2024/CVE-2024-40711.md | 23 ++ 2024/CVE-2024-40725.md | 5 + 2024/CVE-2024-40797.md | 17 ++ 2024/CVE-2024-40801.md | 17 ++ 2024/CVE-2024-40815.md | 2 +- 2024/CVE-2024-40838.md | 17 ++ 2024/CVE-2024-40843.md | 17 ++ 2024/CVE-2024-40854.md | 19 ++ 2024/CVE-2024-4089.md | 17 ++ 2024/CVE-2024-40890.md | 17 ++ 2024/CVE-2024-40891.md | 17 ++ 2024/CVE-2024-40892.md | 1 + 2024/CVE-2024-40893.md | 2 +- 2024/CVE-2024-40898.md | 15 ++ 2024/CVE-2024-4091.md | 17 ++ 2024/CVE-2024-41003.md | 2 + 2024/CVE-2024-41009.md | 17 ++ 2024/CVE-2024-41010.md | 17 ++ 2024/CVE-2024-41013.md | 20 ++ 2024/CVE-2024-41014.md | 17 ++ 2024/CVE-2024-41015.md | 17 ++ 2024/CVE-2024-41016.md | 17 ++ 2024/CVE-2024-41017.md | 17 ++ 2024/CVE-2024-41018.md | 18 ++ 2024/CVE-2024-41019.md | 17 ++ 2024/CVE-2024-41061.md | 17 ++ 2024/CVE-2024-41071.md | 18 ++ 2024/CVE-2024-41096.md | 17 ++ 2024/CVE-2024-41107.md | 17 ++ 2024/CVE-2024-4111.md | 1 + 2024/CVE-2024-41110.md | 6 + 2024/CVE-2024-4112.md | 1 + 2024/CVE-2024-41121.md | 17 ++ 2024/CVE-2024-41124.md | 18 ++ 2024/CVE-2024-41128.md | 17 ++ 2024/CVE-2024-41129.md | 2 +- 2024/CVE-2024-4113.md | 1 + 2024/CVE-2024-4114.md | 1 + 2024/CVE-2024-4115.md | 1 + 2024/CVE-2024-4116.md | 1 + 2024/CVE-2024-4117.md | 1 + 2024/CVE-2024-4118.md | 1 + 2024/CVE-2024-4119.md | 1 + 2024/CVE-2024-41195.md | 17 ++ 2024/CVE-2024-41196.md | 17 ++ 2024/CVE-2024-41197.md | 17 ++ 2024/CVE-2024-41198.md | 17 ++ 2024/CVE-2024-41199.md | 17 ++ 2024/CVE-2024-4120.md | 1 + 2024/CVE-2024-41209.md | 17 ++ 2024/CVE-2024-4121.md | 1 + 2024/CVE-2024-41217.md | 17 ++ 2024/CVE-2024-4122.md | 1 + 2024/CVE-2024-41226.md | 4 +- 2024/CVE-2024-4123.md | 1 + 2024/CVE-2024-4124.md | 1 + 2024/CVE-2024-4125.md | 1 + 2024/CVE-2024-4126.md | 1 + 2024/CVE-2024-4127.md | 1 + 2024/CVE-2024-41270.md | 17 ++ 2024/CVE-2024-41276.md | 17 ++ 2024/CVE-2024-41290.md | 17 ++ 2024/CVE-2024-41319.md | 17 ++ 2024/CVE-2024-41344.md | 17 ++ 2024/CVE-2024-41345.md | 17 ++ 2024/CVE-2024-41346.md | 17 ++ 2024/CVE-2024-41347.md | 17 ++ 2024/CVE-2024-41348.md | 17 ++ 2024/CVE-2024-41349.md | 17 ++ 2024/CVE-2024-41350.md | 17 ++ 2024/CVE-2024-41351.md | 17 ++ 2024/CVE-2024-41353.md | 2 +- 2024/CVE-2024-41354.md | 2 +- 2024/CVE-2024-41355.md | 2 +- 2024/CVE-2024-41356.md | 2 +- 2024/CVE-2024-41357.md | 3 +- 2024/CVE-2024-41358.md | 19 ++ 2024/CVE-2024-41361.md | 17 ++ 2024/CVE-2024-41364.md | 17 ++ 2024/CVE-2024-41366.md | 17 ++ 2024/CVE-2024-41367.md | 17 ++ 2024/CVE-2024-41368.md | 17 ++ 2024/CVE-2024-41369.md | 17 ++ 2024/CVE-2024-41370.md | 17 ++ 2024/CVE-2024-41371.md | 17 ++ 2024/CVE-2024-41372.md | 17 ++ 2024/CVE-2024-41373.md | 2 +- 2024/CVE-2024-41374.md | 2 +- 2024/CVE-2024-41375.md | 2 +- 2024/CVE-2024-41376.md | 2 +- 2024/CVE-2024-41380.md | 2 +- 2024/CVE-2024-41381.md | 2 +- 2024/CVE-2024-41436.md | 17 ++ 2024/CVE-2024-41447.md | 17 ++ 2024/CVE-2024-41453.md | 17 ++ 2024/CVE-2024-41454.md | 17 ++ 2024/CVE-2024-41465.md | 1 + 2024/CVE-2024-41466.md | 1 + 2024/CVE-2024-41468.md | 17 ++ 2024/CVE-2024-41473.md | 17 ++ 2024/CVE-2024-41481.md | 17 ++ 2024/CVE-2024-41482.md | 17 ++ 2024/CVE-2024-4157.md | 17 ++ 2024/CVE-2024-41570.md | 9 + 2024/CVE-2024-41594.md | 17 ++ 2024/CVE-2024-41597.md | 2 +- 2024/CVE-2024-41622.md | 17 ++ 2024/CVE-2024-41623.md | 17 ++ 2024/CVE-2024-41628.md | 1 + 2024/CVE-2024-41629.md | 17 ++ 2024/CVE-2024-4164.md | 1 + 2024/CVE-2024-41640.md | 1 + 2024/CVE-2024-41644.md | 17 ++ 2024/CVE-2024-41645.md | 17 ++ 2024/CVE-2024-41646.md | 17 ++ 2024/CVE-2024-41647.md | 17 ++ 2024/CVE-2024-41648.md | 17 ++ 2024/CVE-2024-41649.md | 17 ++ 2024/CVE-2024-4165.md | 1 + 2024/CVE-2024-41650.md | 17 ++ 2024/CVE-2024-41651.md | 4 +- 2024/CVE-2024-4166.md | 1 + 2024/CVE-2024-41660.md | 1 + 2024/CVE-2024-41662.md | 2 + 2024/CVE-2024-41667.md | 1 + 2024/CVE-2024-4167.md | 1 + 2024/CVE-2024-41678.md | 17 ++ 2024/CVE-2024-4168.md | 1 + 2024/CVE-2024-4169.md | 1 + 2024/CVE-2024-4170.md | 1 + 2024/CVE-2024-41703.md | 17 ++ 2024/CVE-2024-41704.md | 17 ++ 2024/CVE-2024-4171.md | 1 + 2024/CVE-2024-41710.md | 20 ++ 2024/CVE-2024-41713.md | 29 +++ 2024/CVE-2024-41714.md | 17 ++ 2024/CVE-2024-41720.md | 17 ++ 2024/CVE-2024-41730.md | 18 ++ 2024/CVE-2024-4176.md | 17 ++ 2024/CVE-2024-4181.md | 18 ++ 2024/CVE-2024-41817.md | 8 +- 2024/CVE-2024-41818.md | 4 +- 2024/CVE-2024-41856.md | 2 +- 2024/CVE-2024-41946.md | 1 + 2024/CVE-2024-41955.md | 1 + 2024/CVE-2024-41958.md | 1 + 2024/CVE-2024-41965.md | 1 + 2024/CVE-2024-41967.md | 29 +++ 2024/CVE-2024-41968.md | 29 +++ 2024/CVE-2024-41969.md | 29 +++ 2024/CVE-2024-41970.md | 26 ++ 2024/CVE-2024-41971.md | 26 ++ 2024/CVE-2024-41972.md | 26 ++ 2024/CVE-2024-41973.md | 26 ++ 2024/CVE-2024-41974.md | 26 ++ 2024/CVE-2024-41987.md | 17 ++ 2024/CVE-2024-41988.md | 17 ++ 2024/CVE-2024-41992.md | 18 ++ 2024/CVE-2024-41996.md | 3 +- 2024/CVE-2024-42005.md | 1 + 2024/CVE-2024-42007.md | 21 ++ 2024/CVE-2024-42008.md | 5 +- 2024/CVE-2024-42009.md | 8 +- 2024/CVE-2024-42010.md | 1 + 2024/CVE-2024-42041.md | 17 ++ 2024/CVE-2024-42049.md | 18 ++ 2024/CVE-2024-42050.md | 17 ++ 2024/CVE-2024-42051.md | 17 ++ 2024/CVE-2024-42052.md | 17 ++ 2024/CVE-2024-42053.md | 17 ++ 2024/CVE-2024-42162.md | 18 ++ 2024/CVE-2024-42218.md | 19 ++ 2024/CVE-2024-42219.md | 19 ++ 2024/CVE-2024-42228.md | 17 ++ 2024/CVE-2024-42246.md | 2 +- 2024/CVE-2024-42308.md | 8 +- 2024/CVE-2024-4231.md | 1 + 2024/CVE-2024-42314.md | 3 +- 2024/CVE-2024-42315.md | 2 +- 2024/CVE-2024-42319.md | 2 +- 2024/CVE-2024-4232.md | 2 + 2024/CVE-2024-42322.md | 2 +- 2024/CVE-2024-42323.md | 32 +++ 2024/CVE-2024-42327.md | 40 +++ 2024/CVE-2024-42346.md | 17 ++ 2024/CVE-2024-42353.md | 17 ++ 2024/CVE-2024-42358.md | 2 +- 2024/CVE-2024-4236.md | 1 + 2024/CVE-2024-42364.md | 18 ++ 2024/CVE-2024-4237.md | 1 + 2024/CVE-2024-4238.md | 1 + 2024/CVE-2024-4239.md | 1 + 2024/CVE-2024-4240.md | 1 + 2024/CVE-2024-4241.md | 1 + 2024/CVE-2024-42415.md | 17 ++ 2024/CVE-2024-4242.md | 1 + 2024/CVE-2024-4243.md | 1 + 2024/CVE-2024-4244.md | 1 + 2024/CVE-2024-42448.md | 17 ++ 2024/CVE-2024-4245.md | 1 + 2024/CVE-2024-42450.md | 17 ++ 2024/CVE-2024-4246.md | 1 + 2024/CVE-2024-42461.md | 6 + 2024/CVE-2024-42462.md | 2 +- 2024/CVE-2024-42463.md | 2 +- 2024/CVE-2024-42464.md | 2 +- 2024/CVE-2024-42465.md | 2 +- 2024/CVE-2024-42466.md | 2 +- 2024/CVE-2024-4247.md | 1 + 2024/CVE-2024-42471.md | 18 ++ 2024/CVE-2024-42474.md | 1 + 2024/CVE-2024-42477.md | 1 + 2024/CVE-2024-42478.md | 1 + 2024/CVE-2024-42479.md | 1 + 2024/CVE-2024-4248.md | 1 + 2024/CVE-2024-4249.md | 1 + 2024/CVE-2024-4250.md | 1 + 2024/CVE-2024-4251.md | 1 + 2024/CVE-2024-42515.md | 17 ++ 2024/CVE-2024-4252.md | 1 + 2024/CVE-2024-42523.md | 17 ++ 2024/CVE-2024-42531.md | 17 ++ 2024/CVE-2024-42543.md | 2 +- 2024/CVE-2024-42545.md | 2 +- 2024/CVE-2024-4255.md | 1 + 2024/CVE-2024-4257.md | 17 ++ 2024/CVE-2024-4263.md | 17 ++ 2024/CVE-2024-42633.md | 17 ++ 2024/CVE-2024-42640.md | 18 ++ 2024/CVE-2024-42642.md | 17 ++ 2024/CVE-2024-42657.md | 1 + 2024/CVE-2024-42658.md | 2 + 2024/CVE-2024-42671.md | 17 ++ 2024/CVE-2024-42676.md | 2 + 2024/CVE-2024-42677.md | 2 + 2024/CVE-2024-42678.md | 2 + 2024/CVE-2024-42679.md | 2 + 2024/CVE-2024-42680.md | 2 + 2024/CVE-2024-42736.md | 2 +- 2024/CVE-2024-42737.md | 2 +- 2024/CVE-2024-42738.md | 2 +- 2024/CVE-2024-42739.md | 1 + 2024/CVE-2024-42740.md | 2 +- 2024/CVE-2024-42741.md | 2 +- 2024/CVE-2024-42742.md | 2 +- 2024/CVE-2024-42743.md | 2 +- 2024/CVE-2024-42744.md | 1 + 2024/CVE-2024-42745.md | 2 +- 2024/CVE-2024-42747.md | 2 +- 2024/CVE-2024-42748.md | 2 +- 2024/CVE-2024-42812.md | 17 ++ 2024/CVE-2024-42815.md | 1 + 2024/CVE-2024-42834.md | 18 ++ 2024/CVE-2024-42845.md | 3 + 2024/CVE-2024-42849.md | 1 + 2024/CVE-2024-42850.md | 1 + 2024/CVE-2024-42861.md | 17 ++ 2024/CVE-2024-42898.md | 17 ++ 2024/CVE-2024-42913.md | 1 + 2024/CVE-2024-42919.md | 1 + 2024/CVE-2024-42940.md | 2 +- 2024/CVE-2024-42941.md | 2 +- 2024/CVE-2024-42942.md | 2 +- 2024/CVE-2024-42943.md | 2 +- 2024/CVE-2024-42944.md | 2 +- 2024/CVE-2024-42945.md | 2 +- 2024/CVE-2024-42946.md | 2 +- 2024/CVE-2024-42947.md | 2 +- 2024/CVE-2024-42948.md | 2 +- 2024/CVE-2024-42949.md | 2 +- 2024/CVE-2024-4295.md | 13 + 2024/CVE-2024-42950.md | 2 +- 2024/CVE-2024-42951.md | 2 +- 2024/CVE-2024-42952.md | 2 +- 2024/CVE-2024-42953.md | 2 +- 2024/CVE-2024-42954.md | 2 +- 2024/CVE-2024-42955.md | 2 +- 2024/CVE-2024-42966.md | 2 +- 2024/CVE-2024-42967.md | 2 +- 2024/CVE-2024-42968.md | 2 +- 2024/CVE-2024-42969.md | 2 +- 2024/CVE-2024-42973.md | 2 +- 2024/CVE-2024-42974.md | 2 +- 2024/CVE-2024-42976.md | 2 +- 2024/CVE-2024-42977.md | 2 +- 2024/CVE-2024-42978.md | 2 +- 2024/CVE-2024-42979.md | 2 +- 2024/CVE-2024-42980.md | 2 +- 2024/CVE-2024-42981.md | 2 +- 2024/CVE-2024-42982.md | 1 + 2024/CVE-2024-42983.md | 2 +- 2024/CVE-2024-42984.md | 2 +- 2024/CVE-2024-42985.md | 2 +- 2024/CVE-2024-42986.md | 2 +- 2024/CVE-2024-42987.md | 2 +- 2024/CVE-2024-42992.md | 1 + 2024/CVE-2024-43024.md | 17 ++ 2024/CVE-2024-43025.md | 17 ++ 2024/CVE-2024-43033.md | 17 ++ 2024/CVE-2024-43040.md | 17 ++ 2024/CVE-2024-43044.md | 23 ++ 2024/CVE-2024-43047.md | 17 ++ 2024/CVE-2024-43080.md | 17 ++ 2024/CVE-2024-43081.md | 17 ++ 2024/CVE-2024-43087.md | 17 ++ 2024/CVE-2024-43088.md | 18 ++ 2024/CVE-2024-43090.md | 18 ++ 2024/CVE-2024-43093.md | 17 ++ 2024/CVE-2024-43097.md | 17 ++ 2024/CVE-2024-43102.md | 18 ++ 2024/CVE-2024-43112.md | 17 ++ 2024/CVE-2024-43113.md | 17 ++ 2024/CVE-2024-43114.md | 17 ++ 2024/CVE-2024-43118.md | 17 ++ 2024/CVE-2024-43119.md | 17 ++ 2024/CVE-2024-43120.md | 17 ++ 2024/CVE-2024-43122.md | 17 ++ 2024/CVE-2024-43134.md | 17 ++ 2024/CVE-2024-43136.md | 17 ++ 2024/CVE-2024-43142.md | 17 ++ 2024/CVE-2024-43143.md | 17 ++ 2024/CVE-2024-43146.md | 17 ++ 2024/CVE-2024-43154.md | 17 ++ 2024/CVE-2024-43157.md | 17 ++ 2024/CVE-2024-43158.md | 17 ++ 2024/CVE-2024-43159.md | 17 ++ 2024/CVE-2024-43160.md | 1 + 2024/CVE-2024-43162.md | 17 ++ 2024/CVE-2024-43167.md | 2 +- 2024/CVE-2024-43168.md | 2 +- 2024/CVE-2024-4317.md | 4 + 2024/CVE-2024-4320.md | 1 + 2024/CVE-2024-43201.md | 17 ++ 2024/CVE-2024-43208.md | 17 ++ 2024/CVE-2024-43209.md | 17 ++ 2024/CVE-2024-43211.md | 17 ++ 2024/CVE-2024-43212.md | 17 ++ 2024/CVE-2024-43215.md | 17 ++ 2024/CVE-2024-43219.md | 17 ++ 2024/CVE-2024-4322.md | 17 ++ 2024/CVE-2024-43223.md | 17 ++ 2024/CVE-2024-43229.md | 17 ++ 2024/CVE-2024-4323.md | 1 + 2024/CVE-2024-43235.md | 17 ++ 2024/CVE-2024-43253.md | 17 ++ 2024/CVE-2024-43254.md | 17 ++ 2024/CVE-2024-43260.md | 17 ++ 2024/CVE-2024-43268.md | 17 ++ 2024/CVE-2024-43270.md | 17 ++ 2024/CVE-2024-43273.md | 17 ++ 2024/CVE-2024-43277.md | 17 ++ 2024/CVE-2024-43285.md | 17 ++ 2024/CVE-2024-43290.md | 17 ++ 2024/CVE-2024-43293.md | 17 ++ 2024/CVE-2024-43296.md | 17 ++ 2024/CVE-2024-43297.md | 17 ++ 2024/CVE-2024-43298.md | 17 ++ 2024/CVE-2024-43302.md | 17 ++ 2024/CVE-2024-43310.md | 17 ++ 2024/CVE-2024-43312.md | 17 ++ 2024/CVE-2024-43314.md | 17 ++ 2024/CVE-2024-43323.md | 17 ++ 2024/CVE-2024-43328.md | 1 + 2024/CVE-2024-43332.md | 17 ++ 2024/CVE-2024-43341.md | 17 ++ 2024/CVE-2024-43343.md | 17 ++ 2024/CVE-2024-43347.md | 1 + 2024/CVE-2024-43355.md | 17 ++ 2024/CVE-2024-43357.md | 19 ++ 2024/CVE-2024-43360.md | 1 + 2024/CVE-2024-43363.md | 17 ++ 2024/CVE-2024-43374.md | 2 +- 2024/CVE-2024-43381.md | 1 + 2024/CVE-2024-43398.md | 1 + 2024/CVE-2024-4340.md | 2 + 2024/CVE-2024-43402.md | 18 ++ 2024/CVE-2024-43415.md | 17 ++ 2024/CVE-2024-43416.md | 17 ++ 2024/CVE-2024-43418.md | 17 ++ 2024/CVE-2024-43425.md | 25 ++ 2024/CVE-2024-43426.md | 17 ++ 2024/CVE-2024-4343.md | 17 ++ 2024/CVE-2024-43436.md | 17 ++ 2024/CVE-2024-43441.md | 20 ++ 2024/CVE-2024-43447.md | 17 ++ 2024/CVE-2024-43451.md | 55 +++++ 2024/CVE-2024-43468.md | 19 ++ 2024/CVE-2024-43472.md | 17 ++ 2024/CVE-2024-4348.md | 1 + 2024/CVE-2024-43483.md | 50 ++++ 2024/CVE-2024-43485.md | 31 +++ 2024/CVE-2024-43491.md | 17 ++ 2024/CVE-2024-4351.md | 17 ++ 2024/CVE-2024-4352.md | 1 + 2024/CVE-2024-43535.md | 57 +++++ 2024/CVE-2024-43570.md | 56 +++++ 2024/CVE-2024-43572.md | 56 +++++ 2024/CVE-2024-4358.md | 19 ++ 2024/CVE-2024-43582.md | 36 +++ 2024/CVE-2024-43583.md | 59 +++++ 2024/CVE-2024-43601.md | 18 ++ 2024/CVE-2024-43609.md | 25 ++ 2024/CVE-2024-43630.md | 28 +++ 2024/CVE-2024-4367.md | 30 ++- 2024/CVE-2024-4369.md | 1 + 2024/CVE-2024-43762.md | 18 ++ 2024/CVE-2024-43768.md | 17 ++ 2024/CVE-2024-43770.md | 17 ++ 2024/CVE-2024-43779.md | 17 ++ 2024/CVE-2024-43788.md | 21 ++ 2024/CVE-2024-43795.md | 17 ++ 2024/CVE-2024-43796.md | 18 ++ 2024/CVE-2024-43799.md | 18 ++ 2024/CVE-2024-43800.md | 18 ++ 2024/CVE-2024-43833.md | 17 ++ 2024/CVE-2024-43836.md | 17 ++ 2024/CVE-2024-43837.md | 17 ++ 2024/CVE-2024-43882.md | 17 ++ 2024/CVE-2024-43884.md | 2 +- 2024/CVE-2024-43917.md | 4 + 2024/CVE-2024-43918.md | 1 + 2024/CVE-2024-43919.md | 19 ++ 2024/CVE-2024-43965.md | 17 ++ 2024/CVE-2024-43974.md | 17 ++ 2024/CVE-2024-43998.md | 18 ++ 2024/CVE-2024-44000.md | 21 ++ 2024/CVE-2024-4406.md | 1 + 2024/CVE-2024-44068.md | 18 ++ 2024/CVE-2024-44073.md | 1 + 2024/CVE-2024-44083.md | 2 + 2024/CVE-2024-44085.md | 17 ++ 2024/CVE-2024-44133.md | 20 ++ 2024/CVE-2024-44170.md | 21 ++ 2024/CVE-2024-44187.md | 25 ++ 2024/CVE-2024-44193.md | 19 ++ 2024/CVE-2024-44197.md | 17 ++ 2024/CVE-2024-44198.md | 24 ++ 2024/CVE-2024-44199.md | 17 ++ 2024/CVE-2024-44200.md | 17 ++ 2024/CVE-2024-44201.md | 21 ++ 2024/CVE-2024-44235.md | 17 ++ 2024/CVE-2024-44252.md | 23 ++ 2024/CVE-2024-44258.md | 23 ++ 2024/CVE-2024-44285.md | 23 ++ 2024/CVE-2024-44308.md | 25 ++ 2024/CVE-2024-44309.md | 23 ++ 2024/CVE-2024-44313.md | 18 ++ 2024/CVE-2024-4433.md | 1 + 2024/CVE-2024-44337.md | 17 ++ 2024/CVE-2024-44349.md | 17 ++ 2024/CVE-2024-4439.md | 3 + 2024/CVE-2024-4443.md | 18 ++ 2024/CVE-2024-4444.md | 1 + 2024/CVE-2024-44450.md | 17 ++ 2024/CVE-2024-44541.md | 17 ++ 2024/CVE-2024-44542.md | 17 ++ 2024/CVE-2024-44610.md | 17 ++ 2024/CVE-2024-44623.md | 17 ++ 2024/CVE-2024-44625.md | 17 ++ 2024/CVE-2024-4464.md | 17 ++ 2024/CVE-2024-44667.md | 18 ++ 2024/CVE-2024-44727.md | 17 ++ 2024/CVE-2024-44728.md | 17 ++ 2024/CVE-2024-44756.md | 18 ++ 2024/CVE-2024-44757.md | 18 ++ 2024/CVE-2024-44758.md | 18 ++ 2024/CVE-2024-44759.md | 18 ++ 2024/CVE-2024-44760.md | 2 + 2024/CVE-2024-44761.md | 2 + 2024/CVE-2024-44765.md | 17 ++ 2024/CVE-2024-44771.md | 17 ++ 2024/CVE-2024-44793.md | 2 +- 2024/CVE-2024-44794.md | 2 +- 2024/CVE-2024-44795.md | 2 +- 2024/CVE-2024-44796.md | 2 +- 2024/CVE-2024-44797.md | 2 +- 2024/CVE-2024-44808.md | 17 ++ 2024/CVE-2024-44809.md | 17 ++ 2024/CVE-2024-44812.md | 17 ++ 2024/CVE-2024-44815.md | 17 ++ 2024/CVE-2024-44825.md | 17 ++ 2024/CVE-2024-44849.md | 17 ++ 2024/CVE-2024-44852.md | 17 ++ 2024/CVE-2024-44853.md | 17 ++ 2024/CVE-2024-44854.md | 17 ++ 2024/CVE-2024-44855.md | 17 ++ 2024/CVE-2024-44856.md | 17 ++ 2024/CVE-2024-44866.md | 17 ++ 2024/CVE-2024-44867.md | 17 ++ 2024/CVE-2024-44871.md | 18 ++ 2024/CVE-2024-44902.md | 31 +++ 2024/CVE-2024-44903.md | 17 ++ 2024/CVE-2024-4491.md | 1 + 2024/CVE-2024-44910.md | 17 ++ 2024/CVE-2024-44911.md | 17 ++ 2024/CVE-2024-44912.md | 17 ++ 2024/CVE-2024-44913.md | 1 + 2024/CVE-2024-44914.md | 1 + 2024/CVE-2024-44915.md | 1 + 2024/CVE-2024-4492.md | 1 + 2024/CVE-2024-4493.md | 1 + 2024/CVE-2024-4494.md | 1 + 2024/CVE-2024-44941.md | 17 ++ 2024/CVE-2024-44942.md | 18 ++ 2024/CVE-2024-44946.md | 18 ++ 2024/CVE-2024-44947.md | 17 ++ 2024/CVE-2024-4495.md | 1 + 2024/CVE-2024-44951.md | 17 ++ 2024/CVE-2024-4496.md | 1 + 2024/CVE-2024-4497.md | 1 + 2024/CVE-2024-4501.md | 1 + 2024/CVE-2024-4502.md | 17 ++ 2024/CVE-2024-4503.md | 17 ++ 2024/CVE-2024-45034.md | 17 ++ 2024/CVE-2024-45040.md | 17 ++ 2024/CVE-2024-45046.md | 17 ++ 2024/CVE-2024-4505.md | 17 ++ 2024/CVE-2024-45052.md | 17 ++ 2024/CVE-2024-45057.md | 17 ++ 2024/CVE-2024-45058.md | 18 ++ 2024/CVE-2024-4506.md | 17 ++ 2024/CVE-2024-4507.md | 17 ++ 2024/CVE-2024-4508.md | 17 ++ 2024/CVE-2024-4510.md | 17 ++ 2024/CVE-2024-4511.md | 17 ++ 2024/CVE-2024-45170.md | 17 ++ 2024/CVE-2024-45171.md | 17 ++ 2024/CVE-2024-45172.md | 17 ++ 2024/CVE-2024-45173.md | 17 ++ 2024/CVE-2024-45174.md | 17 ++ 2024/CVE-2024-45175.md | 17 ++ 2024/CVE-2024-45176.md | 17 ++ 2024/CVE-2024-45177.md | 17 ++ 2024/CVE-2024-45178.md | 17 ++ 2024/CVE-2024-45179.md | 17 ++ 2024/CVE-2024-45181.md | 17 ++ 2024/CVE-2024-45182.md | 17 ++ 2024/CVE-2024-45186.md | 17 ++ 2024/CVE-2024-45187.md | 2 +- 2024/CVE-2024-45188.md | 2 +- 2024/CVE-2024-45189.md | 2 +- 2024/CVE-2024-45190.md | 2 +- 2024/CVE-2024-45195.md | 42 ++++ 2024/CVE-2024-45200.md | 17 ++ 2024/CVE-2024-45216.md | 36 +++ 2024/CVE-2024-45231.md | 17 ++ 2024/CVE-2024-45234.md | 17 ++ 2024/CVE-2024-45241.md | 2 + 2024/CVE-2024-45242.md | 17 ++ 2024/CVE-2024-45244.md | 2 + 2024/CVE-2024-45260.md | 17 ++ 2024/CVE-2024-45261.md | 17 ++ 2024/CVE-2024-45264.md | 1 + 2024/CVE-2024-45265.md | 2 + 2024/CVE-2024-45296.md | 21 ++ 2024/CVE-2024-45302.md | 17 ++ 2024/CVE-2024-45310.md | 18 ++ 2024/CVE-2024-45320.md | 21 ++ 2024/CVE-2024-45326.md | 17 ++ 2024/CVE-2024-45328.md | 17 ++ 2024/CVE-2024-45336.md | 18 ++ 2024/CVE-2024-45337.md | 24 ++ 2024/CVE-2024-45338.md | 21 ++ 2024/CVE-2024-45339.md | 17 ++ 2024/CVE-2024-45341.md | 18 ++ 2024/CVE-2024-45352.md | 19 ++ 2024/CVE-2024-45383.md | 17 ++ 2024/CVE-2024-45387.md | 18 ++ 2024/CVE-2024-45388.md | 29 +++ 2024/CVE-2024-45389.md | 17 ++ 2024/CVE-2024-45397.md | 17 ++ 2024/CVE-2024-4540.md | 24 ++ 2024/CVE-2024-45402.md | 17 ++ 2024/CVE-2024-45409.md | 20 ++ 2024/CVE-2024-45410.md | 19 ++ 2024/CVE-2024-45411.md | 17 ++ 2024/CVE-2024-45412.md | 17 ++ 2024/CVE-2024-45415.md | 17 ++ 2024/CVE-2024-45416.md | 17 ++ 2024/CVE-2024-45436.md | 8 + 2024/CVE-2024-45440.md | 17 ++ 2024/CVE-2024-45463.md | 25 ++ 2024/CVE-2024-45476.md | 25 ++ 2024/CVE-2024-45489.md | 18 ++ 2024/CVE-2024-45490.md | 20 ++ 2024/CVE-2024-45491.md | 9 + 2024/CVE-2024-45492.md | 6 + 2024/CVE-2024-45498.md | 17 ++ 2024/CVE-2024-45505.md | 17 ++ 2024/CVE-2024-45506.md | 17 ++ 2024/CVE-2024-45507.md | 26 ++ 2024/CVE-2024-45519.md | 40 +++ 2024/CVE-2024-45589.md | 17 ++ 2024/CVE-2024-45590.md | 21 ++ 2024/CVE-2024-45608.md | 17 ++ 2024/CVE-2024-45614.md | 17 ++ 2024/CVE-2024-45622.md | 17 ++ 2024/CVE-2024-45623.md | 17 ++ 2024/CVE-2024-45678.md | 18 ++ 2024/CVE-2024-45691.md | 17 ++ 2024/CVE-2024-45699.md | 17 ++ 2024/CVE-2024-45712.md | 17 ++ 2024/CVE-2024-45752.md | 17 ++ 2024/CVE-2024-4577.md | 94 +++++++ 2024/CVE-2024-45771.md | 17 ++ 2024/CVE-2024-45774.md | 20 ++ 2024/CVE-2024-4579.md | 17 ++ 2024/CVE-2024-45794.md | 17 ++ 2024/CVE-2024-45802.md | 17 ++ 2024/CVE-2024-45803.md | 17 ++ 2024/CVE-2024-45806.md | 17 ++ 2024/CVE-2024-45812.md | 17 ++ 2024/CVE-2024-45827.md | 17 ++ 2024/CVE-2024-45848.md | 17 ++ 2024/CVE-2024-45870.md | 20 ++ 2024/CVE-2024-45871.md | 20 ++ 2024/CVE-2024-45872.md | 20 ++ 2024/CVE-2024-45875.md | 17 ++ 2024/CVE-2024-45876.md | 17 ++ 2024/CVE-2024-45877.md | 17 ++ 2024/CVE-2024-45878.md | 17 ++ 2024/CVE-2024-45879.md | 17 ++ 2024/CVE-2024-45880.md | 17 ++ 2024/CVE-2024-4591.md | 1 + 2024/CVE-2024-45918.md | 17 ++ 2024/CVE-2024-45932.md | 17 ++ 2024/CVE-2024-45933.md | 17 ++ 2024/CVE-2024-45944.md | 17 ++ 2024/CVE-2024-45960.md | 17 ++ 2024/CVE-2024-45962.md | 17 ++ 2024/CVE-2024-45964.md | 17 ++ 2024/CVE-2024-45999.md | 17 ++ 2024/CVE-2024-4603.md | 4 +- 2024/CVE-2024-46040.md | 17 ++ 2024/CVE-2024-46041.md | 17 ++ 2024/CVE-2024-46054.md | 17 ++ 2024/CVE-2024-46055.md | 17 ++ 2024/CVE-2024-46079.md | 17 ++ 2024/CVE-2024-46081.md | 17 ++ 2024/CVE-2024-46082.md | 17 ++ 2024/CVE-2024-46083.md | 17 ++ 2024/CVE-2024-4610.md | 2 + 2024/CVE-2024-46103.md | 17 ++ 2024/CVE-2024-46209.md | 17 ++ 2024/CVE-2024-46210.md | 17 ++ 2024/CVE-2024-46226.md | 17 ++ 2024/CVE-2024-46242.md | 17 ++ 2024/CVE-2024-46256.md | 18 ++ 2024/CVE-2024-46257.md | 18 ++ 2024/CVE-2024-46278.md | 17 ++ 2024/CVE-2024-46280.md | 17 ++ 2024/CVE-2024-4629.md | 24 ++ 2024/CVE-2024-46292.md | 17 ++ 2024/CVE-2024-46300.md | 17 ++ 2024/CVE-2024-46310.md | 17 ++ 2024/CVE-2024-46313.md | 17 ++ 2024/CVE-2024-46325.md | 17 ++ 2024/CVE-2024-46326.md | 17 ++ 2024/CVE-2024-46374.md | 17 ++ 2024/CVE-2024-46377.md | 17 ++ 2024/CVE-2024-46382.md | 17 ++ 2024/CVE-2024-46383.md | 17 ++ 2024/CVE-2024-46419.md | 17 ++ 2024/CVE-2024-46424.md | 17 ++ 2024/CVE-2024-46429.md | 17 ++ 2024/CVE-2024-46430.md | 17 ++ 2024/CVE-2024-46431.md | 17 ++ 2024/CVE-2024-46432.md | 17 ++ 2024/CVE-2024-46433.md | 17 ++ 2024/CVE-2024-46434.md | 17 ++ 2024/CVE-2024-46435.md | 17 ++ 2024/CVE-2024-46436.md | 17 ++ 2024/CVE-2024-46437.md | 17 ++ 2024/CVE-2024-46442.md | 17 ++ 2024/CVE-2024-46451.md | 18 ++ 2024/CVE-2024-46453.md | 17 ++ 2024/CVE-2024-46455.md | 17 ++ 2024/CVE-2024-46461.md | 17 ++ 2024/CVE-2024-46472.md | 17 ++ 2024/CVE-2024-46475.md | 17 ++ 2024/CVE-2024-46479.md | 17 ++ 2024/CVE-2024-46480.md | 17 ++ 2024/CVE-2024-46481.md | 17 ++ 2024/CVE-2024-46483.md | 17 ++ 2024/CVE-2024-46486.md | 17 ++ 2024/CVE-2024-46488.md | 17 ++ 2024/CVE-2024-46489.md | 17 ++ 2024/CVE-2024-46494.md | 17 ++ 2024/CVE-2024-46505.md | 17 ++ 2024/CVE-2024-46506.md | 17 ++ 2024/CVE-2024-46510.md | 17 ++ 2024/CVE-2024-46528.md | 17 ++ 2024/CVE-2024-46532.md | 17 ++ 2024/CVE-2024-46538.md | 19 ++ 2024/CVE-2024-46539.md | 17 ++ 2024/CVE-2024-46542.md | 17 ++ 2024/CVE-2024-46605.md | 17 ++ 2024/CVE-2024-46607.md | 17 ++ 2024/CVE-2024-46609.md | 17 ++ 2024/CVE-2024-46610.md | 17 ++ 2024/CVE-2024-46612.md | 17 ++ 2024/CVE-2024-46626.md | 17 ++ 2024/CVE-2024-46627.md | 17 ++ 2024/CVE-2024-46635.md | 17 ++ 2024/CVE-2024-46644.md | 17 ++ 2024/CVE-2024-46645.md | 17 ++ 2024/CVE-2024-46646.md | 17 ++ 2024/CVE-2024-46647.md | 17 ++ 2024/CVE-2024-46648.md | 17 ++ 2024/CVE-2024-46649.md | 17 ++ 2024/CVE-2024-4665.md | 17 ++ 2024/CVE-2024-46658.md | 17 ++ 2024/CVE-2024-46669.md | 17 ++ 2024/CVE-2024-4671.md | 4 + 2024/CVE-2024-46713.md | 18 ++ 2024/CVE-2024-46740.md | 17 ++ 2024/CVE-2024-46774.md | 17 ++ 2024/CVE-2024-46786.md | 17 ++ 2024/CVE-2024-46811.md | 17 ++ 2024/CVE-2024-46813.md | 17 ++ 2024/CVE-2024-46833.md | 17 ++ 2024/CVE-2024-46909.md | 19 ++ 2024/CVE-2024-46938.md | 27 +++ 2024/CVE-2024-46960.md | 17 ++ 2024/CVE-2024-46961.md | 17 ++ 2024/CVE-2024-46962.md | 17 ++ 2024/CVE-2024-46963.md | 17 ++ 2024/CVE-2024-46964.md | 17 ++ 2024/CVE-2024-46965.md | 17 ++ 2024/CVE-2024-46966.md | 17 ++ 2024/CVE-2024-46977.md | 17 ++ 2024/CVE-2024-46978.md | 17 ++ 2024/CVE-2024-46979.md | 18 ++ 2024/CVE-2024-4698.md | 17 ++ 2024/CVE-2024-46981.md | 20 ++ 2024/CVE-2024-46982.md | 21 ++ 2024/CVE-2024-46986.md | 17 ++ 2024/CVE-2024-46987.md | 18 ++ 2024/CVE-2024-47003.md | 17 ++ 2024/CVE-2024-4701.md | 2 + 2024/CVE-2024-4704.md | 2 +- 2024/CVE-2024-47051.md | 20 ++ 2024/CVE-2024-47060.md | 17 ++ 2024/CVE-2024-47062.md | 18 ++ 2024/CVE-2024-47066.md | 18 ++ 2024/CVE-2024-47067.md | 17 ++ 2024/CVE-2024-47068.md | 17 ++ 2024/CVE-2024-47069.md | 17 ++ 2024/CVE-2024-47071.md | 17 ++ 2024/CVE-2024-47072.md | 18 ++ 2024/CVE-2024-47075.md | 17 ++ 2024/CVE-2024-47076.md | 28 +++ 2024/CVE-2024-47103.md | 17 ++ 2024/CVE-2024-4711.md | 17 ++ 2024/CVE-2024-47170.md | 17 ++ 2024/CVE-2024-47175.md | 28 +++ 2024/CVE-2024-47176.md | 44 ++++ 2024/CVE-2024-47177.md | 39 +++ 2024/CVE-2024-47179.md | 18 ++ 2024/CVE-2024-47182.md | 17 ++ 2024/CVE-2024-47184.md | 17 ++ 2024/CVE-2024-47186.md | 17 ++ 2024/CVE-2024-47187.md | 17 ++ 2024/CVE-2024-47195.md | 18 ++ 2024/CVE-2024-47208.md | 19 ++ 2024/CVE-2024-47212.md | 17 ++ 2024/CVE-2024-47213.md | 17 ++ 2024/CVE-2024-47214.md | 17 ++ 2024/CVE-2024-47215.md | 17 ++ 2024/CVE-2024-47217.md | 17 ++ 2024/CVE-2024-47223.md | 17 ++ 2024/CVE-2024-47226.md | 17 ++ 2024/CVE-2024-4730.md | 1 + 2024/CVE-2024-47315.md | 17 ++ 2024/CVE-2024-47373.md | 17 ++ 2024/CVE-2024-47374.md | 17 ++ 2024/CVE-2024-47408.md | 17 ++ 2024/CVE-2024-4741.md | 21 ++ 2024/CVE-2024-47523.md | 17 ++ 2024/CVE-2024-47524.md | 17 ++ 2024/CVE-2024-47525.md | 17 ++ 2024/CVE-2024-47526.md | 17 ++ 2024/CVE-2024-47527.md | 17 ++ 2024/CVE-2024-47528.md | 19 ++ 2024/CVE-2024-47529.md | 17 ++ 2024/CVE-2024-47530.md | 17 ++ 2024/CVE-2024-47531.md | 17 ++ 2024/CVE-2024-47532.md | 17 ++ 2024/CVE-2024-47533.md | 24 ++ 2024/CVE-2024-47535.md | 17 ++ 2024/CVE-2024-47536.md | 18 ++ 2024/CVE-2024-47554.md | 17 ++ 2024/CVE-2024-47575.md | 39 +++ 2024/CVE-2024-47595.md | 17 ++ 2024/CVE-2024-4761.md | 3 + 2024/CVE-2024-47619.md | 17 ++ 2024/CVE-2024-47637.md | 17 ++ 2024/CVE-2024-4768.md | 20 ++ 2024/CVE-2024-4769.md | 20 ++ 2024/CVE-2024-47691.md | 17 ++ 2024/CVE-2024-47704.md | 17 ++ 2024/CVE-2024-4773.md | 17 ++ 2024/CVE-2024-47730.md | 17 ++ 2024/CVE-2024-47736.md | 17 ++ 2024/CVE-2024-4775.md | 17 ++ 2024/CVE-2024-47764.md | 17 ++ 2024/CVE-2024-47765.md | 18 ++ 2024/CVE-2024-47769.md | 18 ++ 2024/CVE-2024-47770.md | 17 ++ 2024/CVE-2024-47773.md | 17 ++ 2024/CVE-2024-47796.md | 17 ++ 2024/CVE-2024-47799.md | 17 ++ 2024/CVE-2024-4781.md | 1 + 2024/CVE-2024-47810.md | 17 ++ 2024/CVE-2024-47814.md | 17 ++ 2024/CVE-2024-47817.md | 17 ++ 2024/CVE-2024-47818.md | 17 ++ 2024/CVE-2024-4782.md | 1 + 2024/CVE-2024-47821.md | 17 ++ 2024/CVE-2024-47822.md | 17 ++ 2024/CVE-2024-47823.md | 17 ++ 2024/CVE-2024-47827.md | 18 ++ 2024/CVE-2024-47828.md | 17 ++ 2024/CVE-2024-47830.md | 17 ++ 2024/CVE-2024-47833.md | 18 ++ 2024/CVE-2024-47836.md | 17 ++ 2024/CVE-2024-4785.md | 18 ++ 2024/CVE-2024-47850.md | 17 ++ 2024/CVE-2024-47854.md | 17 ++ 2024/CVE-2024-47865.md | 17 ++ 2024/CVE-2024-47873.md | 17 ++ 2024/CVE-2024-47874.md | 22 ++ 2024/CVE-2024-47875.md | 18 ++ 2024/CVE-2024-47878.md | 17 ++ 2024/CVE-2024-47879.md | 18 ++ 2024/CVE-2024-47880.md | 18 ++ 2024/CVE-2024-47881.md | 17 ++ 2024/CVE-2024-47882.md | 19 ++ 2024/CVE-2024-47883.md | 18 ++ 2024/CVE-2024-47885.md | 17 ++ 2024/CVE-2024-47887.md | 17 ++ 2024/CVE-2024-47935.md | 20 ++ 2024/CVE-2024-47943.md | 17 ++ 2024/CVE-2024-47944.md | 17 ++ 2024/CVE-2024-47945.md | 17 ++ 2024/CVE-2024-47946.md | 17 ++ 2024/CVE-2024-47947.md | 17 ++ 2024/CVE-2024-47948.md | 17 ++ 2024/CVE-2024-47949.md | 17 ++ 2024/CVE-2024-47950.md | 17 ++ 2024/CVE-2024-48007.md | 17 ++ 2024/CVE-2024-48008.md | 17 ++ 2024/CVE-2024-48010.md | 17 ++ 2024/CVE-2024-48011.md | 17 ++ 2024/CVE-2024-48016.md | 17 ++ 2024/CVE-2024-48061.md | 19 ++ 2024/CVE-2024-48063.md | 17 ++ 2024/CVE-2024-48119.md | 17 ++ 2024/CVE-2024-48120.md | 17 ++ 2024/CVE-2024-4813.md | 1 + 2024/CVE-2024-48139.md | 18 ++ 2024/CVE-2024-4814.md | 1 + 2024/CVE-2024-4815.md | 1 + 2024/CVE-2024-48170.md | 17 ++ 2024/CVE-2024-48197.md | 18 ++ 2024/CVE-2024-48202.md | 17 ++ 2024/CVE-2024-48208.md | 17 ++ 2024/CVE-2024-48214.md | 17 ++ 2024/CVE-2024-48217.md | 18 ++ 2024/CVE-2024-48245.md | 17 ++ 2024/CVE-2024-48246.md | 17 ++ 2024/CVE-2024-48248.md | 20 ++ 2024/CVE-2024-48307.md | 31 +++ 2024/CVE-2024-48312.md | 18 ++ 2024/CVE-2024-48322.md | 17 ++ 2024/CVE-2024-48325.md | 17 ++ 2024/CVE-2024-48336.md | 17 ++ 2024/CVE-2024-48359.md | 17 ++ 2024/CVE-2024-48360.md | 17 ++ 2024/CVE-2024-48392.md | 17 ++ 2024/CVE-2024-48396.md | 17 ++ 2024/CVE-2024-4840.md | 2 +- 2024/CVE-2024-48410.md | 17 ++ 2024/CVE-2024-48415.md | 17 ++ 2024/CVE-2024-48427.md | 17 ++ 2024/CVE-2024-48440.md | 18 ++ 2024/CVE-2024-48441.md | 18 ++ 2024/CVE-2024-48442.md | 18 ++ 2024/CVE-2024-4846.md | 17 ++ 2024/CVE-2024-48510.md | 17 ++ 2024/CVE-2024-48514.md | 17 ++ 2024/CVE-2024-4853.md | 2 + 2024/CVE-2024-48530.md | 17 ++ 2024/CVE-2024-48531.md | 17 ++ 2024/CVE-2024-48533.md | 17 ++ 2024/CVE-2024-48534.md | 17 ++ 2024/CVE-2024-48535.md | 17 ++ 2024/CVE-2024-48536.md | 17 ++ 2024/CVE-2024-4855.md | 2 + 2024/CVE-2024-48569.md | 17 ++ 2024/CVE-2024-48579.md | 17 ++ 2024/CVE-2024-48580.md | 17 ++ 2024/CVE-2024-48581.md | 17 ++ 2024/CVE-2024-48589.md | 17 ++ 2024/CVE-2024-48590.md | 18 ++ 2024/CVE-2024-48591.md | 18 ++ 2024/CVE-2024-48594.md | 18 ++ 2024/CVE-2024-48605.md | 17 ++ 2024/CVE-2024-48615.md | 17 ++ 2024/CVE-2024-48644.md | 18 ++ 2024/CVE-2024-48646.md | 17 ++ 2024/CVE-2024-48647.md | 17 ++ 2024/CVE-2024-48648.md | 17 ++ 2024/CVE-2024-48651.md | 18 ++ 2024/CVE-2024-48652.md | 17 ++ 2024/CVE-2024-48655.md | 18 ++ 2024/CVE-2024-4872.md | 8 +- 2024/CVE-2024-48766.md | 17 ++ 2024/CVE-2024-48788.md | 17 ++ 2024/CVE-2024-4879.md | 29 +++ 2024/CVE-2024-4881.md | 17 ++ 2024/CVE-2024-48813.md | 17 ++ 2024/CVE-2024-4883.md | 1 + 2024/CVE-2024-48841.md | 17 ++ 2024/CVE-2024-4885.md | 4 + 2024/CVE-2024-48877.md | 17 ++ 2024/CVE-2024-48887.md | 19 ++ 2024/CVE-2024-48895.md | 17 ++ 2024/CVE-2024-48905.md | 17 ++ 2024/CVE-2024-48906.md | 17 ++ 2024/CVE-2024-48907.md | 17 ++ 2024/CVE-2024-48914.md | 18 ++ 2024/CVE-2024-48950.md | 18 ++ 2024/CVE-2024-48951.md | 18 ++ 2024/CVE-2024-48952.md | 18 ++ 2024/CVE-2024-48953.md | 18 ++ 2024/CVE-2024-48954.md | 18 ++ 2024/CVE-2024-48955.md | 17 ++ 2024/CVE-2024-48956.md | 17 ++ 2024/CVE-2024-4898.md | 2 + 2024/CVE-2024-48987.md | 17 ++ 2024/CVE-2024-48990.md | 29 +++ 2024/CVE-2024-48991.md | 17 ++ 2024/CVE-2024-48992.md | 18 ++ 2024/CVE-2024-49019.md | 47 ++++ 2024/CVE-2024-49035.md | 18 ++ 2024/CVE-2024-49039.md | 44 ++++ 2024/CVE-2024-49040.md | 21 ++ 2024/CVE-2024-49049.md | 17 ++ 2024/CVE-2024-49051.md | 17 ++ 2024/CVE-2024-49057.md | 17 ++ 2024/CVE-2024-49107.md | 43 ++++ 2024/CVE-2024-49112.md | 62 +++++ 2024/CVE-2024-49113.md | 70 ++++++ 2024/CVE-2024-49117.md | 29 +++ 2024/CVE-2024-49118.md | 56 +++++ 2024/CVE-2024-49122.md | 56 +++++ 2024/CVE-2024-49124.md | 56 +++++ 2024/CVE-2024-49138.md | 80 ++++++ 2024/CVE-2024-49193.md | 17 ++ 2024/CVE-2024-49203.md | 17 ++ 2024/CVE-2024-49214.md | 17 ++ 2024/CVE-2024-49328.md | 18 ++ 2024/CVE-2024-49368.md | 17 ++ 2024/CVE-2024-49369.md | 18 ++ 2024/CVE-2024-49379.md | 17 ++ 2024/CVE-2024-4947.md | 4 + 2024/CVE-2024-49504.md | 17 ++ 2024/CVE-2024-4956.md | 32 ++- 2024/CVE-2024-49568.md | 17 ++ 2024/CVE-2024-49569.md | 17 ++ 2024/CVE-2024-49576.md | 17 ++ 2024/CVE-2024-49581.md | 17 ++ 2024/CVE-2024-49588.md | 17 ++ 2024/CVE-2024-49589.md | 17 ++ 2024/CVE-2024-49592.md | 17 ++ 2024/CVE-2024-4960.md | 1 + 2024/CVE-2024-49606.md | 17 ++ 2024/CVE-2024-49607.md | 17 ++ 2024/CVE-2024-4961.md | 17 ++ 2024/CVE-2024-4962.md | 17 ++ 2024/CVE-2024-4964.md | 17 ++ 2024/CVE-2024-4965.md | 1 + 2024/CVE-2024-49653.md | 18 ++ 2024/CVE-2024-49666.md | 17 ++ 2024/CVE-2024-49668.md | 18 ++ 2024/CVE-2024-49681.md | 17 ++ 2024/CVE-2024-49699.md | 17 ++ 2024/CVE-2024-49705.md | 17 ++ 2024/CVE-2024-49706.md | 17 ++ 2024/CVE-2024-49707.md | 17 ++ 2024/CVE-2024-49708.md | 17 ++ 2024/CVE-2024-49709.md | 17 ++ 2024/CVE-2024-49733.md | 17 ++ 2024/CVE-2024-49744.md | 18 ++ 2024/CVE-2024-49761.md | 17 ++ 2024/CVE-2024-49763.md | 17 ++ 2024/CVE-2024-49766.md | 17 ++ 2024/CVE-2024-49767.md | 19 ++ 2024/CVE-2024-49768.md | 22 ++ 2024/CVE-2024-49769.md | 19 ++ 2024/CVE-2024-49807.md | 17 ++ 2024/CVE-2024-49848.md | 17 ++ 2024/CVE-2024-49861.md | 17 ++ 2024/CVE-2024-49928.md | 17 ++ 2024/CVE-2024-4995.md | 17 ++ 2024/CVE-2024-4996.md | 17 ++ 2024/CVE-2024-49960.md | 18 ++ 2024/CVE-2024-49989.md | 17 ++ 2024/CVE-2024-50029.md | 17 ++ 2024/CVE-2024-50047.md | 17 ++ 2024/CVE-2024-50061.md | 17 ++ 2024/CVE-2024-50063.md | 17 ++ 2024/CVE-2024-50066.md | 17 ++ 2024/CVE-2024-50073.md | 17 ++ 2024/CVE-2024-5008.md | 17 ++ 2024/CVE-2024-5009.md | 2 + 2024/CVE-2024-50112.md | 17 ++ 2024/CVE-2024-50164.md | 17 ++ 2024/CVE-2024-50172.md | 17 ++ 2024/CVE-2024-50196.md | 17 ++ 2024/CVE-2024-50217.md | 17 ++ 2024/CVE-2024-50226.md | 17 ++ 2024/CVE-2024-50246.md | 17 ++ 2024/CVE-2024-50248.md | 17 ++ 2024/CVE-2024-50251.md | 17 ++ 2024/CVE-2024-5026.md | 17 ++ 2024/CVE-2024-50264.md | 17 ++ 2024/CVE-2024-5029.md | 18 ++ 2024/CVE-2024-5030.md | 17 ++ 2024/CVE-2024-50302.md | 22 ++ 2024/CVE-2024-50310.md | 17 ++ 2024/CVE-2024-50311.md | 19 ++ 2024/CVE-2024-50312.md | 20 ++ 2024/CVE-2024-50334.md | 17 ++ 2024/CVE-2024-50335.md | 17 ++ 2024/CVE-2024-50338.md | 21 ++ 2024/CVE-2024-50339.md | 18 ++ 2024/CVE-2024-50340.md | 20 ++ 2024/CVE-2024-50344.md | 18 ++ 2024/CVE-2024-50345.md | 17 ++ 2024/CVE-2024-50349.md | 23 ++ 2024/CVE-2024-50379.md | 58 +++++ 2024/CVE-2024-50382.md | 17 ++ 2024/CVE-2024-50383.md | 17 ++ 2024/CVE-2024-50395.md | 18 ++ 2024/CVE-2024-50404.md | 17 ++ 2024/CVE-2024-50405.md | 20 ++ 2024/CVE-2024-50427.md | 17 ++ 2024/CVE-2024-50450.md | 18 ++ 2024/CVE-2024-50473.md | 17 ++ 2024/CVE-2024-50475.md | 17 ++ 2024/CVE-2024-50476.md | 17 ++ 2024/CVE-2024-50477.md | 17 ++ 2024/CVE-2024-50478.md | 17 ++ 2024/CVE-2024-50482.md | 17 ++ 2024/CVE-2024-50483.md | 28 +++ 2024/CVE-2024-50485.md | 17 ++ 2024/CVE-2024-50488.md | 17 ++ 2024/CVE-2024-50490.md | 17 ++ 2024/CVE-2024-50491.md | 17 ++ 2024/CVE-2024-50492.md | 18 ++ 2024/CVE-2024-50493.md | 17 ++ 2024/CVE-2024-50498.md | 20 ++ 2024/CVE-2024-5050.md | 1 + 2024/CVE-2024-50507.md | 17 ++ 2024/CVE-2024-50508.md | 17 ++ 2024/CVE-2024-50509.md | 17 ++ 2024/CVE-2024-50510.md | 17 ++ 2024/CVE-2024-50550.md | 18 ++ 2024/CVE-2024-5057.md | 1 + 2024/CVE-2024-50584.md | 17 ++ 2024/CVE-2024-50585.md | 17 ++ 2024/CVE-2024-50588.md | 18 ++ 2024/CVE-2024-50589.md | 17 ++ 2024/CVE-2024-50590.md | 19 ++ 2024/CVE-2024-50591.md | 17 ++ 2024/CVE-2024-50592.md | 17 ++ 2024/CVE-2024-50593.md | 17 ++ 2024/CVE-2024-50602.md | 18 ++ 2024/CVE-2024-50603.md | 31 +++ 2024/CVE-2024-50608.md | 17 ++ 2024/CVE-2024-50609.md | 17 ++ 2024/CVE-2024-50623.md | 26 ++ 2024/CVE-2024-50625.md | 17 ++ 2024/CVE-2024-50626.md | 17 ++ 2024/CVE-2024-50627.md | 17 ++ 2024/CVE-2024-50628.md | 17 ++ 2024/CVE-2024-50633.md | 17 ++ 2024/CVE-2024-50657.md | 17 ++ 2024/CVE-2024-50677.md | 17 ++ 2024/CVE-2024-50704.md | 17 ++ 2024/CVE-2024-50705.md | 17 ++ 2024/CVE-2024-50706.md | 17 ++ 2024/CVE-2024-50707.md | 17 ++ 2024/CVE-2024-5072.md | 2 +- 2024/CVE-2024-50724.md | 17 ++ 2024/CVE-2024-50803.md | 17 ++ 2024/CVE-2024-50804.md | 17 ++ 2024/CVE-2024-50807.md | 18 ++ 2024/CVE-2024-5082.md | 17 ++ 2024/CVE-2024-5083.md | 18 ++ 2024/CVE-2024-5084.md | 7 + 2024/CVE-2024-50848.md | 17 ++ 2024/CVE-2024-50849.md | 17 ++ 2024/CVE-2024-50920.md | 18 ++ 2024/CVE-2024-50921.md | 18 ++ 2024/CVE-2024-50924.md | 18 ++ 2024/CVE-2024-50928.md | 18 ++ 2024/CVE-2024-50929.md | 18 ++ 2024/CVE-2024-50930.md | 18 ++ 2024/CVE-2024-50931.md | 18 ++ 2024/CVE-2024-50944.md | 17 ++ 2024/CVE-2024-50945.md | 17 ++ 2024/CVE-2024-50960.md | 17 ++ 2024/CVE-2024-50967.md | 17 ++ 2024/CVE-2024-50968.md | 17 ++ 2024/CVE-2024-50969.md | 17 ++ 2024/CVE-2024-50970.md | 17 ++ 2024/CVE-2024-50971.md | 17 ++ 2024/CVE-2024-50972.md | 17 ++ 2024/CVE-2024-50986.md | 17 ++ 2024/CVE-2024-51026.md | 17 ++ 2024/CVE-2024-51027.md | 17 ++ 2024/CVE-2024-51030.md | 17 ++ 2024/CVE-2024-51031.md | 17 ++ 2024/CVE-2024-51032.md | 17 ++ 2024/CVE-2024-51037.md | 17 ++ 2024/CVE-2024-51051.md | 17 ++ 2024/CVE-2024-51053.md | 17 ++ 2024/CVE-2024-51060.md | 17 ++ 2024/CVE-2024-51063.md | 17 ++ 2024/CVE-2024-51064.md | 17 ++ 2024/CVE-2024-51065.md | 17 ++ 2024/CVE-2024-51066.md | 17 ++ 2024/CVE-2024-51072.md | 17 ++ 2024/CVE-2024-51073.md | 18 ++ 2024/CVE-2024-51074.md | 17 ++ 2024/CVE-2024-51091.md | 17 ++ 2024/CVE-2024-51111.md | 17 ++ 2024/CVE-2024-51112.md | 17 ++ 2024/CVE-2024-51114.md | 17 ++ 2024/CVE-2024-51115.md | 17 ++ 2024/CVE-2024-51116.md | 17 ++ 2024/CVE-2024-51127.md | 17 ++ 2024/CVE-2024-51132.md | 17 ++ 2024/CVE-2024-51135.md | 17 ++ 2024/CVE-2024-51136.md | 17 ++ 2024/CVE-2024-51141.md | 17 ++ 2024/CVE-2024-51142.md | 17 ++ 2024/CVE-2024-51144.md | 17 ++ 2024/CVE-2024-51156.md | 17 ++ 2024/CVE-2024-51162.md | 18 ++ 2024/CVE-2024-51163.md | 17 ++ 2024/CVE-2024-51179.md | 18 ++ 2024/CVE-2024-51186.md | 17 ++ 2024/CVE-2024-51187.md | 17 ++ 2024/CVE-2024-51188.md | 17 ++ 2024/CVE-2024-51189.md | 17 ++ 2024/CVE-2024-51190.md | 17 ++ 2024/CVE-2024-51208.md | 17 ++ 2024/CVE-2024-51209.md | 17 ++ 2024/CVE-2024-51210.md | 17 ++ 2024/CVE-2024-51211.md | 17 ++ 2024/CVE-2024-51228.md | 27 +++ 2024/CVE-2024-5124.md | 19 ++ 2024/CVE-2024-51240.md | 17 ++ 2024/CVE-2024-51324.md | 17 ++ 2024/CVE-2024-51326.md | 17 ++ 2024/CVE-2024-51327.md | 17 ++ 2024/CVE-2024-51328.md | 17 ++ 2024/CVE-2024-51329.md | 17 ++ 2024/CVE-2024-51330.md | 17 ++ 2024/CVE-2024-51337.md | 17 ++ 2024/CVE-2024-51358.md | 17 ++ 2024/CVE-2024-51363.md | 17 ++ 2024/CVE-2024-51364.md | 17 ++ 2024/CVE-2024-51376.md | 18 ++ 2024/CVE-2024-51378.md | 21 ++ 2024/CVE-2024-51379.md | 17 ++ 2024/CVE-2024-51380.md | 18 ++ 2024/CVE-2024-51381.md | 18 ++ 2024/CVE-2024-51382.md | 17 ++ 2024/CVE-2024-51406.md | 17 ++ 2024/CVE-2024-51407.md | 17 ++ 2024/CVE-2024-51408.md | 17 ++ 2024/CVE-2024-51409.md | 17 ++ 2024/CVE-2024-51417.md | 17 ++ 2024/CVE-2024-51430.md | 17 ++ 2024/CVE-2024-51431.md | 17 ++ 2024/CVE-2024-51432.md | 17 ++ 2024/CVE-2024-51434.md | 17 ++ 2024/CVE-2024-51442.md | 17 ++ 2024/CVE-2024-51466.md | 17 ++ 2024/CVE-2024-51478.md | 17 ++ 2024/CVE-2024-51479.md | 26 ++ 2024/CVE-2024-51480.md | 19 ++ 2024/CVE-2024-51482.md | 21 ++ 2024/CVE-2024-51483.md | 17 ++ 2024/CVE-2024-51484.md | 17 ++ 2024/CVE-2024-51485.md | 17 ++ 2024/CVE-2024-51486.md | 18 ++ 2024/CVE-2024-51487.md | 17 ++ 2024/CVE-2024-51488.md | 17 ++ 2024/CVE-2024-51489.md | 18 ++ 2024/CVE-2024-51490.md | 18 ++ 2024/CVE-2024-51491.md | 17 ++ 2024/CVE-2024-51492.md | 17 ++ 2024/CVE-2024-51494.md | 17 ++ 2024/CVE-2024-51495.md | 17 ++ 2024/CVE-2024-51496.md | 17 ++ 2024/CVE-2024-51497.md | 17 ++ 2024/CVE-2024-51498.md | 17 ++ 2024/CVE-2024-51500.md | 18 ++ 2024/CVE-2024-51501.md | 17 ++ 2024/CVE-2024-51502.md | 17 ++ 2024/CVE-2024-51504.md | 17 ++ 2024/CVE-2024-51567.md | 22 ++ 2024/CVE-2024-51568.md | 17 ++ 2024/CVE-2024-5158.md | 3 +- 2024/CVE-2024-51665.md | 17 ++ 2024/CVE-2024-5170.md | 17 ++ 2024/CVE-2024-51735.md | 18 ++ 2024/CVE-2024-51736.md | 17 ++ 2024/CVE-2024-51737.md | 19 ++ 2024/CVE-2024-5174.md | 17 ++ 2024/CVE-2024-51741.md | 17 ++ 2024/CVE-2024-51746.md | 17 ++ 2024/CVE-2024-51747.md | 18 ++ 2024/CVE-2024-51748.md | 17 ++ 2024/CVE-2024-51751.md | 17 ++ 2024/CVE-2024-51774.md | 17 ++ 2024/CVE-2024-5178.md | 18 ++ 2024/CVE-2024-51788.md | 19 ++ 2024/CVE-2024-51793.md | 19 ++ 2024/CVE-2024-51818.md | 17 ++ 2024/CVE-2024-5194.md | 17 ++ 2024/CVE-2024-5195.md | 17 ++ 2024/CVE-2024-5196.md | 17 ++ 2024/CVE-2024-51996.md | 21 ++ 2024/CVE-2024-51997.md | 17 ++ 2024/CVE-2024-51998.md | 17 ++ 2024/CVE-2024-52000.md | 17 ++ 2024/CVE-2024-52002.md | 17 ++ 2024/CVE-2024-52005.md | 22 ++ 2024/CVE-2024-52006.md | 23 ++ 2024/CVE-2024-52033.md | 17 ++ 2024/CVE-2024-52035.md | 17 ++ 2024/CVE-2024-52046.md | 17 ++ 2024/CVE-2024-5206.md | 18 ++ 2024/CVE-2024-5209.md | 1 + 2024/CVE-2024-5210.md | 1 + 2024/CVE-2024-5217.md | 5 + 2024/CVE-2024-52286.md | 18 ++ 2024/CVE-2024-52293.md | 17 ++ 2024/CVE-2024-52301.md | 22 ++ 2024/CVE-2024-52302.md | 18 ++ 2024/CVE-2024-52303.md | 17 ++ 2024/CVE-2024-52305.md | 18 ++ 2024/CVE-2024-52316.md | 18 ++ 2024/CVE-2024-52317.md | 18 ++ 2024/CVE-2024-52318.md | 17 ++ 2024/CVE-2024-52320.md | 17 ++ 2024/CVE-2024-52333.md | 17 ++ 2024/CVE-2024-52336.md | 24 ++ 2024/CVE-2024-52337.md | 33 +++ 2024/CVE-2024-52338.md | 17 ++ 2024/CVE-2024-52375.md | 18 ++ 2024/CVE-2024-52380.md | 19 ++ 2024/CVE-2024-52382.md | 17 ++ 2024/CVE-2024-52402.md | 18 ++ 2024/CVE-2024-5241.md | 17 ++ 2024/CVE-2024-52427.md | 17 ++ 2024/CVE-2024-52429.md | 18 ++ 2024/CVE-2024-5243.md | 17 ++ 2024/CVE-2024-52430.md | 17 ++ 2024/CVE-2024-52433.md | 18 ++ 2024/CVE-2024-5246.md | 1 + 2024/CVE-2024-52475.md | 17 ++ 2024/CVE-2024-5249.md | 17 ++ 2024/CVE-2024-5250.md | 17 ++ 2024/CVE-2024-52510.md | 17 ++ 2024/CVE-2024-52531.md | 17 ++ 2024/CVE-2024-52533.md | 17 ++ 2024/CVE-2024-52544.md | 17 ++ 2024/CVE-2024-52545.md | 17 ++ 2024/CVE-2024-52546.md | 17 ++ 2024/CVE-2024-52547.md | 17 ++ 2024/CVE-2024-52548.md | 17 ++ 2024/CVE-2024-52550.md | 18 ++ 2024/CVE-2024-52602.md | 17 ++ 2024/CVE-2024-52615.md | 20 ++ 2024/CVE-2024-52616.md | 20 ++ 2024/CVE-2024-52711.md | 17 ++ 2024/CVE-2024-52726.md | 25 ++ 2024/CVE-2024-5274.md | 10 + 2024/CVE-2024-52765.md | 17 ++ 2024/CVE-2024-52794.md | 17 ++ 2024/CVE-2024-52798.md | 19 ++ 2024/CVE-2024-52800.md | 17 ++ 2024/CVE-2024-52804.md | 19 ++ 2024/CVE-2024-52867.md | 17 ++ 2024/CVE-2024-52869.md | 17 ++ 2024/CVE-2024-52870.md | 17 ++ 2024/CVE-2024-52874.md | 17 ++ 2024/CVE-2024-52875.md | 19 ++ 2024/CVE-2024-5288.md | 1 + 2024/CVE-2024-52881.md | 17 ++ 2024/CVE-2024-52882.md | 17 ++ 2024/CVE-2024-52883.md | 17 ++ 2024/CVE-2024-52884.md | 17 ++ 2024/CVE-2024-52887.md | 17 ++ 2024/CVE-2024-52888.md | 17 ++ 2024/CVE-2024-5290.md | 1 + 2024/CVE-2024-52917.md | 17 ++ 2024/CVE-2024-52918.md | 17 ++ 2024/CVE-2024-52940.md | 18 ++ 2024/CVE-2024-52951.md | 18 ++ 2024/CVE-2024-52980.md | 17 ++ 2024/CVE-2024-52981.md | 17 ++ 2024/CVE-2024-53027.md | 18 ++ 2024/CVE-2024-53095.md | 17 ++ 2024/CVE-2024-53103.md | 17 ++ 2024/CVE-2024-53104.md | 20 ++ 2024/CVE-2024-53108.md | 17 ++ 2024/CVE-2024-53125.md | 17 ++ 2024/CVE-2024-53133.md | 17 ++ 2024/CVE-2024-53141.md | 19 ++ 2024/CVE-2024-53150.md | 17 ++ 2024/CVE-2024-53166.md | 17 ++ 2024/CVE-2024-53170.md | 17 ++ 2024/CVE-2024-53172.md | 17 ++ 2024/CVE-2024-53176.md | 17 ++ 2024/CVE-2024-53178.md | 17 ++ 2024/CVE-2024-53179.md | 19 ++ 2024/CVE-2024-5318.md | 2 +- 2024/CVE-2024-53180.md | 17 ++ 2024/CVE-2024-53181.md | 17 ++ 2024/CVE-2024-53182.md | 17 ++ 2024/CVE-2024-53183.md | 17 ++ 2024/CVE-2024-53184.md | 17 ++ 2024/CVE-2024-53185.md | 17 ++ 2024/CVE-2024-53186.md | 17 ++ 2024/CVE-2024-53187.md | 17 ++ 2024/CVE-2024-53188.md | 17 ++ 2024/CVE-2024-53189.md | 17 ++ 2024/CVE-2024-53191.md | 17 ++ 2024/CVE-2024-53194.md | 17 ++ 2024/CVE-2024-53195.md | 17 ++ 2024/CVE-2024-53196.md | 17 ++ 2024/CVE-2024-53197.md | 21 ++ 2024/CVE-2024-53198.md | 17 ++ 2024/CVE-2024-53199.md | 17 ++ 2024/CVE-2024-53200.md | 17 ++ 2024/CVE-2024-53201.md | 17 ++ 2024/CVE-2024-53202.md | 17 ++ 2024/CVE-2024-53203.md | 18 ++ 2024/CVE-2024-53204.md | 17 ++ 2024/CVE-2024-53205.md | 17 ++ 2024/CVE-2024-53206.md | 17 ++ 2024/CVE-2024-53207.md | 17 ++ 2024/CVE-2024-53208.md | 17 ++ 2024/CVE-2024-53209.md | 17 ++ 2024/CVE-2024-53210.md | 17 ++ 2024/CVE-2024-53211.md | 17 ++ 2024/CVE-2024-53212.md | 17 ++ 2024/CVE-2024-53213.md | 17 ++ 2024/CVE-2024-53214.md | 17 ++ 2024/CVE-2024-53215.md | 17 ++ 2024/CVE-2024-53216.md | 17 ++ 2024/CVE-2024-53217.md | 17 ++ 2024/CVE-2024-53218.md | 17 ++ 2024/CVE-2024-53219.md | 17 ++ 2024/CVE-2024-53220.md | 17 ++ 2024/CVE-2024-53221.md | 17 ++ 2024/CVE-2024-53222.md | 17 ++ 2024/CVE-2024-53223.md | 17 ++ 2024/CVE-2024-53224.md | 17 ++ 2024/CVE-2024-53225.md | 17 ++ 2024/CVE-2024-53226.md | 17 ++ 2024/CVE-2024-53227.md | 17 ++ 2024/CVE-2024-53228.md | 17 ++ 2024/CVE-2024-53229.md | 18 ++ 2024/CVE-2024-53230.md | 17 ++ 2024/CVE-2024-53231.md | 17 ++ 2024/CVE-2024-53232.md | 17 ++ 2024/CVE-2024-53233.md | 17 ++ 2024/CVE-2024-53234.md | 17 ++ 2024/CVE-2024-53235.md | 17 ++ 2024/CVE-2024-53236.md | 17 ++ 2024/CVE-2024-53237.md | 17 ++ 2024/CVE-2024-53238.md | 17 ++ 2024/CVE-2024-53239.md | 17 ++ 2024/CVE-2024-5324.md | 17 ++ 2024/CVE-2024-53255.md | 17 ++ 2024/CVE-2024-53259.md | 17 ++ 2024/CVE-2024-5326.md | 3 + 2024/CVE-2024-53263.md | 22 ++ 2024/CVE-2024-53272.md | 17 ++ 2024/CVE-2024-53273.md | 17 ++ 2024/CVE-2024-53274.md | 17 ++ 2024/CVE-2024-53275.md | 17 ++ 2024/CVE-2024-53276.md | 17 ++ 2024/CVE-2024-53279.md | 18 ++ 2024/CVE-2024-53280.md | 17 ++ 2024/CVE-2024-53281.md | 17 ++ 2024/CVE-2024-53282.md | 17 ++ 2024/CVE-2024-53283.md | 17 ++ 2024/CVE-2024-53284.md | 17 ++ 2024/CVE-2024-53285.md | 17 ++ 2024/CVE-2024-5333.md | 17 ++ 2024/CVE-2024-53345.md | 17 ++ 2024/CVE-2024-53354.md | 17 ++ 2024/CVE-2024-53355.md | 17 ++ 2024/CVE-2024-53356.md | 17 ++ 2024/CVE-2024-53357.md | 17 ++ 2024/CVE-2024-53359.md | 17 ++ 2024/CVE-2024-5336.md | 17 ++ 2024/CVE-2024-5337.md | 17 ++ 2024/CVE-2024-53375.md | 17 ++ 2024/CVE-2024-53376.md | 27 +++ 2024/CVE-2024-5338.md | 17 ++ 2024/CVE-2024-53382.md | 18 ++ 2024/CVE-2024-53384.md | 17 ++ 2024/CVE-2024-53386.md | 17 ++ 2024/CVE-2024-53387.md | 17 ++ 2024/CVE-2024-53388.md | 17 ++ 2024/CVE-2024-5339.md | 17 ++ 2024/CVE-2024-5340.md | 17 ++ 2024/CVE-2024-53407.md | 17 ++ 2024/CVE-2024-53408.md | 17 ++ 2024/CVE-2024-53427.md | 18 ++ 2024/CVE-2024-53438.md | 17 ++ 2024/CVE-2024-53442.md | 17 ++ 2024/CVE-2024-53450.md | 17 ++ 2024/CVE-2024-53470.md | 18 ++ 2024/CVE-2024-53471.md | 18 ++ 2024/CVE-2024-53472.md | 18 ++ 2024/CVE-2024-53473.md | 18 ++ 2024/CVE-2024-53476.md | 17 ++ 2024/CVE-2024-53522.md | 17 ++ 2024/CVE-2024-53542.md | 17 ++ 2024/CVE-2024-53543.md | 17 ++ 2024/CVE-2024-53544.md | 17 ++ 2024/CVE-2024-53552.md | 17 ++ 2024/CVE-2024-5356.md | 2 +- 2024/CVE-2024-53569.md | 17 ++ 2024/CVE-2024-53588.md | 17 ++ 2024/CVE-2024-53589.md | 17 ++ 2024/CVE-2024-53591.md | 18 ++ 2024/CVE-2024-53614.md | 17 ++ 2024/CVE-2024-53615.md | 17 ++ 2024/CVE-2024-53617.md | 17 ++ 2024/CVE-2024-53619.md | 17 ++ 2024/CVE-2024-53620.md | 17 ++ 2024/CVE-2024-53675.md | 17 ++ 2024/CVE-2024-53676.md | 17 ++ 2024/CVE-2024-53677.md | 45 ++++ 2024/CVE-2024-53685.md | 17 ++ 2024/CVE-2024-53687.md | 17 ++ 2024/CVE-2024-53691.md | 19 ++ 2024/CVE-2024-53693.md | 21 ++ 2024/CVE-2024-53703.md | 18 ++ 2024/CVE-2024-53704.md | 30 +++ 2024/CVE-2024-53737.md | 17 ++ 2024/CVE-2024-53807.md | 17 ++ 2024/CVE-2024-53861.md | 17 ++ 2024/CVE-2024-53899.md | 17 ++ 2024/CVE-2024-53900.md | 20 ++ 2024/CVE-2024-53908.md | 17 ++ 2024/CVE-2024-53920.md | 17 ++ 2024/CVE-2024-53924.md | 18 ++ 2024/CVE-2024-53930.md | 17 ++ 2024/CVE-2024-53931.md | 17 ++ 2024/CVE-2024-53932.md | 17 ++ 2024/CVE-2024-53933.md | 17 ++ 2024/CVE-2024-53934.md | 17 ++ 2024/CVE-2024-53935.md | 17 ++ 2024/CVE-2024-53936.md | 17 ++ 2024/CVE-2024-53937.md | 17 ++ 2024/CVE-2024-53938.md | 17 ++ 2024/CVE-2024-53939.md | 17 ++ 2024/CVE-2024-53940.md | 17 ++ 2024/CVE-2024-53941.md | 17 ++ 2024/CVE-2024-53942.md | 17 ++ 2024/CVE-2024-53943.md | 17 ++ 2024/CVE-2024-53944.md | 17 ++ 2024/CVE-2024-53975.md | 17 ++ 2024/CVE-2024-53976.md | 17 ++ 2024/CVE-2024-53981.md | 18 ++ 2024/CVE-2024-53995.md | 17 ++ 2024/CVE-2024-54028.md | 17 ++ 2024/CVE-2024-54083.md | 17 ++ 2024/CVE-2024-54085.md | 21 ++ 2024/CVE-2024-54089.md | 19 ++ 2024/CVE-2024-54090.md | 19 ++ 2024/CVE-2024-54129.md | 18 ++ 2024/CVE-2024-54130.md | 18 ++ 2024/CVE-2024-54131.md | 18 ++ 2024/CVE-2024-54134.md | 17 ++ 2024/CVE-2024-54141.md | 18 ++ 2024/CVE-2024-54143.md | 17 ++ 2024/CVE-2024-54147.md | 17 ++ 2024/CVE-2024-54150.md | 18 ++ 2024/CVE-2024-54152.md | 17 ++ 2024/CVE-2024-5416.md | 17 ++ 2024/CVE-2024-54160.md | 17 ++ 2024/CVE-2024-54188.md | 17 ++ 2024/CVE-2024-5420.md | 2 + 2024/CVE-2024-54221.md | 17 ++ 2024/CVE-2024-54239.md | 17 ++ 2024/CVE-2024-54253.md | 17 ++ 2024/CVE-2024-54262.md | 18 ++ 2024/CVE-2024-54273.md | 17 ++ 2024/CVE-2024-5429.md | 17 ++ 2024/CVE-2024-54292.md | 17 ++ 2024/CVE-2024-54321.md | 18 ++ 2024/CVE-2024-54330.md | 17 ++ 2024/CVE-2024-54363.md | 18 ++ 2024/CVE-2024-54369.md | 18 ++ 2024/CVE-2024-54374.md | 17 ++ 2024/CVE-2024-54378.md | 17 ++ 2024/CVE-2024-54379.md | 17 ++ 2024/CVE-2024-54383.md | 18 ++ 2024/CVE-2024-54385.md | 26 ++ 2024/CVE-2024-5440.md | 17 ++ 2024/CVE-2024-5443.md | 17 ++ 2024/CVE-2024-54445.md | 18 ++ 2024/CVE-2024-54446.md | 18 ++ 2024/CVE-2024-54447.md | 18 ++ 2024/CVE-2024-54448.md | 18 ++ 2024/CVE-2024-54449.md | 18 ++ 2024/CVE-2024-54460.md | 17 ++ 2024/CVE-2024-54479.md | 27 +++ 2024/CVE-2024-54488.md | 21 ++ 2024/CVE-2024-54498.md | 20 ++ 2024/CVE-2024-54507.md | 19 ++ 2024/CVE-2024-5452.md | 21 ++ 2024/CVE-2024-54525.md | 24 ++ 2024/CVE-2024-54531.md | 17 ++ 2024/CVE-2024-54538.md | 25 ++ 2024/CVE-2024-54540.md | 17 ++ 2024/CVE-2024-5458.md | 1 + 2024/CVE-2024-5467.md | 2 + 2024/CVE-2024-54676.md | 18 ++ 2024/CVE-2024-54679.md | 17 ++ 2024/CVE-2024-54683.md | 17 ++ 2024/CVE-2024-54687.md | 17 ++ 2024/CVE-2024-54730.md | 17 ++ 2024/CVE-2024-54756.md | 17 ++ 2024/CVE-2024-54761.md | 18 ++ 2024/CVE-2024-54762.md | 17 ++ 2024/CVE-2024-54763.md | 17 ++ 2024/CVE-2024-54764.md | 17 ++ 2024/CVE-2024-54772.md | 21 ++ 2024/CVE-2024-54792.md | 17 ++ 2024/CVE-2024-54794.md | 17 ++ 2024/CVE-2024-54795.md | 17 ++ 2024/CVE-2024-54802.md | 17 ++ 2024/CVE-2024-54803.md | 17 ++ 2024/CVE-2024-54804.md | 17 ++ 2024/CVE-2024-54805.md | 17 ++ 2024/CVE-2024-54806.md | 17 ++ 2024/CVE-2024-54807.md | 17 ++ 2024/CVE-2024-54808.md | 17 ++ 2024/CVE-2024-54809.md | 17 ++ 2024/CVE-2024-54819.md | 18 ++ 2024/CVE-2024-54820.md | 18 ++ 2024/CVE-2024-54846.md | 17 ++ 2024/CVE-2024-54847.md | 17 ++ 2024/CVE-2024-54848.md | 17 ++ 2024/CVE-2024-54849.md | 17 ++ 2024/CVE-2024-54851.md | 17 ++ 2024/CVE-2024-54852.md | 17 ++ 2024/CVE-2024-5487.md | 17 ++ 2024/CVE-2024-54879.md | 17 ++ 2024/CVE-2024-54880.md | 17 ++ 2024/CVE-2024-54887.md | 20 ++ 2024/CVE-2024-5490.md | 1 + 2024/CVE-2024-54910.md | 17 ++ 2024/CVE-2024-54916.md | 17 ++ 2024/CVE-2024-5493.md | 17 ++ 2024/CVE-2024-54951.md | 18 ++ 2024/CVE-2024-54954.md | 17 ++ 2024/CVE-2024-54957.md | 17 ++ 2024/CVE-2024-54958.md | 17 ++ 2024/CVE-2024-54959.md | 17 ++ 2024/CVE-2024-54960.md | 17 ++ 2024/CVE-2024-54961.md | 17 ++ 2024/CVE-2024-54994.md | 17 ++ 2024/CVE-2024-54996.md | 17 ++ 2024/CVE-2024-54997.md | 17 ++ 2024/CVE-2024-54998.md | 17 ++ 2024/CVE-2024-54999.md | 17 ++ 2024/CVE-2024-55009.md | 19 ++ 2024/CVE-2024-55060.md | 18 ++ 2024/CVE-2024-55062.md | 17 ++ 2024/CVE-2024-55063.md | 17 ++ 2024/CVE-2024-55064.md | 17 ++ 2024/CVE-2024-55074.md | 17 ++ 2024/CVE-2024-55075.md | 17 ++ 2024/CVE-2024-55076.md | 17 ++ 2024/CVE-2024-55099.md | 17 ++ 2024/CVE-2024-55186.md | 17 ++ 2024/CVE-2024-55199.md | 17 ++ 2024/CVE-2024-55210.md | 17 ++ 2024/CVE-2024-55211.md | 18 ++ 2024/CVE-2024-55215.md | 19 ++ 2024/CVE-2024-55218.md | 17 ++ 2024/CVE-2024-5522.md | 4 + 2024/CVE-2024-5527.md | 17 ++ 2024/CVE-2024-5535.md | 6 + 2024/CVE-2024-55354.md | 17 ++ 2024/CVE-2024-55415.md | 17 ++ 2024/CVE-2024-55416.md | 18 ++ 2024/CVE-2024-55417.md | 17 ++ 2024/CVE-2024-55451.md | 17 ++ 2024/CVE-2024-55452.md | 17 ++ 2024/CVE-2024-55456.md | 17 ++ 2024/CVE-2024-55457.md | 17 ++ 2024/CVE-2024-55459.md | 18 ++ 2024/CVE-2024-55466.md | 18 ++ 2024/CVE-2024-55488.md | 17 ++ 2024/CVE-2024-55492.md | 17 ++ 2024/CVE-2024-55503.md | 17 ++ 2024/CVE-2024-55504.md | 17 ++ 2024/CVE-2024-55511.md | 18 ++ 2024/CVE-2024-55544.md | 17 ++ 2024/CVE-2024-55545.md | 17 ++ 2024/CVE-2024-55546.md | 17 ++ 2024/CVE-2024-55547.md | 17 ++ 2024/CVE-2024-55548.md | 17 ++ 2024/CVE-2024-55549.md | 18 ++ 2024/CVE-2024-5555.md | 1 + 2024/CVE-2024-55550.md | 18 ++ 2024/CVE-2024-55555.md | 17 ++ 2024/CVE-2024-55556.md | 17 ++ 2024/CVE-2024-55557.md | 18 ++ 2024/CVE-2024-5556.md | 3 + 2024/CVE-2024-55563.md | 17 ++ 2024/CVE-2024-55565.md | 17 ++ 2024/CVE-2024-55569.md | 17 ++ 2024/CVE-2024-5557.md | 18 ++ 2024/CVE-2024-55570.md | 17 ++ 2024/CVE-2024-55587.md | 17 ++ 2024/CVE-2024-55591.md | 36 +++ 2024/CVE-2024-5561.md | 17 ++ 2024/CVE-2024-55628.md | 18 ++ 2024/CVE-2024-55639.md | 17 ++ 2024/CVE-2024-5564.md | 1 + 2024/CVE-2024-55641.md | 17 ++ 2024/CVE-2024-5565.md | 4 +- 2024/CVE-2024-55655.md | 18 ++ 2024/CVE-2024-55656.md | 18 ++ 2024/CVE-2024-55663.md | 17 ++ 2024/CVE-2024-5567.md | 17 ++ 2024/CVE-2024-5569.md | 18 ++ 2024/CVE-2024-5578.md | 17 ++ 2024/CVE-2024-5585.md | 1 + 2024/CVE-2024-5586.md | 1 + 2024/CVE-2024-55875.md | 19 ++ 2024/CVE-2024-55881.md | 17 ++ 2024/CVE-2024-55884.md | 17 ++ 2024/CVE-2024-55889.md | 18 ++ 2024/CVE-2024-55890.md | 18 ++ 2024/CVE-2024-55916.md | 17 ++ 2024/CVE-2024-55925.md | 17 ++ 2024/CVE-2024-55926.md | 18 ++ 2024/CVE-2024-55927.md | 17 ++ 2024/CVE-2024-55928.md | 17 ++ 2024/CVE-2024-55929.md | 17 ++ 2024/CVE-2024-55930.md | 17 ++ 2024/CVE-2024-55931.md | 17 ++ 2024/CVE-2024-55956.md | 19 ++ 2024/CVE-2024-55963.md | 19 ++ 2024/CVE-2024-55965.md | 17 ++ 2024/CVE-2024-55968.md | 18 ++ 2024/CVE-2024-55972.md | 17 ++ 2024/CVE-2024-55976.md | 17 ++ 2024/CVE-2024-55978.md | 17 ++ 2024/CVE-2024-55980.md | 17 ++ 2024/CVE-2024-55981.md | 17 ++ 2024/CVE-2024-55982.md | 17 ++ 2024/CVE-2024-55988.md | 17 ++ 2024/CVE-2024-56058.md | 17 ++ 2024/CVE-2024-56059.md | 17 ++ 2024/CVE-2024-56064.md | 17 ++ 2024/CVE-2024-56067.md | 17 ++ 2024/CVE-2024-56071.md | 18 ++ 2024/CVE-2024-56084.md | 17 ++ 2024/CVE-2024-56085.md | 17 ++ 2024/CVE-2024-56086.md | 17 ++ 2024/CVE-2024-56087.md | 17 ++ 2024/CVE-2024-56113.md | 17 ++ 2024/CVE-2024-56115.md | 17 ++ 2024/CVE-2024-56116.md | 17 ++ 2024/CVE-2024-5612.md | 17 ++ 2024/CVE-2024-56128.md | 17 ++ 2024/CVE-2024-56140.md | 17 ++ 2024/CVE-2024-56145.md | 29 +++ 2024/CVE-2024-56159.md | 17 ++ 2024/CVE-2024-56161.md | 21 ++ 2024/CVE-2024-56171.md | 18 ++ 2024/CVE-2024-56173.md | 17 ++ 2024/CVE-2024-56174.md | 17 ++ 2024/CVE-2024-56175.md | 17 ++ 2024/CVE-2024-56180.md | 19 ++ 2024/CVE-2024-56199.md | 19 ++ 2024/CVE-2024-56201.md | 17 ++ 2024/CVE-2024-56249.md | 18 ++ 2024/CVE-2024-56264.md | 19 ++ 2024/CVE-2024-56278.md | 17 ++ 2024/CVE-2024-56289.md | 17 ++ 2024/CVE-2024-56326.md | 18 ++ 2024/CVE-2024-56327.md | 17 ++ 2024/CVE-2024-5633.md | 1 + 2024/CVE-2024-56331.md | 17 ++ 2024/CVE-2024-56337.md | 21 ++ 2024/CVE-2024-56340.md | 18 ++ 2024/CVE-2024-56341.md | 18 ++ 2024/CVE-2024-56353.md | 17 ++ 2024/CVE-2024-56363.md | 17 ++ 2024/CVE-2024-56374.md | 17 ++ 2024/CVE-2024-56406.md | 20 ++ 2024/CVE-2024-56428.md | 17 ++ 2024/CVE-2024-56429.md | 17 ++ 2024/CVE-2024-56431.md | 17 ++ 2024/CVE-2024-56433.md | 22 ++ 2024/CVE-2024-56477.md | 17 ++ 2024/CVE-2024-56512.md | 17 ++ 2024/CVE-2024-56513.md | 18 ++ 2024/CVE-2024-56528.md | 17 ++ 2024/CVE-2024-56536.md | 17 ++ 2024/CVE-2024-56537.md | 17 ++ 2024/CVE-2024-56538.md | 18 ++ 2024/CVE-2024-56539.md | 17 ++ 2024/CVE-2024-56540.md | 17 ++ 2024/CVE-2024-56541.md | 17 ++ 2024/CVE-2024-56542.md | 17 ++ 2024/CVE-2024-56543.md | 17 ++ 2024/CVE-2024-56544.md | 17 ++ 2024/CVE-2024-56545.md | 17 ++ 2024/CVE-2024-56546.md | 17 ++ 2024/CVE-2024-56547.md | 17 ++ 2024/CVE-2024-56548.md | 17 ++ 2024/CVE-2024-56549.md | 17 ++ 2024/CVE-2024-56550.md | 17 ++ 2024/CVE-2024-56551.md | 18 ++ 2024/CVE-2024-56552.md | 17 ++ 2024/CVE-2024-56553.md | 17 ++ 2024/CVE-2024-56554.md | 17 ++ 2024/CVE-2024-56555.md | 17 ++ 2024/CVE-2024-56556.md | 17 ++ 2024/CVE-2024-56557.md | 17 ++ 2024/CVE-2024-56558.md | 17 ++ 2024/CVE-2024-56559.md | 17 ++ 2024/CVE-2024-56560.md | 17 ++ 2024/CVE-2024-56561.md | 17 ++ 2024/CVE-2024-56562.md | 17 ++ 2024/CVE-2024-56563.md | 17 ++ 2024/CVE-2024-56564.md | 17 ++ 2024/CVE-2024-56565.md | 17 ++ 2024/CVE-2024-56566.md | 17 ++ 2024/CVE-2024-56567.md | 17 ++ 2024/CVE-2024-56568.md | 17 ++ 2024/CVE-2024-56569.md | 17 ++ 2024/CVE-2024-56570.md | 17 ++ 2024/CVE-2024-56571.md | 17 ++ 2024/CVE-2024-56572.md | 17 ++ 2024/CVE-2024-56573.md | 17 ++ 2024/CVE-2024-56574.md | 17 ++ 2024/CVE-2024-56575.md | 17 ++ 2024/CVE-2024-56576.md | 17 ++ 2024/CVE-2024-56577.md | 17 ++ 2024/CVE-2024-56578.md | 17 ++ 2024/CVE-2024-56579.md | 17 ++ 2024/CVE-2024-56580.md | 17 ++ 2024/CVE-2024-56581.md | 17 ++ 2024/CVE-2024-56582.md | 18 ++ 2024/CVE-2024-56583.md | 17 ++ 2024/CVE-2024-56584.md | 17 ++ 2024/CVE-2024-56585.md | 17 ++ 2024/CVE-2024-56586.md | 17 ++ 2024/CVE-2024-56587.md | 17 ++ 2024/CVE-2024-56588.md | 17 ++ 2024/CVE-2024-56589.md | 17 ++ 2024/CVE-2024-56590.md | 17 ++ 2024/CVE-2024-56591.md | 17 ++ 2024/CVE-2024-56592.md | 17 ++ 2024/CVE-2024-56593.md | 17 ++ 2024/CVE-2024-56594.md | 17 ++ 2024/CVE-2024-56595.md | 17 ++ 2024/CVE-2024-56596.md | 17 ++ 2024/CVE-2024-56597.md | 17 ++ 2024/CVE-2024-56598.md | 17 ++ 2024/CVE-2024-56599.md | 17 ++ 2024/CVE-2024-56600.md | 17 ++ 2024/CVE-2024-56601.md | 17 ++ 2024/CVE-2024-56602.md | 17 ++ 2024/CVE-2024-56603.md | 17 ++ 2024/CVE-2024-56604.md | 17 ++ 2024/CVE-2024-56605.md | 17 ++ 2024/CVE-2024-56606.md | 17 ++ 2024/CVE-2024-56607.md | 17 ++ 2024/CVE-2024-56608.md | 18 ++ 2024/CVE-2024-56609.md | 17 ++ 2024/CVE-2024-56610.md | 17 ++ 2024/CVE-2024-56611.md | 17 ++ 2024/CVE-2024-56612.md | 17 ++ 2024/CVE-2024-56613.md | 17 ++ 2024/CVE-2024-56614.md | 18 ++ 2024/CVE-2024-56615.md | 18 ++ 2024/CVE-2024-56616.md | 17 ++ 2024/CVE-2024-56617.md | 17 ++ 2024/CVE-2024-56618.md | 17 ++ 2024/CVE-2024-56619.md | 17 ++ 2024/CVE-2024-56620.md | 17 ++ 2024/CVE-2024-56621.md | 17 ++ 2024/CVE-2024-56622.md | 18 ++ 2024/CVE-2024-56623.md | 17 ++ 2024/CVE-2024-56624.md | 17 ++ 2024/CVE-2024-56625.md | 17 ++ 2024/CVE-2024-56626.md | 18 ++ 2024/CVE-2024-56627.md | 18 ++ 2024/CVE-2024-56628.md | 17 ++ 2024/CVE-2024-56629.md | 17 ++ 2024/CVE-2024-56630.md | 17 ++ 2024/CVE-2024-56631.md | 18 ++ 2024/CVE-2024-56632.md | 17 ++ 2024/CVE-2024-56633.md | 17 ++ 2024/CVE-2024-56634.md | 17 ++ 2024/CVE-2024-56635.md | 17 ++ 2024/CVE-2024-56636.md | 17 ++ 2024/CVE-2024-56637.md | 17 ++ 2024/CVE-2024-56638.md | 17 ++ 2024/CVE-2024-56639.md | 17 ++ 2024/CVE-2024-56640.md | 17 ++ 2024/CVE-2024-56641.md | 17 ++ 2024/CVE-2024-56642.md | 17 ++ 2024/CVE-2024-56643.md | 17 ++ 2024/CVE-2024-56644.md | 18 ++ 2024/CVE-2024-56645.md | 17 ++ 2024/CVE-2024-56646.md | 17 ++ 2024/CVE-2024-56647.md | 17 ++ 2024/CVE-2024-56648.md | 17 ++ 2024/CVE-2024-56649.md | 17 ++ 2024/CVE-2024-56650.md | 17 ++ 2024/CVE-2024-56651.md | 17 ++ 2024/CVE-2024-56652.md | 18 ++ 2024/CVE-2024-56653.md | 18 ++ 2024/CVE-2024-56654.md | 18 ++ 2024/CVE-2024-56655.md | 17 ++ 2024/CVE-2024-56656.md | 18 ++ 2024/CVE-2024-56657.md | 18 ++ 2024/CVE-2024-56658.md | 17 ++ 2024/CVE-2024-56659.md | 18 ++ 2024/CVE-2024-56660.md | 18 ++ 2024/CVE-2024-56661.md | 17 ++ 2024/CVE-2024-56662.md | 19 ++ 2024/CVE-2024-56663.md | 17 ++ 2024/CVE-2024-56664.md | 19 ++ 2024/CVE-2024-56665.md | 18 ++ 2024/CVE-2024-56666.md | 17 ++ 2024/CVE-2024-56667.md | 18 ++ 2024/CVE-2024-56668.md | 17 ++ 2024/CVE-2024-56669.md | 17 ++ 2024/CVE-2024-56670.md | 18 ++ 2024/CVE-2024-56671.md | 17 ++ 2024/CVE-2024-56672.md | 17 ++ 2024/CVE-2024-56673.md | 17 ++ 2024/CVE-2024-56674.md | 17 ++ 2024/CVE-2024-56675.md | 18 ++ 2024/CVE-2024-56676.md | 17 ++ 2024/CVE-2024-56677.md | 18 ++ 2024/CVE-2024-56678.md | 18 ++ 2024/CVE-2024-56679.md | 17 ++ 2024/CVE-2024-56680.md | 17 ++ 2024/CVE-2024-56681.md | 17 ++ 2024/CVE-2024-56682.md | 17 ++ 2024/CVE-2024-56683.md | 17 ++ 2024/CVE-2024-56684.md | 17 ++ 2024/CVE-2024-56685.md | 17 ++ 2024/CVE-2024-56686.md | 17 ++ 2024/CVE-2024-56687.md | 17 ++ 2024/CVE-2024-56688.md | 17 ++ 2024/CVE-2024-56689.md | 17 ++ 2024/CVE-2024-56690.md | 17 ++ 2024/CVE-2024-56691.md | 17 ++ 2024/CVE-2024-56692.md | 17 ++ 2024/CVE-2024-56693.md | 17 ++ 2024/CVE-2024-56694.md | 17 ++ 2024/CVE-2024-56695.md | 17 ++ 2024/CVE-2024-56696.md | 17 ++ 2024/CVE-2024-56697.md | 17 ++ 2024/CVE-2024-56698.md | 17 ++ 2024/CVE-2024-56699.md | 17 ++ 2024/CVE-2024-56700.md | 17 ++ 2024/CVE-2024-56701.md | 17 ++ 2024/CVE-2024-56702.md | 17 ++ 2024/CVE-2024-56703.md | 17 ++ 2024/CVE-2024-56704.md | 17 ++ 2024/CVE-2024-56705.md | 17 ++ 2024/CVE-2024-56706.md | 17 ++ 2024/CVE-2024-56707.md | 17 ++ 2024/CVE-2024-56708.md | 17 ++ 2024/CVE-2024-56709.md | 18 ++ 2024/CVE-2024-56710.md | 18 ++ 2024/CVE-2024-56711.md | 17 ++ 2024/CVE-2024-56712.md | 17 ++ 2024/CVE-2024-56713.md | 17 ++ 2024/CVE-2024-56714.md | 17 ++ 2024/CVE-2024-56715.md | 18 ++ 2024/CVE-2024-56716.md | 18 ++ 2024/CVE-2024-56717.md | 18 ++ 2024/CVE-2024-56718.md | 18 ++ 2024/CVE-2024-56719.md | 17 ++ 2024/CVE-2024-56720.md | 17 ++ 2024/CVE-2024-56721.md | 17 ++ 2024/CVE-2024-56722.md | 17 ++ 2024/CVE-2024-56723.md | 17 ++ 2024/CVE-2024-56724.md | 17 ++ 2024/CVE-2024-56725.md | 17 ++ 2024/CVE-2024-56726.md | 17 ++ 2024/CVE-2024-56727.md | 17 ++ 2024/CVE-2024-56728.md | 17 ++ 2024/CVE-2024-56729.md | 17 ++ 2024/CVE-2024-56730.md | 17 ++ 2024/CVE-2024-56741.md | 17 ++ 2024/CVE-2024-56744.md | 17 ++ 2024/CVE-2024-56751.md | 18 ++ 2024/CVE-2024-56753.md | 17 ++ 2024/CVE-2024-56754.md | 17 ++ 2024/CVE-2024-56755.md | 17 ++ 2024/CVE-2024-56756.md | 17 ++ 2024/CVE-2024-56758.md | 17 ++ 2024/CVE-2024-56759.md | 18 ++ 2024/CVE-2024-56760.md | 17 ++ 2024/CVE-2024-56761.md | 17 ++ 2024/CVE-2024-56763.md | 17 ++ 2024/CVE-2024-56764.md | 17 ++ 2024/CVE-2024-56767.md | 17 ++ 2024/CVE-2024-56769.md | 17 ++ 2024/CVE-2024-56770.md | 18 ++ 2024/CVE-2024-56775.md | 17 ++ 2024/CVE-2024-5678.md | 16 ++ 2024/CVE-2024-56784.md | 17 ++ 2024/CVE-2024-56801.md | 18 ++ 2024/CVE-2024-5681.md | 17 ++ 2024/CVE-2024-56827.md | 20 ++ 2024/CVE-2024-56829.md | 17 ++ 2024/CVE-2024-56882.md | 17 ++ 2024/CVE-2024-56883.md | 17 ++ 2024/CVE-2024-56889.md | 17 ++ 2024/CVE-2024-5689.md | 17 ++ 2024/CVE-2024-56897.md | 18 ++ 2024/CVE-2024-56898.md | 20 ++ 2024/CVE-2024-5690.md | 20 ++ 2024/CVE-2024-56901.md | 21 ++ 2024/CVE-2024-56902.md | 21 ++ 2024/CVE-2024-56903.md | 19 ++ 2024/CVE-2024-5691.md | 2 +- 2024/CVE-2024-5692.md | 20 ++ 2024/CVE-2024-56924.md | 17 ++ 2024/CVE-2024-5693.md | 20 ++ 2024/CVE-2024-56990.md | 17 ++ 2024/CVE-2024-56997.md | 17 ++ 2024/CVE-2024-56998.md | 17 ++ 2024/CVE-2024-57000.md | 17 ++ 2024/CVE-2024-57026.md | 17 ++ 2024/CVE-2024-57030.md | 18 ++ 2024/CVE-2024-57031.md | 18 ++ 2024/CVE-2024-57032.md | 18 ++ 2024/CVE-2024-57033.md | 18 ++ 2024/CVE-2024-57034.md | 18 ++ 2024/CVE-2024-57035.md | 18 ++ 2024/CVE-2024-57040.md | 18 ++ 2024/CVE-2024-5705.md | 19 ++ 2024/CVE-2024-5706.md | 19 ++ 2024/CVE-2024-57061.md | 17 ++ 2024/CVE-2024-57062.md | 17 ++ 2024/CVE-2024-5716.md | 19 ++ 2024/CVE-2024-57169.md | 17 ++ 2024/CVE-2024-5717.md | 19 ++ 2024/CVE-2024-57170.md | 17 ++ 2024/CVE-2024-57174.md | 17 ++ 2024/CVE-2024-57175.md | 17 ++ 2024/CVE-2024-5718.md | 18 ++ 2024/CVE-2024-5719.md | 18 ++ 2024/CVE-2024-5720.md | 18 ++ 2024/CVE-2024-5721.md | 18 ++ 2024/CVE-2024-5722.md | 18 ++ 2024/CVE-2024-57237.md | 18 ++ 2024/CVE-2024-57238.md | 18 ++ 2024/CVE-2024-57241.md | 17 ++ 2024/CVE-2024-57273.md | 17 ++ 2024/CVE-2024-57276.md | 17 ++ 2024/CVE-2024-57277.md | 17 ++ 2024/CVE-2024-5735.md | 3 + 2024/CVE-2024-57357.md | 17 ++ 2024/CVE-2024-5736.md | 1 + 2024/CVE-2024-57360.md | 17 ++ 2024/CVE-2024-5737.md | 1 + 2024/CVE-2024-57373.md | 17 ++ 2024/CVE-2024-57376.md | 18 ++ 2024/CVE-2024-57378.md | 18 ++ 2024/CVE-2024-57394.md | 18 ++ 2024/CVE-2024-57395.md | 17 ++ 2024/CVE-2024-57401.md | 18 ++ 2024/CVE-2024-5742.md | 20 ++ 2024/CVE-2024-57427.md | 17 ++ 2024/CVE-2024-57428.md | 17 ++ 2024/CVE-2024-57429.md | 17 ++ 2024/CVE-2024-57430.md | 17 ++ 2024/CVE-2024-57440.md | 17 ++ 2024/CVE-2024-57450.md | 17 ++ 2024/CVE-2024-57451.md | 17 ++ 2024/CVE-2024-57452.md | 17 ++ 2024/CVE-2024-57487.md | 17 ++ 2024/CVE-2024-57488.md | 17 ++ 2024/CVE-2024-57492.md | 17 ++ 2024/CVE-2024-57493.md | 17 ++ 2024/CVE-2024-57514.md | 17 ++ 2024/CVE-2024-57522.md | 17 ++ 2024/CVE-2024-57523.md | 18 ++ 2024/CVE-2024-57546.md | 17 ++ 2024/CVE-2024-57547.md | 17 ++ 2024/CVE-2024-57548.md | 17 ++ 2024/CVE-2024-57549.md | 17 ++ 2024/CVE-2024-5757.md | 17 ++ 2024/CVE-2024-57587.md | 17 ++ 2024/CVE-2024-57601.md | 17 ++ 2024/CVE-2024-57602.md | 17 ++ 2024/CVE-2024-57603.md | 17 ++ 2024/CVE-2024-57604.md | 17 ++ 2024/CVE-2024-57605.md | 17 ++ 2024/CVE-2024-57608.md | 17 ++ 2024/CVE-2024-57609.md | 17 ++ 2024/CVE-2024-57610.md | 17 ++ 2024/CVE-2024-5764.md | 17 ++ 2024/CVE-2024-57698.md | 17 ++ 2024/CVE-2024-57699.md | 17 ++ 2024/CVE-2024-57703.md | 17 ++ 2024/CVE-2024-57725.md | 17 ++ 2024/CVE-2024-57726.md | 17 ++ 2024/CVE-2024-57727.md | 24 ++ 2024/CVE-2024-57728.md | 17 ++ 2024/CVE-2024-57757.md | 17 ++ 2024/CVE-2024-57761.md | 17 ++ 2024/CVE-2024-57764.md | 17 ++ 2024/CVE-2024-57766.md | 17 ++ 2024/CVE-2024-57770.md | 17 ++ 2024/CVE-2024-57773.md | 17 ++ 2024/CVE-2024-57774.md | 17 ++ 2024/CVE-2024-57778.md | 17 ++ 2024/CVE-2024-57784.md | 17 ++ 2024/CVE-2024-57785.md | 17 ++ 2024/CVE-2024-57790.md | 17 ++ 2024/CVE-2024-57791.md | 17 ++ 2024/CVE-2024-57801.md | 17 ++ 2024/CVE-2024-57802.md | 17 ++ 2024/CVE-2024-57804.md | 17 ++ 2024/CVE-2024-57822.md | 17 ++ 2024/CVE-2024-57823.md | 17 ++ 2024/CVE-2024-57841.md | 17 ++ 2024/CVE-2024-57876.md | 17 ++ 2024/CVE-2024-57879.md | 17 ++ 2024/CVE-2024-57882.md | 17 ++ 2024/CVE-2024-57883.md | 17 ++ 2024/CVE-2024-57884.md | 17 ++ 2024/CVE-2024-57885.md | 17 ++ 2024/CVE-2024-57887.md | 17 ++ 2024/CVE-2024-57888.md | 17 ++ 2024/CVE-2024-57889.md | 17 ++ 2024/CVE-2024-57890.md | 17 ++ 2024/CVE-2024-57892.md | 17 ++ 2024/CVE-2024-57893.md | 17 ++ 2024/CVE-2024-57895.md | 17 ++ 2024/CVE-2024-57896.md | 17 ++ 2024/CVE-2024-57897.md | 17 ++ 2024/CVE-2024-57898.md | 17 ++ 2024/CVE-2024-57899.md | 17 ++ 2024/CVE-2024-57900.md | 17 ++ 2024/CVE-2024-57901.md | 17 ++ 2024/CVE-2024-57902.md | 17 ++ 2024/CVE-2024-57903.md | 17 ++ 2024/CVE-2024-57904.md | 17 ++ 2024/CVE-2024-57906.md | 17 ++ 2024/CVE-2024-57907.md | 17 ++ 2024/CVE-2024-57908.md | 17 ++ 2024/CVE-2024-57910.md | 17 ++ 2024/CVE-2024-57911.md | 17 ++ 2024/CVE-2024-57912.md | 17 ++ 2024/CVE-2024-57913.md | 17 ++ 2024/CVE-2024-57917.md | 17 ++ 2024/CVE-2024-5792.md | 17 ++ 2024/CVE-2024-57924.md | 17 ++ 2024/CVE-2024-57925.md | 17 ++ 2024/CVE-2024-57926.md | 17 ++ 2024/CVE-2024-57929.md | 17 ++ 2024/CVE-2024-5793.md | 17 ++ 2024/CVE-2024-57931.md | 17 ++ 2024/CVE-2024-57932.md | 17 ++ 2024/CVE-2024-57933.md | 17 ++ 2024/CVE-2024-57938.md | 17 ++ 2024/CVE-2024-57939.md | 17 ++ 2024/CVE-2024-57940.md | 17 ++ 2024/CVE-2024-57945.md | 17 ++ 2024/CVE-2024-57946.md | 17 ++ 2024/CVE-2024-57963.md | 17 ++ 2024/CVE-2024-57964.md | 17 ++ 2024/CVE-2024-57965.md | 17 ++ 2024/CVE-2024-57968.md | 18 ++ 2024/CVE-2024-57972.md | 18 ++ 2024/CVE-2024-5799.md | 17 ++ 2024/CVE-2024-5803.md | 17 ++ 2024/CVE-2024-5806.md | 4 + 2024/CVE-2024-58087.md | 17 ++ 2024/CVE-2024-58101.md | 17 ++ 2024/CVE-2024-58103.md | 17 ++ 2024/CVE-2024-58136.md | 18 ++ 2024/CVE-2024-5814.md | 1 + 2024/CVE-2024-58237.md | 17 ++ 2024/CVE-2024-58251.md | 17 ++ 2024/CVE-2024-5827.md | 17 ++ 2024/CVE-2024-5830.md | 19 ++ 2024/CVE-2024-5834.md | 17 ++ 2024/CVE-2024-5835.md | 17 ++ 2024/CVE-2024-5836.md | 19 ++ 2024/CVE-2024-5837.md | 17 ++ 2024/CVE-2024-5838.md | 17 ++ 2024/CVE-2024-5909.md | 18 ++ 2024/CVE-2024-5910.md | 20 ++ 2024/CVE-2024-5921.md | 19 ++ 2024/CVE-2024-5932.md | 20 ++ 2024/CVE-2024-5947.md | 1 + 2024/CVE-2024-5961.md | 1 + 2024/CVE-2024-5967.md | 23 ++ 2024/CVE-2024-5968.md | 17 ++ 2024/CVE-2024-5991.md | 1 + 2024/CVE-2024-6004.md | 1 + 2024/CVE-2024-6007.md | 1 + 2024/CVE-2024-6017.md | 18 ++ 2024/CVE-2024-6018.md | 17 ++ 2024/CVE-2024-6019.md | 17 ++ 2024/CVE-2024-6020.md | 17 ++ 2024/CVE-2024-6028.md | 3 + 2024/CVE-2024-6043.md | 2 + 2024/CVE-2024-6047.md | 37 +++ 2024/CVE-2024-6049.md | 17 ++ 2024/CVE-2024-6050.md | 1 + 2024/CVE-2024-6055.md | 17 ++ 2024/CVE-2024-6057.md | 17 ++ 2024/CVE-2024-6091.md | 19 ++ 2024/CVE-2024-6095.md | 1 + 2024/CVE-2024-6100.md | 4 +- 2024/CVE-2024-6101.md | 17 ++ 2024/CVE-2024-6104.md | 17 ++ 2024/CVE-2024-6119.md | 17 ++ 2024/CVE-2024-6127.md | 1 + 2024/CVE-2024-6132.md | 18 ++ 2024/CVE-2024-6147.md | 1 + 2024/CVE-2024-6159.md | 17 ++ 2024/CVE-2024-6162.md | 5 +- 2024/CVE-2024-6189.md | 1 + 2024/CVE-2024-6205.md | 2 + 2024/CVE-2024-6222.md | 1 + 2024/CVE-2024-6232.md | 19 ++ 2024/CVE-2024-6235.md | 17 ++ 2024/CVE-2024-6239.md | 20 ++ 2024/CVE-2024-6244.md | 1 + 2024/CVE-2024-6257.md | 17 ++ 2024/CVE-2024-6259.md | 18 ++ 2024/CVE-2024-6274.md | 17 ++ 2024/CVE-2024-6291.md | 17 ++ 2024/CVE-2024-6327.md | 17 ++ 2024/CVE-2024-6330.md | 3 + 2024/CVE-2024-6335.md | 17 ++ 2024/CVE-2024-6342.md | 19 ++ 2024/CVE-2024-6343.md | 22 ++ 2024/CVE-2024-6345.md | 38 +++ 2024/CVE-2024-6354.md | 17 ++ 2024/CVE-2024-6366.md | 4 + 2024/CVE-2024-6372.md | 1 + 2024/CVE-2024-6385.md | 1 + 2024/CVE-2024-6386.md | 4 + 2024/CVE-2024-6387.md | 138 +++++++++++ 2024/CVE-2024-6393.md | 17 ++ 2024/CVE-2024-6409.md | 3 + 2024/CVE-2024-6411.md | 17 ++ 2024/CVE-2024-6460.md | 3 +- 2024/CVE-2024-6462.md | 17 ++ 2024/CVE-2024-6473.md | 17 ++ 2024/CVE-2024-6478.md | 17 ++ 2024/CVE-2024-6484.md | 3 + 2024/CVE-2024-6485.md | 6 +- 2024/CVE-2024-6486.md | 17 ++ 2024/CVE-2024-6492.md | 17 ++ 2024/CVE-2024-6493.md | 17 ++ 2024/CVE-2024-6507.md | 2 +- 2024/CVE-2024-6512.md | 17 ++ 2024/CVE-2024-6517.md | 17 ++ 2024/CVE-2024-6523.md | 1 + 2024/CVE-2024-6529.md | 1 + 2024/CVE-2024-6531.md | 8 + 2024/CVE-2024-6536.md | 1 + 2024/CVE-2024-6539.md | 17 ++ 2024/CVE-2024-6577.md | 17 ++ 2024/CVE-2024-6584.md | 17 ++ 2024/CVE-2024-6592.md | 20 ++ 2024/CVE-2024-6593.md | 17 ++ 2024/CVE-2024-6594.md | 17 ++ 2024/CVE-2024-6600.md | 20 ++ 2024/CVE-2024-6602.md | 21 ++ 2024/CVE-2024-6605.md | 17 ++ 2024/CVE-2024-6606.md | 18 ++ 2024/CVE-2024-6607.md | 18 ++ 2024/CVE-2024-6611.md | 18 ++ 2024/CVE-2024-6612.md | 18 ++ 2024/CVE-2024-6613.md | 19 ++ 2024/CVE-2024-6614.md | 19 ++ 2024/CVE-2024-6617.md | 17 ++ 2024/CVE-2024-6620.md | 18 ++ 2024/CVE-2024-6624.md | 18 ++ 2024/CVE-2024-6633.md | 1 + 2024/CVE-2024-6646.md | 16 ++ 2024/CVE-2024-6648.md | 18 ++ 2024/CVE-2024-6655.md | 20 ++ 2024/CVE-2024-6665.md | 17 ++ 2024/CVE-2024-6667.md | 17 ++ 2024/CVE-2024-6668.md | 17 ++ 2024/CVE-2024-6670.md | 4 + 2024/CVE-2024-6690.md | 17 ++ 2024/CVE-2024-6693.md | 17 ++ 2024/CVE-2024-6695.md | 1 + 2024/CVE-2024-6696.md | 19 ++ 2024/CVE-2024-6697.md | 19 ++ 2024/CVE-2024-6704.md | 17 ++ 2024/CVE-2024-6708.md | 17 ++ 2024/CVE-2024-6711.md | 17 ++ 2024/CVE-2024-6712.md | 18 ++ 2024/CVE-2024-6713.md | 17 ++ 2024/CVE-2024-6716.md | 9 +- 2024/CVE-2024-6718.md | 17 ++ 2024/CVE-2024-6719.md | 17 ++ 2024/CVE-2024-6722.md | 17 ++ 2024/CVE-2024-6723.md | 17 ++ 2024/CVE-2024-6726.md | 17 ++ 2024/CVE-2024-6727.md | 17 ++ 2024/CVE-2024-6730.md | 17 ++ 2024/CVE-2024-6736.md | 17 ++ 2024/CVE-2024-6748.md | 17 ++ 2024/CVE-2024-6763.md | 17 ++ 2024/CVE-2024-6768.md | 2 + 2024/CVE-2024-6769.md | 23 ++ 2024/CVE-2024-6772.md | 17 ++ 2024/CVE-2024-6774.md | 17 ++ 2024/CVE-2024-6775.md | 17 ++ 2024/CVE-2024-6776.md | 17 ++ 2024/CVE-2024-6777.md | 17 ++ 2024/CVE-2024-6778.md | 18 ++ 2024/CVE-2024-6779.md | 2 + 2024/CVE-2024-6781.md | 16 ++ 2024/CVE-2024-6782.md | 21 ++ 2024/CVE-2024-6783.md | 2 + 2024/CVE-2024-6792.md | 17 ++ 2024/CVE-2024-6797.md | 17 ++ 2024/CVE-2024-6798.md | 17 ++ 2024/CVE-2024-6809.md | 17 ++ 2024/CVE-2024-6814.md | 1 + 2024/CVE-2024-6842.md | 17 ++ 2024/CVE-2024-6845.md | 17 ++ 2024/CVE-2024-6846.md | 17 ++ 2024/CVE-2024-6850.md | 17 ++ 2024/CVE-2024-6852.md | 17 ++ 2024/CVE-2024-6853.md | 17 ++ 2024/CVE-2024-6855.md | 17 ++ 2024/CVE-2024-6856.md | 17 ++ 2024/CVE-2024-6857.md | 17 ++ 2024/CVE-2024-6859.md | 18 ++ 2024/CVE-2024-6860.md | 17 ++ 2024/CVE-2024-6873.md | 17 ++ 2024/CVE-2024-6886.md | 17 ++ 2024/CVE-2024-6887.md | 17 ++ 2024/CVE-2024-6888.md | 17 ++ 2024/CVE-2024-6889.md | 17 ++ 2024/CVE-2024-6893.md | 1 + 2024/CVE-2024-6894.md | 17 ++ 2024/CVE-2024-6910.md | 17 ++ 2024/CVE-2024-6911.md | 15 ++ 2024/CVE-2024-6914.md | 27 +++ 2024/CVE-2024-6923.md | 3 +- 2024/CVE-2024-6924.md | 17 ++ 2024/CVE-2024-6925.md | 17 ++ 2024/CVE-2024-6926.md | 17 ++ 2024/CVE-2024-6928.md | 17 ++ 2024/CVE-2024-6931.md | 17 ++ 2024/CVE-2024-6944.md | 27 +++ 2024/CVE-2024-6960.md | 2 +- 2024/CVE-2024-6961.md | 2 +- 2024/CVE-2024-6973.md | 2 +- 2024/CVE-2024-6974.md | 2 +- 2024/CVE-2024-6975.md | 2 +- 2024/CVE-2024-6977.md | 2 +- 2024/CVE-2024-6978.md | 17 ++ 2024/CVE-2024-6984.md | 2 +- 2024/CVE-2024-6986.md | 17 ++ 2024/CVE-2024-6989.md | 17 ++ 2024/CVE-2024-6990.md | 2 +- 2024/CVE-2024-6994.md | 17 ++ 2024/CVE-2024-6995.md | 17 ++ 2024/CVE-2024-7003.md | 2 +- 2024/CVE-2024-7004.md | 17 ++ 2024/CVE-2024-7006.md | 5 +- 2024/CVE-2024-7008.md | 1 + 2024/CVE-2024-7014.md | 19 ++ 2024/CVE-2024-7018.md | 17 ++ 2024/CVE-2024-7019.md | 17 ++ 2024/CVE-2024-7020.md | 17 ++ 2024/CVE-2024-7022.md | 17 ++ 2024/CVE-2024-7023.md | 17 ++ 2024/CVE-2024-7024.md | 18 ++ 2024/CVE-2024-7029.md | 5 + 2024/CVE-2024-7052.md | 17 ++ 2024/CVE-2024-7056.md | 17 ++ 2024/CVE-2024-7059.md | 17 ++ 2024/CVE-2024-7066.md | 1 + 2024/CVE-2024-7081.md | 4 +- 2024/CVE-2024-7094.md | 1 + 2024/CVE-2024-7120.md | 3 + 2024/CVE-2024-7124.md | 17 ++ 2024/CVE-2024-7129.md | 17 ++ 2024/CVE-2024-7133.md | 17 ++ 2024/CVE-2024-7135.md | 29 +++ 2024/CVE-2024-7141.md | 17 ++ 2024/CVE-2024-7160.md | 1 + 2024/CVE-2024-7170.md | 2 +- 2024/CVE-2024-7171.md | 2 +- 2024/CVE-2024-7172.md | 2 +- 2024/CVE-2024-7173.md | 2 +- 2024/CVE-2024-7174.md | 2 +- 2024/CVE-2024-7175.md | 2 +- 2024/CVE-2024-7176.md | 2 +- 2024/CVE-2024-7177.md | 2 +- 2024/CVE-2024-7178.md | 2 +- 2024/CVE-2024-7179.md | 1 + 2024/CVE-2024-7180.md | 1 + 2024/CVE-2024-7181.md | 1 + 2024/CVE-2024-7182.md | 1 + 2024/CVE-2024-7183.md | 1 + 2024/CVE-2024-7184.md | 1 + 2024/CVE-2024-7185.md | 1 + 2024/CVE-2024-7186.md | 1 + 2024/CVE-2024-7187.md | 1 + 2024/CVE-2024-7188.md | 2 +- 2024/CVE-2024-7212.md | 1 + 2024/CVE-2024-7213.md | 1 + 2024/CVE-2024-7214.md | 1 + 2024/CVE-2024-7215.md | 1 + 2024/CVE-2024-7216.md | 1 + 2024/CVE-2024-7217.md | 2 +- 2024/CVE-2024-7246.md | 3 + 2024/CVE-2024-7254.md | 25 ++ 2024/CVE-2024-7256.md | 17 ++ 2024/CVE-2024-7262.md | 1 + 2024/CVE-2024-7264.md | 18 ++ 2024/CVE-2024-7265.md | 2 +- 2024/CVE-2024-7266.md | 2 +- 2024/CVE-2024-7313.md | 2 + 2024/CVE-2024-7314.md | 3 +- 2024/CVE-2024-7315.md | 17 ++ 2024/CVE-2024-7327.md | 1 + 2024/CVE-2024-7328.md | 2 +- 2024/CVE-2024-7329.md | 17 ++ 2024/CVE-2024-7330.md | 17 ++ 2024/CVE-2024-7331.md | 2 +- 2024/CVE-2024-7332.md | 1 + 2024/CVE-2024-7333.md | 2 +- 2024/CVE-2024-7334.md | 2 +- 2024/CVE-2024-7335.md | 1 + 2024/CVE-2024-7336.md | 1 + 2024/CVE-2024-7337.md | 1 + 2024/CVE-2024-7338.md | 1 + 2024/CVE-2024-7339.md | 3 + 2024/CVE-2024-7340.md | 2 +- 2024/CVE-2024-7344.md | 28 +++ 2024/CVE-2024-7347.md | 2 + 2024/CVE-2024-7348.md | 3 + 2024/CVE-2024-7350.md | 1 + 2024/CVE-2024-7354.md | 17 ++ 2024/CVE-2024-7357.md | 1 + 2024/CVE-2024-7387.md | 22 ++ 2024/CVE-2024-7389.md | 18 ++ 2024/CVE-2024-7399.md | 20 ++ 2024/CVE-2024-7401.md | 17 ++ 2024/CVE-2024-7409.md | 8 +- 2024/CVE-2024-7414.md | 1 + 2024/CVE-2024-7421.md | 17 ++ 2024/CVE-2024-7444.md | 2 + 2024/CVE-2024-7456.md | 17 ++ 2024/CVE-2024-7462.md | 1 + 2024/CVE-2024-7463.md | 1 + 2024/CVE-2024-7464.md | 1 + 2024/CVE-2024-7465.md | 2 + 2024/CVE-2024-7467.md | 1 + 2024/CVE-2024-7468.md | 1 + 2024/CVE-2024-7469.md | 1 + 2024/CVE-2024-7470.md | 1 + 2024/CVE-2024-7479.md | 21 ++ 2024/CVE-2024-7481.md | 20 ++ 2024/CVE-2024-7495.md | 17 ++ 2024/CVE-2024-7514.md | 17 ++ 2024/CVE-2024-7518.md | 2 +- 2024/CVE-2024-7519.md | 21 ++ 2024/CVE-2024-7520.md | 2 +- 2024/CVE-2024-7521.md | 2 + 2024/CVE-2024-7523.md | 2 +- 2024/CVE-2024-7524.md | 2 +- 2024/CVE-2024-7525.md | 2 +- 2024/CVE-2024-7529.md | 2 +- 2024/CVE-2024-7533.md | 2 +- 2024/CVE-2024-7550.md | 2 +- 2024/CVE-2024-7556.md | 17 ++ 2024/CVE-2024-7558.md | 19 ++ 2024/CVE-2024-7569.md | 18 ++ 2024/CVE-2024-7581.md | 1 + 2024/CVE-2024-7582.md | 2 +- 2024/CVE-2024-7583.md | 2 +- 2024/CVE-2024-7584.md | 1 + 2024/CVE-2024-7585.md | 1 + 2024/CVE-2024-7591.md | 18 ++ 2024/CVE-2024-7592.md | 4 +- 2024/CVE-2024-7593.md | 19 ++ 2024/CVE-2024-7595.md | 18 ++ 2024/CVE-2024-7596.md | 17 ++ 2024/CVE-2024-7598.md | 17 ++ 2024/CVE-2024-7600.md | 17 ++ 2024/CVE-2024-7601.md | 17 ++ 2024/CVE-2024-7602.md | 17 ++ 2024/CVE-2024-7603.md | 17 ++ 2024/CVE-2024-7604.md | 17 ++ 2024/CVE-2024-7613.md | 2 +- 2024/CVE-2024-7614.md | 2 +- 2024/CVE-2024-7615.md | 2 +- 2024/CVE-2024-7627.md | 17 ++ 2024/CVE-2024-7640.md | 17 ++ 2024/CVE-2024-7646.md | 3 + 2024/CVE-2024-7652.md | 21 ++ 2024/CVE-2024-7687.md | 18 ++ 2024/CVE-2024-7688.md | 17 ++ 2024/CVE-2024-7689.md | 18 ++ 2024/CVE-2024-7690.md | 17 ++ 2024/CVE-2024-7691.md | 17 ++ 2024/CVE-2024-7692.md | 17 ++ 2024/CVE-2024-7701.md | 17 ++ 2024/CVE-2024-7713.md | 17 ++ 2024/CVE-2024-7714.md | 17 ++ 2024/CVE-2024-7716.md | 17 ++ 2024/CVE-2024-7726.md | 20 ++ 2024/CVE-2024-7738.md | 2 +- 2024/CVE-2024-7739.md | 2 +- 2024/CVE-2024-7758.md | 17 ++ 2024/CVE-2024-7759.md | 17 ++ 2024/CVE-2024-7761.md | 17 ++ 2024/CVE-2024-7762.md | 17 ++ 2024/CVE-2024-7766.md | 17 ++ 2024/CVE-2024-7769.md | 17 ++ 2024/CVE-2024-7772.md | 17 ++ 2024/CVE-2024-7786.md | 17 ++ 2024/CVE-2024-7806.md | 17 ++ 2024/CVE-2024-7808.md | 2 +- 2024/CVE-2024-7816.md | 18 ++ 2024/CVE-2024-7817.md | 17 ++ 2024/CVE-2024-7818.md | 18 ++ 2024/CVE-2024-7820.md | 17 ++ 2024/CVE-2024-7821.md | 18 ++ 2024/CVE-2024-7822.md | 18 ++ 2024/CVE-2024-7833.md | 1 + 2024/CVE-2024-7846.md | 17 ++ 2024/CVE-2024-7854.md | 1 + 2024/CVE-2024-7856.md | 1 + 2024/CVE-2024-7859.md | 17 ++ 2024/CVE-2024-7860.md | 18 ++ 2024/CVE-2024-7861.md | 18 ++ 2024/CVE-2024-7862.md | 17 ++ 2024/CVE-2024-7863.md | 17 ++ 2024/CVE-2024-7864.md | 17 ++ 2024/CVE-2024-7869.md | 17 ++ 2024/CVE-2024-7876.md | 17 ++ 2024/CVE-2024-7877.md | 17 ++ 2024/CVE-2024-7878.md | 17 ++ 2024/CVE-2024-7879.md | 17 ++ 2024/CVE-2024-7883.md | 21 ++ 2024/CVE-2024-7885.md | 36 +++ 2024/CVE-2024-7886.md | 5 +- 2024/CVE-2024-7890.md | 17 ++ 2024/CVE-2024-7891.md | 17 ++ 2024/CVE-2024-7892.md | 17 ++ 2024/CVE-2024-7907.md | 2 +- 2024/CVE-2024-7908.md | 2 +- 2024/CVE-2024-7909.md | 2 +- 2024/CVE-2024-7916.md | 17 ++ 2024/CVE-2024-7918.md | 17 ++ 2024/CVE-2024-7919.md | 2 +- 2024/CVE-2024-7920.md | 2 +- 2024/CVE-2024-7921.md | 2 +- 2024/CVE-2024-7928.md | 9 +- 2024/CVE-2024-7954.md | 25 ++ 2024/CVE-2024-7955.md | 17 ++ 2024/CVE-2024-7962.md | 17 ++ 2024/CVE-2024-7964.md | 2 +- 2024/CVE-2024-7965.md | 4 + 2024/CVE-2024-7966.md | 5 +- 2024/CVE-2024-7968.md | 2 +- 2024/CVE-2024-7969.md | 2 +- 2024/CVE-2024-7971.md | 4 + 2024/CVE-2024-7972.md | 2 +- 2024/CVE-2024-7975.md | 2 +- 2024/CVE-2024-7977.md | 2 +- 2024/CVE-2024-7980.md | 2 +- 2024/CVE-2024-7981.md | 2 +- 2024/CVE-2024-7982.md | 17 ++ 2024/CVE-2024-7984.md | 17 ++ 2024/CVE-2024-7985.md | 18 ++ 2024/CVE-2024-8009.md | 17 ++ 2024/CVE-2024-8027.md | 17 ++ 2024/CVE-2024-8029.md | 17 ++ 2024/CVE-2024-8031.md | 17 ++ 2024/CVE-2024-8032.md | 18 ++ 2024/CVE-2024-8043.md | 18 ++ 2024/CVE-2024-8044.md | 17 ++ 2024/CVE-2024-8047.md | 17 ++ 2024/CVE-2024-8050.md | 17 ++ 2024/CVE-2024-8051.md | 18 ++ 2024/CVE-2024-8052.md | 18 ++ 2024/CVE-2024-8054.md | 18 ++ 2024/CVE-2024-8056.md | 17 ++ 2024/CVE-2024-8067.md | 17 ++ 2024/CVE-2024-8068.md | 19 ++ 2024/CVE-2024-8069.md | 21 ++ 2024/CVE-2024-8072.md | 2 +- 2024/CVE-2024-8082.md | 17 ++ 2024/CVE-2024-8085.md | 18 ++ 2024/CVE-2024-8088.md | 3 +- 2024/CVE-2024-8090.md | 18 ++ 2024/CVE-2024-8091.md | 17 ++ 2024/CVE-2024-8092.md | 18 ++ 2024/CVE-2024-8093.md | 17 ++ 2024/CVE-2024-8094.md | 17 ++ 2024/CVE-2024-8095.md | 18 ++ 2024/CVE-2024-8096.md | 18 ++ 2024/CVE-2024-8107.md | 17 ++ 2024/CVE-2024-8118.md | 18 ++ 2024/CVE-2024-8124.md | 17 ++ 2024/CVE-2024-8157.md | 17 ++ 2024/CVE-2024-8159.md | 17 ++ 2024/CVE-2024-8162.md | 1 + 2024/CVE-2024-8176.md | 37 +++ 2024/CVE-2024-8181.md | 1 + 2024/CVE-2024-8187.md | 17 ++ 2024/CVE-2024-8190.md | 34 +++ 2024/CVE-2024-8193.md | 5 +- 2024/CVE-2024-8194.md | 5 +- 2024/CVE-2024-8197.md | 8 +- 2024/CVE-2024-8198.md | 5 +- 2024/CVE-2024-8208.md | 17 ++ 2024/CVE-2024-8209.md | 17 ++ 2024/CVE-2024-8216.md | 17 ++ 2024/CVE-2024-8217.md | 17 ++ 2024/CVE-2024-8224.md | 17 ++ 2024/CVE-2024-8225.md | 17 ++ 2024/CVE-2024-8226.md | 17 ++ 2024/CVE-2024-8227.md | 17 ++ 2024/CVE-2024-8228.md | 17 ++ 2024/CVE-2024-8229.md | 17 ++ 2024/CVE-2024-8230.md | 17 ++ 2024/CVE-2024-8231.md | 17 ++ 2024/CVE-2024-8232.md | 18 ++ 2024/CVE-2024-8239.md | 17 ++ 2024/CVE-2024-8243.md | 18 ++ 2024/CVE-2024-8245.md | 17 ++ 2024/CVE-2024-8275.md | 17 ++ 2024/CVE-2024-8277.md | 17 ++ 2024/CVE-2024-8283.md | 17 ++ 2024/CVE-2024-8284.md | 17 ++ 2024/CVE-2024-8286.md | 17 ++ 2024/CVE-2024-8289.md | 18 ++ 2024/CVE-2024-8294.md | 2 +- 2024/CVE-2024-8295.md | 2 +- 2024/CVE-2024-8296.md | 2 +- 2024/CVE-2024-8309.md | 17 ++ 2024/CVE-2024-8327.md | 1 + 2024/CVE-2024-8328.md | 1 + 2024/CVE-2024-8331.md | 2 +- 2024/CVE-2024-8335.md | 2 +- 2024/CVE-2024-8337.md | 3 +- 2024/CVE-2024-8343.md | 1 + 2024/CVE-2024-8349.md | 17 ++ 2024/CVE-2024-8350.md | 17 ++ 2024/CVE-2024-8353.md | 19 ++ 2024/CVE-2024-8362.md | 17 ++ 2024/CVE-2024-8372.md | 18 ++ 2024/CVE-2024-8373.md | 18 ++ 2024/CVE-2024-8378.md | 17 ++ 2024/CVE-2024-8379.md | 17 ++ 2024/CVE-2024-8381.md | 24 ++ 2024/CVE-2024-8383.md | 19 ++ 2024/CVE-2024-8385.md | 20 ++ 2024/CVE-2024-8386.md | 21 ++ 2024/CVE-2024-8397.md | 17 ++ 2024/CVE-2024-8398.md | 17 ++ 2024/CVE-2024-8399.md | 17 ++ 2024/CVE-2024-8404.md | 17 ++ 2024/CVE-2024-8417.md | 17 ++ 2024/CVE-2024-8418.md | 19 ++ 2024/CVE-2024-8425.md | 18 ++ 2024/CVE-2024-8426.md | 17 ++ 2024/CVE-2024-8444.md | 17 ++ 2024/CVE-2024-8451.md | 20 ++ 2024/CVE-2024-8484.md | 17 ++ 2024/CVE-2024-8492.md | 17 ++ 2024/CVE-2024-8493.md | 17 ++ 2024/CVE-2024-8503.md | 17 ++ 2024/CVE-2024-8504.md | 18 ++ 2024/CVE-2024-8517.md | 18 ++ 2024/CVE-2024-8522.md | 31 +++ 2024/CVE-2024-8529.md | 17 ++ 2024/CVE-2024-8534.md | 18 ++ 2024/CVE-2024-8536.md | 17 ++ 2024/CVE-2024-8542.md | 17 ++ 2024/CVE-2024-8554.md | 17 ++ 2024/CVE-2024-8555.md | 17 ++ 2024/CVE-2024-8565.md | 17 ++ 2024/CVE-2024-8574.md | 17 ++ 2024/CVE-2024-8576.md | 18 ++ 2024/CVE-2024-8577.md | 18 ++ 2024/CVE-2024-8578.md | 17 ++ 2024/CVE-2024-8579.md | 17 ++ 2024/CVE-2024-8580.md | 17 ++ 2024/CVE-2024-8602.md | 17 ++ 2024/CVE-2024-8617.md | 17 ++ 2024/CVE-2024-8618.md | 17 ++ 2024/CVE-2024-8619.md | 17 ++ 2024/CVE-2024-8620.md | 17 ++ 2024/CVE-2024-8625.md | 17 ++ 2024/CVE-2024-8636.md | 19 ++ 2024/CVE-2024-8637.md | 17 ++ 2024/CVE-2024-8638.md | 17 ++ 2024/CVE-2024-8670.md | 17 ++ 2024/CVE-2024-8672.md | 18 ++ 2024/CVE-2024-8673.md | 17 ++ 2024/CVE-2024-8679.md | 17 ++ 2024/CVE-2024-8682.md | 17 ++ 2024/CVE-2024-8695.md | 18 ++ 2024/CVE-2024-8696.md | 18 ++ 2024/CVE-2024-8698.md | 27 +++ 2024/CVE-2024-8699.md | 17 ++ 2024/CVE-2024-8700.md | 17 ++ 2024/CVE-2024-8701.md | 17 ++ 2024/CVE-2024-8702.md | 17 ++ 2024/CVE-2024-8703.md | 17 ++ 2024/CVE-2024-8705.md | 17 ++ 2024/CVE-2024-8707.md | 17 ++ 2024/CVE-2024-8743.md | 17 ++ 2024/CVE-2024-8749.md | 17 ++ 2024/CVE-2024-8750.md | 17 ++ 2024/CVE-2024-8751.md | 17 ++ 2024/CVE-2024-8752.md | 18 ++ 2024/CVE-2024-8758.md | 17 ++ 2024/CVE-2024-8759.md | 17 ++ 2024/CVE-2024-8773.md | 17 ++ 2024/CVE-2024-8774.md | 17 ++ 2024/CVE-2024-8781.md | 18 ++ 2024/CVE-2024-8803.md | 17 ++ 2024/CVE-2024-8804.md | 17 ++ 2024/CVE-2024-8851.md | 17 ++ 2024/CVE-2024-8854.md | 17 ++ 2024/CVE-2024-8855.md | 17 ++ 2024/CVE-2024-8856.md | 18 ++ 2024/CVE-2024-8857.md | 17 ++ 2024/CVE-2024-8867.md | 17 ++ 2024/CVE-2024-8876.md | 17 ++ 2024/CVE-2024-8877.md | 17 ++ 2024/CVE-2024-8878.md | 17 ++ 2024/CVE-2024-8883.md | 28 +++ 2024/CVE-2024-8885.md | 18 ++ 2024/CVE-2024-8888.md | 17 ++ 2024/CVE-2024-8897.md | 17 ++ 2024/CVE-2024-8902.md | 22 ++ 2024/CVE-2024-8903.md | 17 ++ 2024/CVE-2024-8904.md | 17 ++ 2024/CVE-2024-8905.md | 17 ++ 2024/CVE-2024-8907.md | 17 ++ 2024/CVE-2024-8908.md | 17 ++ 2024/CVE-2024-8909.md | 17 ++ 2024/CVE-2024-8926.md | 18 ++ 2024/CVE-2024-8945.md | 17 ++ 2024/CVE-2024-8949.md | 18 ++ 2024/CVE-2024-8951.md | 17 ++ 2024/CVE-2024-8956.md | 19 ++ 2024/CVE-2024-8957.md | 19 ++ 2024/CVE-2024-8963.md | 21 ++ 2024/CVE-2024-8966.md | 22 ++ 2024/CVE-2024-8968.md | 17 ++ 2024/CVE-2024-8983.md | 17 ++ 2024/CVE-2024-9001.md | 17 ++ 2024/CVE-2024-9006.md | 18 ++ 2024/CVE-2024-9007.md | 18 ++ 2024/CVE-2024-9009.md | 17 ++ 2024/CVE-2024-9011.md | 17 ++ 2024/CVE-2024-9014.md | 31 +++ 2024/CVE-2024-9020.md | 17 ++ 2024/CVE-2024-9021.md | 18 ++ 2024/CVE-2024-9022.md | 18 ++ 2024/CVE-2024-9026.md | 18 ++ 2024/CVE-2024-9033.md | 17 ++ 2024/CVE-2024-9034.md | 17 ++ 2024/CVE-2024-9036.md | 17 ++ 2024/CVE-2024-9037.md | 17 ++ 2024/CVE-2024-9039.md | 17 ++ 2024/CVE-2024-9041.md | 17 ++ 2024/CVE-2024-9042.md | 18 ++ 2024/CVE-2024-9047.md | 31 +++ 2024/CVE-2024-9050.md | 31 +++ 2024/CVE-2024-9052.md | 17 ++ 2024/CVE-2024-9061.md | 17 ++ 2024/CVE-2024-9077.md | 17 ++ 2024/CVE-2024-9078.md | 17 ++ 2024/CVE-2024-9079.md | 17 ++ 2024/CVE-2024-9080.md | 17 ++ 2024/CVE-2024-9084.md | 17 ++ 2024/CVE-2024-9085.md | 17 ++ 2024/CVE-2024-9086.md | 17 ++ 2024/CVE-2024-9087.md | 17 ++ 2024/CVE-2024-9091.md | 17 ++ 2024/CVE-2024-9094.md | 17 ++ 2024/CVE-2024-9101.md | 17 ++ 2024/CVE-2024-9102.md | 17 ++ 2024/CVE-2024-9106.md | 17 ++ 2024/CVE-2024-9112.md | 17 ++ 2024/CVE-2024-9113.md | 17 ++ 2024/CVE-2024-9114.md | 17 ++ 2024/CVE-2024-9122.md | 17 ++ 2024/CVE-2024-9129.md | 17 ++ 2024/CVE-2024-9130.md | 17 ++ 2024/CVE-2024-9143.md | 27 +++ 2024/CVE-2024-9145.md | 17 ++ 2024/CVE-2024-9148.md | 17 ++ 2024/CVE-2024-9154.md | 17 ++ 2024/CVE-2024-9156.md | 17 ++ 2024/CVE-2024-9157.md | 17 ++ 2024/CVE-2024-9160.md | 17 ++ 2024/CVE-2024-9162.md | 17 ++ 2024/CVE-2024-9164.md | 17 ++ 2024/CVE-2024-9166.md | 18 ++ 2024/CVE-2024-9182.md | 17 ++ 2024/CVE-2024-9186.md | 17 ++ 2024/CVE-2024-9191.md | 17 ++ 2024/CVE-2024-9203.md | 17 ++ 2024/CVE-2024-9224.md | 17 ++ 2024/CVE-2024-9227.md | 17 ++ 2024/CVE-2024-9230.md | 17 ++ 2024/CVE-2024-9233.md | 17 ++ 2024/CVE-2024-9234.md | 30 +++ 2024/CVE-2024-9236.md | 17 ++ 2024/CVE-2024-9238.md | 17 ++ 2024/CVE-2024-9257.md | 17 ++ 2024/CVE-2024-9264.md | 57 +++++ 2024/CVE-2024-9266.md | 17 ++ 2024/CVE-2024-9275.md | 17 ++ 2024/CVE-2024-9278.md | 17 ++ 2024/CVE-2024-9281.md | 17 ++ 2024/CVE-2024-9282.md | 17 ++ 2024/CVE-2024-9284.md | 17 ++ 2024/CVE-2024-9287.md | 18 ++ 2024/CVE-2024-9290.md | 18 ++ 2024/CVE-2024-9294.md | 17 ++ 2024/CVE-2024-9295.md | 17 ++ 2024/CVE-2024-9296.md | 17 ++ 2024/CVE-2024-9297.md | 17 ++ 2024/CVE-2024-9298.md | 17 ++ 2024/CVE-2024-9299.md | 17 ++ 2024/CVE-2024-9300.md | 17 ++ 2024/CVE-2024-9316.md | 17 ++ 2024/CVE-2024-9318.md | 17 ++ 2024/CVE-2024-9321.md | 17 ++ 2024/CVE-2024-9326.md | 17 ++ 2024/CVE-2024-9327.md | 17 ++ 2024/CVE-2024-9328.md | 17 ++ 2024/CVE-2024-9329.md | 18 ++ 2024/CVE-2024-9348.md | 17 ++ 2024/CVE-2024-9355.md | 43 ++++ 2024/CVE-2024-9359.md | 17 ++ 2024/CVE-2024-9360.md | 17 ++ 2024/CVE-2024-9374.md | 17 ++ 2024/CVE-2024-9379.md | 17 ++ 2024/CVE-2024-9390.md | 17 ++ 2024/CVE-2024-9391.md | 17 ++ 2024/CVE-2024-9396.md | 21 ++ 2024/CVE-2024-9397.md | 20 ++ 2024/CVE-2024-9398.md | 20 ++ 2024/CVE-2024-9399.md | 20 ++ 2024/CVE-2024-9422.md | 19 ++ 2024/CVE-2024-9423.md | 17 ++ 2024/CVE-2024-9428.md | 17 ++ 2024/CVE-2024-9429.md | 17 ++ 2024/CVE-2024-9440.md | 17 ++ 2024/CVE-2024-9441.md | 21 ++ 2024/CVE-2024-9450.md | 17 ++ 2024/CVE-2024-9458.md | 17 ++ 2024/CVE-2024-9463.md | 19 ++ 2024/CVE-2024-9464.md | 30 +++ 2024/CVE-2024-9465.md | 32 +++ 2024/CVE-2024-9466.md | 17 ++ 2024/CVE-2024-9473.md | 18 ++ 2024/CVE-2024-9474.md | 46 ++++ 2024/CVE-2024-9476.md | 17 ++ 2024/CVE-2024-9478.md | 17 ++ 2024/CVE-2024-9479.md | 17 ++ 2024/CVE-2024-9481.md | 17 ++ 2024/CVE-2024-9482.md | 17 ++ 2024/CVE-2024-9483.md | 17 ++ 2024/CVE-2024-9484.md | 17 ++ 2024/CVE-2024-9487.md | 17 ++ 2024/CVE-2024-9488.md | 17 ++ 2024/CVE-2024-9490.md | 17 ++ 2024/CVE-2024-9491.md | 17 ++ 2024/CVE-2024-9492.md | 17 ++ 2024/CVE-2024-9493.md | 17 ++ 2024/CVE-2024-9494.md | 17 ++ 2024/CVE-2024-9495.md | 17 ++ 2024/CVE-2024-9496.md | 17 ++ 2024/CVE-2024-9497.md | 17 ++ 2024/CVE-2024-9498.md | 17 ++ 2024/CVE-2024-9499.md | 17 ++ 2024/CVE-2024-9504.md | 17 ++ 2024/CVE-2024-9506.md | 19 ++ 2024/CVE-2024-9513.md | 18 ++ 2024/CVE-2024-9514.md | 17 ++ 2024/CVE-2024-9515.md | 17 ++ 2024/CVE-2024-9524.md | 17 ++ 2024/CVE-2024-9529.md | 19 ++ 2024/CVE-2024-9532.md | 17 ++ 2024/CVE-2024-9533.md | 17 ++ 2024/CVE-2024-9534.md | 17 ++ 2024/CVE-2024-9535.md | 17 ++ 2024/CVE-2024-9537.md | 18 ++ 2024/CVE-2024-9539.md | 17 ++ 2024/CVE-2024-9549.md | 17 ++ 2024/CVE-2024-9550.md | 17 ++ 2024/CVE-2024-9551.md | 17 ++ 2024/CVE-2024-9552.md | 17 ++ 2024/CVE-2024-9553.md | 17 ++ 2024/CVE-2024-9555.md | 17 ++ 2024/CVE-2024-9556.md | 17 ++ 2024/CVE-2024-9557.md | 17 ++ 2024/CVE-2024-9558.md | 17 ++ 2024/CVE-2024-9559.md | 17 ++ 2024/CVE-2024-9561.md | 17 ++ 2024/CVE-2024-9562.md | 17 ++ 2024/CVE-2024-9563.md | 17 ++ 2024/CVE-2024-9564.md | 17 ++ 2024/CVE-2024-9565.md | 17 ++ 2024/CVE-2024-9566.md | 17 ++ 2024/CVE-2024-9567.md | 17 ++ 2024/CVE-2024-9568.md | 17 ++ 2024/CVE-2024-9569.md | 17 ++ 2024/CVE-2024-9570.md | 18 ++ 2024/CVE-2024-9593.md | 21 ++ 2024/CVE-2024-9599.md | 17 ++ 2024/CVE-2024-9600.md | 17 ++ 2024/CVE-2024-9602.md | 17 ++ 2024/CVE-2024-9603.md | 17 ++ 2024/CVE-2024-9634.md | 17 ++ 2024/CVE-2024-9638.md | 17 ++ 2024/CVE-2024-9641.md | 17 ++ 2024/CVE-2024-9643.md | 18 ++ 2024/CVE-2024-9645.md | 17 ++ 2024/CVE-2024-9651.md | 17 ++ 2024/CVE-2024-9662.md | 17 ++ 2024/CVE-2024-9663.md | 17 ++ 2024/CVE-2024-9677.md | 17 ++ 2024/CVE-2024-9680.md | 27 +++ 2024/CVE-2024-9681.md | 18 ++ 2024/CVE-2024-9689.md | 17 ++ 2024/CVE-2024-9698.md | 18 ++ 2024/CVE-2024-9707.md | 18 ++ 2024/CVE-2024-9709.md | 17 ++ 2024/CVE-2024-9711.md | 17 ++ 2024/CVE-2024-9756.md | 18 ++ 2024/CVE-2024-9765.md | 17 ++ 2024/CVE-2024-9768.md | 17 ++ 2024/CVE-2024-9769.md | 17 ++ 2024/CVE-2024-9770.md | 17 ++ 2024/CVE-2024-9771.md | 18 ++ 2024/CVE-2024-9781.md | 17 ++ 2024/CVE-2024-9782.md | 17 ++ 2024/CVE-2024-9783.md | 17 ++ 2024/CVE-2024-9784.md | 17 ++ 2024/CVE-2024-9785.md | 17 ++ 2024/CVE-2024-9786.md | 17 ++ 2024/CVE-2024-9788.md | 17 ++ 2024/CVE-2024-9789.md | 17 ++ 2024/CVE-2024-9790.md | 17 ++ 2024/CVE-2024-9793.md | 18 ++ 2024/CVE-2024-9794.md | 17 ++ 2024/CVE-2024-9796.md | 22 ++ 2024/CVE-2024-9797.md | 17 ++ 2024/CVE-2024-9803.md | 17 ++ 2024/CVE-2024-9804.md | 17 ++ 2024/CVE-2024-9805.md | 17 ++ 2024/CVE-2024-9811.md | 17 ++ 2024/CVE-2024-9812.md | 17 ++ 2024/CVE-2024-9813.md | 17 ++ 2024/CVE-2024-9814.md | 17 ++ 2024/CVE-2024-9815.md | 17 ++ 2024/CVE-2024-9816.md | 17 ++ 2024/CVE-2024-9818.md | 17 ++ 2024/CVE-2024-9821.md | 17 ++ 2024/CVE-2024-9822.md | 17 ++ 2024/CVE-2024-9828.md | 17 ++ 2024/CVE-2024-9831.md | 17 ++ 2024/CVE-2024-9835.md | 17 ++ 2024/CVE-2024-9836.md | 17 ++ 2024/CVE-2024-9838.md | 17 ++ 2024/CVE-2024-9855.md | 19 ++ 2024/CVE-2024-9856.md | 19 ++ 2024/CVE-2024-9859.md | 17 ++ 2024/CVE-2024-9874.md | 17 ++ 2024/CVE-2024-9875.md | 17 ++ 2024/CVE-2024-9876.md | 20 ++ 2024/CVE-2024-9878.md | 17 ++ 2024/CVE-2024-9879.md | 17 ++ 2024/CVE-2024-9881.md | 17 ++ 2024/CVE-2024-9882.md | 17 ++ 2024/CVE-2024-9883.md | 17 ++ 2024/CVE-2024-9890.md | 17 ++ 2024/CVE-2024-9894.md | 17 ++ 2024/CVE-2024-9903.md | 19 ++ 2024/CVE-2024-9904.md | 19 ++ 2024/CVE-2024-9905.md | 17 ++ 2024/CVE-2024-9906.md | 17 ++ 2024/CVE-2024-9908.md | 17 ++ 2024/CVE-2024-9909.md | 17 ++ 2024/CVE-2024-9910.md | 17 ++ 2024/CVE-2024-9911.md | 17 ++ 2024/CVE-2024-9912.md | 17 ++ 2024/CVE-2024-9913.md | 17 ++ 2024/CVE-2024-9914.md | 17 ++ 2024/CVE-2024-9915.md | 17 ++ 2024/CVE-2024-9916.md | 17 ++ 2024/CVE-2024-9917.md | 17 ++ 2024/CVE-2024-9918.md | 17 ++ 2024/CVE-2024-9926.md | 18 ++ 2024/CVE-2024-9932.md | 27 +++ 2024/CVE-2024-9933.md | 18 ++ 2024/CVE-2024-9934.md | 17 ++ 2024/CVE-2024-9935.md | 29 +++ 2024/CVE-2024-9944.md | 18 ++ 2024/CVE-2024-9950.md | 17 ++ 2024/CVE-2024-9952.md | 17 ++ 2024/CVE-2024-9954.md | 17 ++ 2024/CVE-2024-9956.md | 17 ++ 2024/CVE-2024-9958.md | 17 ++ 2024/CVE-2024-9962.md | 17 ++ 2024/CVE-2024-9963.md | 17 ++ 2024/CVE-2024-9965.md | 17 ++ 2024/CVE-2024-9966.md | 17 ++ 2024/CVE-2024-9973.md | 17 ++ 2024/CVE-2024-9974.md | 17 ++ 2024/CVE-2024-9976.md | 17 ++ 2024/CVE-2024-9986.md | 17 ++ 2024/CVE-2024-9989.md | 25 ++ github.txt | 122 ++++++++++ references.txt | 538 +++++++++++++++++++++++++++++++++++++++++ 5706 files changed, 80551 insertions(+), 629 deletions(-) create mode 100644 2024/CVE-2024-0001.md create mode 100644 2024/CVE-2024-0002.md create mode 100644 2024/CVE-2024-0003.md create mode 100644 2024/CVE-2024-0004.md create mode 100644 2024/CVE-2024-0005.md create mode 100644 2024/CVE-2024-0012.md create mode 100644 2024/CVE-2024-0132.md create mode 100644 2024/CVE-2024-0135.md create mode 100644 2024/CVE-2024-0200.md create mode 100644 2024/CVE-2024-0241.md create mode 100644 2024/CVE-2024-0249.md create mode 100644 2024/CVE-2024-0324.md create mode 100644 2024/CVE-2024-0360.md create mode 100644 2024/CVE-2024-0368.md create mode 100644 2024/CVE-2024-0379.md create mode 100644 2024/CVE-2024-0405.md create mode 100644 2024/CVE-2024-0443.md create mode 100644 2024/CVE-2024-0448.md create mode 100644 2024/CVE-2024-0507.md create mode 100644 2024/CVE-2024-0509.md create mode 100644 2024/CVE-2024-0520.md create mode 100644 2024/CVE-2024-0535.md create mode 100644 2024/CVE-2024-0588.md create mode 100644 2024/CVE-2024-0590.md create mode 100644 2024/CVE-2024-0605.md create mode 100644 2024/CVE-2024-0606.md create mode 100644 2024/CVE-2024-0683.md create mode 100644 2024/CVE-2024-0708.md create mode 100644 2024/CVE-2024-0748.md create mode 100644 2024/CVE-2024-0760.md create mode 100644 2024/CVE-2024-0762.md create mode 100644 2024/CVE-2024-0771.md create mode 100644 2024/CVE-2024-0834.md create mode 100644 2024/CVE-2024-0847.md create mode 100644 2024/CVE-2024-0848.md create mode 100644 2024/CVE-2024-0852.md create mode 100644 2024/CVE-2024-0859.md create mode 100644 2024/CVE-2024-0888.md create mode 100644 2024/CVE-2024-0970.md create mode 100644 2024/CVE-2024-10004.md create mode 100644 2024/CVE-2024-10009.md create mode 100644 2024/CVE-2024-10010.md create mode 100644 2024/CVE-2024-10019.md create mode 100644 2024/CVE-2024-1002.md create mode 100644 2024/CVE-2024-10021.md create mode 100644 2024/CVE-2024-10022.md create mode 100644 2024/CVE-2024-10023.md create mode 100644 2024/CVE-2024-10024.md create mode 100644 2024/CVE-2024-10025.md create mode 100644 2024/CVE-2024-10027.md create mode 100644 2024/CVE-2024-10041.md create mode 100644 2024/CVE-2024-10054.md create mode 100644 2024/CVE-2024-10073.md create mode 100644 2024/CVE-2024-10076.md create mode 100644 2024/CVE-2024-10087.md create mode 100644 2024/CVE-2024-10088.md create mode 100644 2024/CVE-2024-10089.md create mode 100644 2024/CVE-2024-10090.md create mode 100644 2024/CVE-2024-10095.md create mode 100644 2024/CVE-2024-10098.md create mode 100644 2024/CVE-2024-10102.md create mode 100644 2024/CVE-2024-10103.md create mode 100644 2024/CVE-2024-10104.md create mode 100644 2024/CVE-2024-10105.md create mode 100644 2024/CVE-2024-10107.md create mode 100644 2024/CVE-2024-10123.md create mode 100644 2024/CVE-2024-10124.md create mode 100644 2024/CVE-2024-10130.md create mode 100644 2024/CVE-2024-10136.md create mode 100644 2024/CVE-2024-10137.md create mode 100644 2024/CVE-2024-10138.md create mode 100644 2024/CVE-2024-10139.md create mode 100644 2024/CVE-2024-10140.md create mode 100644 2024/CVE-2024-10141.md create mode 100644 2024/CVE-2024-10143.md create mode 100644 2024/CVE-2024-10144.md create mode 100644 2024/CVE-2024-10145.md create mode 100644 2024/CVE-2024-10146.md create mode 100644 2024/CVE-2024-10149.md create mode 100644 2024/CVE-2024-10151.md create mode 100644 2024/CVE-2024-10152.md create mode 100644 2024/CVE-2024-10165.md create mode 100644 2024/CVE-2024-10166.md create mode 100644 2024/CVE-2024-10167.md create mode 100644 2024/CVE-2024-10169.md create mode 100644 2024/CVE-2024-10171.md create mode 100644 2024/CVE-2024-10173.md create mode 100644 2024/CVE-2024-10196.md create mode 100644 2024/CVE-2024-10197.md create mode 100644 2024/CVE-2024-10198.md create mode 100644 2024/CVE-2024-10199.md create mode 100644 2024/CVE-2024-10220.md create mode 100644 2024/CVE-2024-10224.md create mode 100644 2024/CVE-2024-10229.md create mode 100644 2024/CVE-2024-10230.md create mode 100644 2024/CVE-2024-10231.md create mode 100644 2024/CVE-2024-10245.md create mode 100644 2024/CVE-2024-10247.md create mode 100644 2024/CVE-2024-10252.md create mode 100644 2024/CVE-2024-10280.md create mode 100644 2024/CVE-2024-10309.md create mode 100644 2024/CVE-2024-10314.md create mode 100644 2024/CVE-2024-10315.md create mode 100644 2024/CVE-2024-10327.md create mode 100644 2024/CVE-2024-10344.md create mode 100644 2024/CVE-2024-10345.md create mode 100644 2024/CVE-2024-10348.md create mode 100644 2024/CVE-2024-10349.md create mode 100644 2024/CVE-2024-10350.md create mode 100644 2024/CVE-2024-10354.md create mode 100644 2024/CVE-2024-10355.md create mode 100644 2024/CVE-2024-10362.md create mode 100644 2024/CVE-2024-10368.md create mode 100644 2024/CVE-2024-10369.md create mode 100644 2024/CVE-2024-10370.md create mode 100644 2024/CVE-2024-10372.md create mode 100644 2024/CVE-2024-10395.md create mode 100644 2024/CVE-2024-10400.md create mode 100644 2024/CVE-2024-10408.md create mode 100644 2024/CVE-2024-10409.md create mode 100644 2024/CVE-2024-10410.md create mode 100644 2024/CVE-2024-10415.md create mode 100644 2024/CVE-2024-10416.md create mode 100644 2024/CVE-2024-10417.md create mode 100644 2024/CVE-2024-10418.md create mode 100644 2024/CVE-2024-10419.md create mode 100644 2024/CVE-2024-10426.md create mode 100644 2024/CVE-2024-10427.md create mode 100644 2024/CVE-2024-10430.md create mode 100644 2024/CVE-2024-10431.md create mode 100644 2024/CVE-2024-10434.md create mode 100644 2024/CVE-2024-10435.md create mode 100644 2024/CVE-2024-10441.md create mode 100644 2024/CVE-2024-10442.md create mode 100644 2024/CVE-2024-10443.md create mode 100644 2024/CVE-2024-10448.md create mode 100644 2024/CVE-2024-10449.md create mode 100644 2024/CVE-2024-10450.md create mode 100644 2024/CVE-2024-10455.md create mode 100644 2024/CVE-2024-10460.md create mode 100644 2024/CVE-2024-10461.md create mode 100644 2024/CVE-2024-10462.md create mode 100644 2024/CVE-2024-10470.md create mode 100644 2024/CVE-2024-10471.md create mode 100644 2024/CVE-2024-10472.md create mode 100644 2024/CVE-2024-10473.md create mode 100644 2024/CVE-2024-10474.md create mode 100644 2024/CVE-2024-10475.md create mode 100644 2024/CVE-2024-10480.md create mode 100644 2024/CVE-2024-10482.md create mode 100644 2024/CVE-2024-10483.md create mode 100644 2024/CVE-2024-10487.md create mode 100644 2024/CVE-2024-10488.md create mode 100644 2024/CVE-2024-10491.md create mode 100644 2024/CVE-2024-10493.md create mode 100644 2024/CVE-2024-10499.md create mode 100644 2024/CVE-2024-10504.md create mode 100644 2024/CVE-2024-10506.md create mode 100644 2024/CVE-2024-10507.md create mode 100644 2024/CVE-2024-10508.md create mode 100644 2024/CVE-2024-10509.md create mode 100644 2024/CVE-2024-10510.md create mode 100644 2024/CVE-2024-10511.md create mode 100644 2024/CVE-2024-10515.md create mode 100644 2024/CVE-2024-10516.md create mode 100644 2024/CVE-2024-10517.md create mode 100644 2024/CVE-2024-10518.md create mode 100644 2024/CVE-2024-10524.md create mode 100644 2024/CVE-2024-10542.md create mode 100644 2024/CVE-2024-10545.md create mode 100644 2024/CVE-2024-10546.md create mode 100644 2024/CVE-2024-10551.md create mode 100644 2024/CVE-2024-10554.md create mode 100644 2024/CVE-2024-10555.md create mode 100644 2024/CVE-2024-10556.md create mode 100644 2024/CVE-2024-10557.md create mode 100644 2024/CVE-2024-10558.md create mode 100644 2024/CVE-2024-10560.md create mode 100644 2024/CVE-2024-10561.md create mode 100644 2024/CVE-2024-10562.md create mode 100644 2024/CVE-2024-10563.md create mode 100644 2024/CVE-2024-10565.md create mode 100644 2024/CVE-2024-10566.md create mode 100644 2024/CVE-2024-10568.md create mode 100644 2024/CVE-2024-10571.md create mode 100644 2024/CVE-2024-10573.md create mode 100644 2024/CVE-2024-10578.md create mode 100644 2024/CVE-2024-10586.md create mode 100644 2024/CVE-2024-10596.md create mode 100644 2024/CVE-2024-10600.md create mode 100644 2024/CVE-2024-10605.md create mode 100644 2024/CVE-2024-10607.md create mode 100644 2024/CVE-2024-10608.md create mode 100644 2024/CVE-2024-10609.md create mode 100644 2024/CVE-2024-10628.md create mode 100644 2024/CVE-2024-10629.md create mode 100644 2024/CVE-2024-10631.md create mode 100644 2024/CVE-2024-10632.md create mode 100644 2024/CVE-2024-10634.md create mode 100644 2024/CVE-2024-10637.md create mode 100644 2024/CVE-2024-10638.md create mode 100644 2024/CVE-2024-10639.md create mode 100644 2024/CVE-2024-10654.md create mode 100644 2024/CVE-2024-10660.md create mode 100644 2024/CVE-2024-10668.md create mode 100644 2024/CVE-2024-10673.md create mode 100644 2024/CVE-2024-10674.md create mode 100644 2024/CVE-2024-10677.md create mode 100644 2024/CVE-2024-10678.md create mode 100644 2024/CVE-2024-10679.md create mode 100644 2024/CVE-2024-10680.md create mode 100644 2024/CVE-2024-10697.md create mode 100644 2024/CVE-2024-10700.md create mode 100644 2024/CVE-2024-10702.md create mode 100644 2024/CVE-2024-10703.md create mode 100644 2024/CVE-2024-10704.md create mode 100644 2024/CVE-2024-10706.md create mode 100644 2024/CVE-2024-10708.md create mode 100644 2024/CVE-2024-10709.md create mode 100644 2024/CVE-2024-10710.md create mode 100644 2024/CVE-2024-10728.md create mode 100644 2024/CVE-2024-10733.md create mode 100644 2024/CVE-2024-10737.md create mode 100644 2024/CVE-2024-10738.md create mode 100644 2024/CVE-2024-10739.md create mode 100644 2024/CVE-2024-10740.md create mode 100644 2024/CVE-2024-10741.md create mode 100644 2024/CVE-2024-10742.md create mode 100644 2024/CVE-2024-10750.md create mode 100644 2024/CVE-2024-10751.md create mode 100644 2024/CVE-2024-10752.md create mode 100644 2024/CVE-2024-10758.md create mode 100644 2024/CVE-2024-10759.md create mode 100644 2024/CVE-2024-10760.md create mode 100644 2024/CVE-2024-10764.md create mode 100644 2024/CVE-2024-10765.md create mode 100644 2024/CVE-2024-10766.md create mode 100644 2024/CVE-2024-10771.md create mode 100644 2024/CVE-2024-10772.md create mode 100644 2024/CVE-2024-10773.md create mode 100644 2024/CVE-2024-10774.md create mode 100644 2024/CVE-2024-10776.md create mode 100644 2024/CVE-2024-10781.md create mode 100644 2024/CVE-2024-10791.md create mode 100644 2024/CVE-2024-10792.md create mode 100644 2024/CVE-2024-10793.md create mode 100644 2024/CVE-2024-10805.md create mode 100644 2024/CVE-2024-10808.md create mode 100644 2024/CVE-2024-10809.md create mode 100644 2024/CVE-2024-10810.md create mode 100644 2024/CVE-2024-10813.md create mode 100644 2024/CVE-2024-10815.md create mode 100644 2024/CVE-2024-10818.md create mode 100644 2024/CVE-2024-10826.md create mode 100644 2024/CVE-2024-10828.md create mode 100644 2024/CVE-2024-10838.md create mode 100644 2024/CVE-2024-10844.md create mode 100644 2024/CVE-2024-10845.md create mode 100644 2024/CVE-2024-10858.md create mode 100644 2024/CVE-2024-10864.md create mode 100644 2024/CVE-2024-10865.md create mode 100644 2024/CVE-2024-10892.md create mode 100644 2024/CVE-2024-10893.md create mode 100644 2024/CVE-2024-10896.md create mode 100644 2024/CVE-2024-10903.md create mode 100644 2024/CVE-2024-10905.md create mode 100644 2024/CVE-2024-10913.md create mode 100644 2024/CVE-2024-10914.md create mode 100644 2024/CVE-2024-10915.md create mode 100644 2024/CVE-2024-10919.md create mode 100644 2024/CVE-2024-10924.md create mode 100644 2024/CVE-2024-10926.md create mode 100644 2024/CVE-2024-10930.md create mode 100644 2024/CVE-2024-10939.md create mode 100644 2024/CVE-2024-10941.md create mode 100644 2024/CVE-2024-10946.md create mode 100644 2024/CVE-2024-10947.md create mode 100644 2024/CVE-2024-10958.md create mode 100644 2024/CVE-2024-10963.md create mode 100644 2024/CVE-2024-10966.md create mode 100644 2024/CVE-2024-10967.md create mode 100644 2024/CVE-2024-10968.md create mode 100644 2024/CVE-2024-10969.md create mode 100644 2024/CVE-2024-1097.md create mode 100644 2024/CVE-2024-10971.md create mode 100644 2024/CVE-2024-10976.md create mode 100644 2024/CVE-2024-10977.md create mode 100644 2024/CVE-2024-10978.md create mode 100644 2024/CVE-2024-10979.md create mode 100644 2024/CVE-2024-10980.md create mode 100644 2024/CVE-2024-10987.md create mode 100644 2024/CVE-2024-10989.md create mode 100644 2024/CVE-2024-10991.md create mode 100644 2024/CVE-2024-10993.md create mode 100644 2024/CVE-2024-10994.md create mode 100644 2024/CVE-2024-10995.md create mode 100644 2024/CVE-2024-10996.md create mode 100644 2024/CVE-2024-10998.md create mode 100644 2024/CVE-2024-10999.md create mode 100644 2024/CVE-2024-11000.md create mode 100644 2024/CVE-2024-11003.md create mode 100644 2024/CVE-2024-11008.md create mode 100644 2024/CVE-2024-11022.md create mode 100644 2024/CVE-2024-11026.md create mode 100644 2024/CVE-2024-11040.md create mode 100644 2024/CVE-2024-11042.md create mode 100644 2024/CVE-2024-11049.md create mode 100644 2024/CVE-2024-11050.md create mode 100644 2024/CVE-2024-11051.md create mode 100644 2024/CVE-2024-11053.md create mode 100644 2024/CVE-2024-11056.md create mode 100644 2024/CVE-2024-11061.md create mode 100644 2024/CVE-2024-11075.md create mode 100644 2024/CVE-2024-11079.md create mode 100644 2024/CVE-2024-11083.md create mode 100644 2024/CVE-2024-11084.md create mode 100644 2024/CVE-2024-11089.md create mode 100644 2024/CVE-2024-11090.md create mode 100644 2024/CVE-2024-11102.md create mode 100644 2024/CVE-2024-11106.md create mode 100644 2024/CVE-2024-11107.md create mode 100644 2024/CVE-2024-11108.md create mode 100644 2024/CVE-2024-11109.md create mode 100644 2024/CVE-2024-1111.md create mode 100644 2024/CVE-2024-11111.md create mode 100644 2024/CVE-2024-11114.md create mode 100644 2024/CVE-2024-11116.md create mode 100644 2024/CVE-2024-11120.md create mode 100644 2024/CVE-2024-11121.md create mode 100644 2024/CVE-2024-11122.md create mode 100644 2024/CVE-2024-11123.md create mode 100644 2024/CVE-2024-11140.md create mode 100644 2024/CVE-2024-11141.md create mode 100644 2024/CVE-2024-11153.md create mode 100644 2024/CVE-2024-11178.md create mode 100644 2024/CVE-2024-11182.md create mode 100644 2024/CVE-2024-11183.md create mode 100644 2024/CVE-2024-11184.md create mode 100644 2024/CVE-2024-11187.md create mode 100644 2024/CVE-2024-11189.md create mode 100644 2024/CVE-2024-11190.md create mode 100644 2024/CVE-2024-11199.md create mode 100644 2024/CVE-2024-11201.md create mode 100644 2024/CVE-2024-11205.md create mode 100644 2024/CVE-2024-11221.md create mode 100644 2024/CVE-2024-11223.md create mode 100644 2024/CVE-2024-11237.md create mode 100644 2024/CVE-2024-11240.md create mode 100644 2024/CVE-2024-11243.md create mode 100644 2024/CVE-2024-11248.md create mode 100644 2024/CVE-2024-11251.md create mode 100644 2024/CVE-2024-11252.md create mode 100644 2024/CVE-2024-11257.md create mode 100644 2024/CVE-2024-11258.md create mode 100644 2024/CVE-2024-11261.md create mode 100644 2024/CVE-2024-11262.md create mode 100644 2024/CVE-2024-11266.md create mode 100644 2024/CVE-2024-11267.md create mode 100644 2024/CVE-2024-11269.md create mode 100644 2024/CVE-2024-11272.md create mode 100644 2024/CVE-2024-11273.md create mode 100644 2024/CVE-2024-11280.md create mode 100644 2024/CVE-2024-11282.md create mode 100644 2024/CVE-2024-1129.md create mode 100644 2024/CVE-2024-11290.md create mode 100644 2024/CVE-2024-11291.md create mode 100644 2024/CVE-2024-11292.md create mode 100644 2024/CVE-2024-11294.md create mode 100644 2024/CVE-2024-11295.md create mode 100644 2024/CVE-2024-11297.md create mode 100644 2024/CVE-2024-11303.md create mode 100644 2024/CVE-2024-11305.md create mode 100644 2024/CVE-2024-11306.md create mode 100644 2024/CVE-2024-11318.md create mode 100644 2024/CVE-2024-11319.md create mode 100644 2024/CVE-2024-11320.md create mode 100644 2024/CVE-2024-11322.md create mode 100644 2024/CVE-2024-11351.md create mode 100644 2024/CVE-2024-11356.md create mode 100644 2024/CVE-2024-11357.md create mode 100644 2024/CVE-2024-11372.md create mode 100644 2024/CVE-2024-11373.md create mode 100644 2024/CVE-2024-11381.md create mode 100644 2024/CVE-2024-11392.md create mode 100644 2024/CVE-2024-11393.md create mode 100644 2024/CVE-2024-11394.md create mode 100644 2024/CVE-2024-11395.md create mode 100644 2024/CVE-2024-11396.md create mode 100644 2024/CVE-2024-11404.md create mode 100644 2024/CVE-2024-11423.md create mode 100644 2024/CVE-2024-11451.md create mode 100644 2024/CVE-2024-11477.md create mode 100644 2024/CVE-2024-11484.md create mode 100644 2024/CVE-2024-11485.md create mode 100644 2024/CVE-2024-11486.md create mode 100644 2024/CVE-2024-11487.md create mode 100644 2024/CVE-2024-11502.md create mode 100644 2024/CVE-2024-11503.md create mode 100644 2024/CVE-2024-11591.md create mode 100644 2024/CVE-2024-11592.md create mode 100644 2024/CVE-2024-11605.md create mode 100644 2024/CVE-2024-11606.md create mode 100644 2024/CVE-2024-11607.md create mode 100644 2024/CVE-2024-11613.md create mode 100644 2024/CVE-2024-11616.md create mode 100644 2024/CVE-2024-11621.md create mode 100644 2024/CVE-2024-11635.md create mode 100644 2024/CVE-2024-11636.md create mode 100644 2024/CVE-2024-11638.md create mode 100644 2024/CVE-2024-11639.md create mode 100644 2024/CVE-2024-11643.md create mode 100644 2024/CVE-2024-11644.md create mode 100644 2024/CVE-2024-11645.md create mode 100644 2024/CVE-2024-11646.md create mode 100644 2024/CVE-2024-11650.md create mode 100644 2024/CVE-2024-11667.md create mode 100644 2024/CVE-2024-11670.md create mode 100644 2024/CVE-2024-11671.md create mode 100644 2024/CVE-2024-11672.md create mode 100644 2024/CVE-2024-11673.md create mode 100644 2024/CVE-2024-11675.md create mode 100644 2024/CVE-2024-11676.md create mode 100644 2024/CVE-2024-11677.md create mode 100644 2024/CVE-2024-11680.md create mode 100644 2024/CVE-2024-11691.md create mode 100644 2024/CVE-2024-11692.md create mode 100644 2024/CVE-2024-11693.md create mode 100644 2024/CVE-2024-11695.md create mode 100644 2024/CVE-2024-11697.md create mode 100644 2024/CVE-2024-11700.md create mode 100644 2024/CVE-2024-11704.md create mode 100644 2024/CVE-2024-11716.md create mode 100644 2024/CVE-2024-11717.md create mode 100644 2024/CVE-2024-11718.md create mode 100644 2024/CVE-2024-11719.md create mode 100644 2024/CVE-2024-11728.md create mode 100644 2024/CVE-2024-11745.md create mode 100644 2024/CVE-2024-11772.md create mode 100644 2024/CVE-2024-11824.md create mode 100644 2024/CVE-2024-11831.md create mode 100644 2024/CVE-2024-11841.md create mode 100644 2024/CVE-2024-11842.md create mode 100644 2024/CVE-2024-11843.md create mode 100644 2024/CVE-2024-11846.md create mode 100644 2024/CVE-2024-11847.md create mode 100644 2024/CVE-2024-11848.md create mode 100644 2024/CVE-2024-11849.md create mode 100644 2024/CVE-2024-11850.md create mode 100644 2024/CVE-2024-11857.md create mode 100644 2024/CVE-2024-11860.md create mode 100644 2024/CVE-2024-1190.md create mode 100644 2024/CVE-2024-1191.md create mode 100644 2024/CVE-2024-1192.md create mode 100644 2024/CVE-2024-11921.md create mode 100644 2024/CVE-2024-11922.md create mode 100644 2024/CVE-2024-11924.md create mode 100644 2024/CVE-2024-11930.md create mode 100644 2024/CVE-2024-11955.md create mode 100644 2024/CVE-2024-11958.md create mode 100644 2024/CVE-2024-11959.md create mode 100644 2024/CVE-2024-11960.md create mode 100644 2024/CVE-2024-11972.md create mode 100644 2024/CVE-2024-11977.md create mode 100644 2024/CVE-2024-11986.md create mode 100644 2024/CVE-2024-12002.md create mode 100644 2024/CVE-2024-12006.md create mode 100644 2024/CVE-2024-12007.md create mode 100644 2024/CVE-2024-12008.md create mode 100644 2024/CVE-2024-12015.md create mode 100644 2024/CVE-2024-12019.md create mode 100644 2024/CVE-2024-12020.md create mode 100644 2024/CVE-2024-12025.md create mode 100644 2024/CVE-2024-12029.md create mode 100644 2024/CVE-2024-12035.md create mode 100644 2024/CVE-2024-12053.md create mode 100644 2024/CVE-2024-12084.md create mode 100644 2024/CVE-2024-12085.md create mode 100644 2024/CVE-2024-12086.md create mode 100644 2024/CVE-2024-12087.md create mode 100644 2024/CVE-2024-12088.md create mode 100644 2024/CVE-2024-12096.md create mode 100644 2024/CVE-2024-12107.md create mode 100644 2024/CVE-2024-12109.md create mode 100644 2024/CVE-2024-1211.md create mode 100644 2024/CVE-2024-12133.md create mode 100644 2024/CVE-2024-12148.md create mode 100644 2024/CVE-2024-12149.md create mode 100644 2024/CVE-2024-12151.md create mode 100644 2024/CVE-2024-12157.md create mode 100644 2024/CVE-2024-12163.md create mode 100644 2024/CVE-2024-12172.md create mode 100644 2024/CVE-2024-12173.md create mode 100644 2024/CVE-2024-12196.md create mode 100644 2024/CVE-2024-12209.md create mode 100644 2024/CVE-2024-12232.md create mode 100644 2024/CVE-2024-12233.md create mode 100644 2024/CVE-2024-12234.md create mode 100644 2024/CVE-2024-12243.md create mode 100644 2024/CVE-2024-12245.md create mode 100644 2024/CVE-2024-12252.md create mode 100644 2024/CVE-2024-12254.md create mode 100644 2024/CVE-2024-12270.md create mode 100644 2024/CVE-2024-12273.md create mode 100644 2024/CVE-2024-12274.md create mode 100644 2024/CVE-2024-12275.md create mode 100644 2024/CVE-2024-12280.md create mode 100644 2024/CVE-2024-12282.md create mode 100644 2024/CVE-2024-12284.md create mode 100644 2024/CVE-2024-12301.md create mode 100644 2024/CVE-2024-12302.md create mode 100644 2024/CVE-2024-12305.md create mode 100644 2024/CVE-2024-12306.md create mode 100644 2024/CVE-2024-12307.md create mode 100644 2024/CVE-2024-12308.md create mode 100644 2024/CVE-2024-12311.md create mode 100644 2024/CVE-2024-12312.md create mode 100644 2024/CVE-2024-12321.md create mode 100644 2024/CVE-2024-12342.md create mode 100644 2024/CVE-2024-12343.md create mode 100644 2024/CVE-2024-12344.md create mode 100644 2024/CVE-2024-12345.md create mode 100644 2024/CVE-2024-12346.md create mode 100644 2024/CVE-2024-12347.md create mode 100644 2024/CVE-2024-1235.md create mode 100644 2024/CVE-2024-12356.md create mode 100644 2024/CVE-2024-12365.md create mode 100644 2024/CVE-2024-12368.md create mode 100644 2024/CVE-2024-12379.md create mode 100644 2024/CVE-2024-12381.md create mode 100644 2024/CVE-2024-12382.md create mode 100644 2024/CVE-2024-12400.md create mode 100644 2024/CVE-2024-12404.md create mode 100644 2024/CVE-2024-12425.md create mode 100644 2024/CVE-2024-12426.md create mode 100644 2024/CVE-2024-12436.md create mode 100644 2024/CVE-2024-12471.md create mode 100644 2024/CVE-2024-12476.md create mode 100644 2024/CVE-2024-12483.md create mode 100644 2024/CVE-2024-12484.md create mode 100644 2024/CVE-2024-12535.md create mode 100644 2024/CVE-2024-12542.md create mode 100644 2024/CVE-2024-12558.md create mode 100644 2024/CVE-2024-12566.md create mode 100644 2024/CVE-2024-12567.md create mode 100644 2024/CVE-2024-12568.md create mode 100644 2024/CVE-2024-12581.md create mode 100644 2024/CVE-2024-12583.md create mode 100644 2024/CVE-2024-12585.md create mode 100644 2024/CVE-2024-12586.md create mode 100644 2024/CVE-2024-12587.md create mode 100644 2024/CVE-2024-12594.md create mode 100644 2024/CVE-2024-12595.md create mode 100644 2024/CVE-2024-12632.md create mode 100644 2024/CVE-2024-12638.md create mode 100644 2024/CVE-2024-12641.md create mode 100644 2024/CVE-2024-12663.md create mode 100644 2024/CVE-2024-12664.md create mode 100644 2024/CVE-2024-12665.md create mode 100644 2024/CVE-2024-12667.md create mode 100644 2024/CVE-2024-12679.md create mode 100644 2024/CVE-2024-12680.md create mode 100644 2024/CVE-2024-12682.md create mode 100644 2024/CVE-2024-12683.md create mode 100644 2024/CVE-2024-12686.md create mode 100644 2024/CVE-2024-12692.md create mode 100644 2024/CVE-2024-12693.md create mode 100644 2024/CVE-2024-12695.md create mode 100644 2024/CVE-2024-12704.md create mode 100644 2024/CVE-2024-12705.md create mode 100644 2024/CVE-2024-12708.md create mode 100644 2024/CVE-2024-12709.md create mode 100644 2024/CVE-2024-12714.md create mode 100644 2024/CVE-2024-12715.md create mode 100644 2024/CVE-2024-12716.md create mode 100644 2024/CVE-2024-12717.md create mode 100644 2024/CVE-2024-12718.md create mode 100644 2024/CVE-2024-12722.md create mode 100644 2024/CVE-2024-12723.md create mode 100644 2024/CVE-2024-12724.md create mode 100644 2024/CVE-2024-12725.md create mode 100644 2024/CVE-2024-12726.md create mode 100644 2024/CVE-2024-12731.md create mode 100644 2024/CVE-2024-12732.md create mode 100644 2024/CVE-2024-12733.md create mode 100644 2024/CVE-2024-12734.md create mode 100644 2024/CVE-2024-12735.md create mode 100644 2024/CVE-2024-12736.md create mode 100644 2024/CVE-2024-12737.md create mode 100644 2024/CVE-2024-12739.md create mode 100644 2024/CVE-2024-12743.md create mode 100644 2024/CVE-2024-12747.md create mode 100644 2024/CVE-2024-12749.md create mode 100644 2024/CVE-2024-12750.md create mode 100644 2024/CVE-2024-12754.md create mode 100644 2024/CVE-2024-12767.md create mode 100644 2024/CVE-2024-12768.md create mode 100644 2024/CVE-2024-12769.md create mode 100644 2024/CVE-2024-12770.md create mode 100644 2024/CVE-2024-12772.md create mode 100644 2024/CVE-2024-12773.md create mode 100644 2024/CVE-2024-12774.md create mode 100644 2024/CVE-2024-12797.md create mode 100644 2024/CVE-2024-12798.md create mode 100644 2024/CVE-2024-12800.md create mode 100644 2024/CVE-2024-12801.md create mode 100644 2024/CVE-2024-12807.md create mode 100644 2024/CVE-2024-12808.md create mode 100644 2024/CVE-2024-12812.md create mode 100644 2024/CVE-2024-12847.md create mode 100644 2024/CVE-2024-12848.md create mode 100644 2024/CVE-2024-12849.md create mode 100644 2024/CVE-2024-12856.md create mode 100644 2024/CVE-2024-12872.md create mode 100644 2024/CVE-2024-12873.md create mode 100644 2024/CVE-2024-12874.md create mode 100644 2024/CVE-2024-12877.md create mode 100644 2024/CVE-2024-12878.md create mode 100644 2024/CVE-2024-12883.md create mode 100644 2024/CVE-2024-12884.md create mode 100644 2024/CVE-2024-12905.md create mode 100644 2024/CVE-2024-12907.md create mode 100644 2024/CVE-2024-12908.md create mode 100644 2024/CVE-2024-12909.md create mode 100644 2024/CVE-2024-12910.md create mode 100644 2024/CVE-2024-12911.md create mode 100644 2024/CVE-2024-12912.md create mode 100644 2024/CVE-2024-12928.md create mode 100644 2024/CVE-2024-12930.md create mode 100644 2024/CVE-2024-12933.md create mode 100644 2024/CVE-2024-12935.md create mode 100644 2024/CVE-2024-12938.md create mode 100644 2024/CVE-2024-12949.md create mode 100644 2024/CVE-2024-12950.md create mode 100644 2024/CVE-2024-12970.md create mode 100644 2024/CVE-2024-13012.md create mode 100644 2024/CVE-2024-13015.md create mode 100644 2024/CVE-2024-13016.md create mode 100644 2024/CVE-2024-13017.md create mode 100644 2024/CVE-2024-13018.md create mode 100644 2024/CVE-2024-13019.md create mode 100644 2024/CVE-2024-13020.md create mode 100644 2024/CVE-2024-13028.md create mode 100644 2024/CVE-2024-13029.md create mode 100644 2024/CVE-2024-13031.md create mode 100644 2024/CVE-2024-13032.md create mode 100644 2024/CVE-2024-13036.md create mode 100644 2024/CVE-2024-13050.md create mode 100644 2024/CVE-2024-13052.md create mode 100644 2024/CVE-2024-13053.md create mode 100644 2024/CVE-2024-13054.md create mode 100644 2024/CVE-2024-13055.md create mode 100644 2024/CVE-2024-13056.md create mode 100644 2024/CVE-2024-13057.md create mode 100644 2024/CVE-2024-13080.md create mode 100644 2024/CVE-2024-13081.md create mode 100644 2024/CVE-2024-13082.md create mode 100644 2024/CVE-2024-13083.md create mode 100644 2024/CVE-2024-13084.md create mode 100644 2024/CVE-2024-13085.md create mode 100644 2024/CVE-2024-13094.md create mode 100644 2024/CVE-2024-13095.md create mode 100644 2024/CVE-2024-13096.md create mode 100644 2024/CVE-2024-13097.md create mode 100644 2024/CVE-2024-13098.md create mode 100644 2024/CVE-2024-13099.md create mode 100644 2024/CVE-2024-13100.md create mode 100644 2024/CVE-2024-13101.md create mode 100644 2024/CVE-2024-13112.md create mode 100644 2024/CVE-2024-13113.md create mode 100644 2024/CVE-2024-13114.md create mode 100644 2024/CVE-2024-13115.md create mode 100644 2024/CVE-2024-13116.md create mode 100644 2024/CVE-2024-13117.md create mode 100644 2024/CVE-2024-13118.md create mode 100644 2024/CVE-2024-13119.md create mode 100644 2024/CVE-2024-13120.md create mode 100644 2024/CVE-2024-13121.md create mode 100644 2024/CVE-2024-13122.md create mode 100644 2024/CVE-2024-13123.md create mode 100644 2024/CVE-2024-13124.md create mode 100644 2024/CVE-2024-13125.md create mode 100644 2024/CVE-2024-13126.md create mode 100644 2024/CVE-2024-13127.md create mode 100644 2024/CVE-2024-13128.md create mode 100644 2024/CVE-2024-13146.md create mode 100644 2024/CVE-2024-13159.md create mode 100644 2024/CVE-2024-13160.md create mode 100644 2024/CVE-2024-13161.md create mode 100644 2024/CVE-2024-13176.md create mode 100644 2024/CVE-2024-13184.md create mode 100644 2024/CVE-2024-13198.md create mode 100644 2024/CVE-2024-13199.md create mode 100644 2024/CVE-2024-13203.md create mode 100644 2024/CVE-2024-13204.md create mode 100644 2024/CVE-2024-13205.md create mode 100644 2024/CVE-2024-13207.md create mode 100644 2024/CVE-2024-13208.md create mode 100644 2024/CVE-2024-13209.md create mode 100644 2024/CVE-2024-13218.md create mode 100644 2024/CVE-2024-13219.md create mode 100644 2024/CVE-2024-13220.md create mode 100644 2024/CVE-2024-13221.md create mode 100644 2024/CVE-2024-13222.md create mode 100644 2024/CVE-2024-13223.md create mode 100644 2024/CVE-2024-13224.md create mode 100644 2024/CVE-2024-13225.md create mode 100644 2024/CVE-2024-13226.md create mode 100644 2024/CVE-2024-13306.md create mode 100644 2024/CVE-2024-13313.md create mode 100644 2024/CVE-2024-13314.md create mode 100644 2024/CVE-2024-13322.md create mode 100644 2024/CVE-2024-13325.md create mode 100644 2024/CVE-2024-13326.md create mode 100644 2024/CVE-2024-13327.md create mode 100644 2024/CVE-2024-13328.md create mode 100644 2024/CVE-2024-13329.md create mode 100644 2024/CVE-2024-13330.md create mode 100644 2024/CVE-2024-13331.md create mode 100644 2024/CVE-2024-13332.md create mode 100644 2024/CVE-2024-13334.md create mode 100644 2024/CVE-2024-13345.md create mode 100644 2024/CVE-2024-13346.md create mode 100644 2024/CVE-2024-13347.md create mode 100644 2024/CVE-2024-13352.md create mode 100644 2024/CVE-2024-13357.md create mode 100644 2024/CVE-2024-13375.md create mode 100644 2024/CVE-2024-13381.md create mode 100644 2024/CVE-2024-13382.md create mode 100644 2024/CVE-2024-13383.md create mode 100644 2024/CVE-2024-13384.md create mode 100644 2024/CVE-2024-13454.md create mode 100644 2024/CVE-2024-13478.md create mode 100644 2024/CVE-2024-13479.md create mode 100644 2024/CVE-2024-13481.md create mode 100644 2024/CVE-2024-13482.md create mode 100644 2024/CVE-2024-13483.md create mode 100644 2024/CVE-2024-13485.md create mode 100644 2024/CVE-2024-13486.md create mode 100644 2024/CVE-2024-13488.md create mode 100644 2024/CVE-2024-13489.md create mode 100644 2024/CVE-2024-13492.md create mode 100644 2024/CVE-2024-13493.md create mode 100644 2024/CVE-2024-13496.md create mode 100644 2024/CVE-2024-13513.md create mode 100644 2024/CVE-2024-13524.md create mode 100644 2024/CVE-2024-13543.md create mode 100644 2024/CVE-2024-13544.md create mode 100644 2024/CVE-2024-13569.md create mode 100644 2024/CVE-2024-13570.md create mode 100644 2024/CVE-2024-13571.md create mode 100644 2024/CVE-2024-13574.md create mode 100644 2024/CVE-2024-13580.md create mode 100644 2024/CVE-2024-13585.md create mode 100644 2024/CVE-2024-13597.md create mode 100644 2024/CVE-2024-13598.md create mode 100644 2024/CVE-2024-13602.md create mode 100644 2024/CVE-2024-13603.md create mode 100644 2024/CVE-2024-13605.md create mode 100644 2024/CVE-2024-13608.md create mode 100644 2024/CVE-2024-13610.md create mode 100644 2024/CVE-2024-13615.md create mode 100644 2024/CVE-2024-13616.md create mode 100644 2024/CVE-2024-13617.md create mode 100644 2024/CVE-2024-13618.md create mode 100644 2024/CVE-2024-13619.md create mode 100644 2024/CVE-2024-13621.md create mode 100644 2024/CVE-2024-13624.md create mode 100644 2024/CVE-2024-13625.md create mode 100644 2024/CVE-2024-13626.md create mode 100644 2024/CVE-2024-13627.md create mode 100644 2024/CVE-2024-13628.md create mode 100644 2024/CVE-2024-13629.md create mode 100644 2024/CVE-2024-13630.md create mode 100644 2024/CVE-2024-13631.md create mode 100644 2024/CVE-2024-13632.md create mode 100644 2024/CVE-2024-13633.md create mode 100644 2024/CVE-2024-13634.md create mode 100644 2024/CVE-2024-13667.md create mode 100644 2024/CVE-2024-13668.md create mode 100644 2024/CVE-2024-13669.md create mode 100644 2024/CVE-2024-13678.md create mode 100644 2024/CVE-2024-13681.md create mode 100644 2024/CVE-2024-13685.md create mode 100644 2024/CVE-2024-13688.md create mode 100644 2024/CVE-2024-13689.md create mode 100644 2024/CVE-2024-13691.md create mode 100644 2024/CVE-2024-13722.md create mode 100644 2024/CVE-2024-13723.md create mode 100644 2024/CVE-2024-13726.md create mode 100644 2024/CVE-2024-13727.md create mode 100644 2024/CVE-2024-13729.md create mode 100644 2024/CVE-2024-13730.md create mode 100644 2024/CVE-2024-13759.md create mode 100644 2024/CVE-2024-1380.md create mode 100644 2024/CVE-2024-13800.md create mode 100644 2024/CVE-2024-13804.md create mode 100644 2024/CVE-2024-13822.md create mode 100644 2024/CVE-2024-13823.md create mode 100644 2024/CVE-2024-13825.md create mode 100644 2024/CVE-2024-13826.md create mode 100644 2024/CVE-2024-13828.md create mode 100644 2024/CVE-2024-13836.md create mode 100644 2024/CVE-2024-13853.md create mode 100644 2024/CVE-2024-13862.md create mode 100644 2024/CVE-2024-13863.md create mode 100644 2024/CVE-2024-13864.md create mode 100644 2024/CVE-2024-13865.md create mode 100644 2024/CVE-2024-13868.md create mode 100644 2024/CVE-2024-13869.md create mode 100644 2024/CVE-2024-13874.md create mode 100644 2024/CVE-2024-13875.md create mode 100644 2024/CVE-2024-13876.md create mode 100644 2024/CVE-2024-13877.md create mode 100644 2024/CVE-2024-13878.md create mode 100644 2024/CVE-2024-13880.md create mode 100644 2024/CVE-2024-13881.md create mode 100644 2024/CVE-2024-13884.md create mode 100644 2024/CVE-2024-13885.md create mode 100644 2024/CVE-2024-13891.md create mode 100644 2024/CVE-2024-13892.md create mode 100644 2024/CVE-2024-13893.md create mode 100644 2024/CVE-2024-13894.md create mode 100644 2024/CVE-2024-13896.md create mode 100644 2024/CVE-2024-13903.md create mode 100644 2024/CVE-2024-13918.md create mode 100644 2024/CVE-2024-13925.md create mode 100644 2024/CVE-2024-13926.md create mode 100644 2024/CVE-2024-13944.md create mode 100644 2024/CVE-2024-13959.md create mode 100644 2024/CVE-2024-13960.md create mode 100644 2024/CVE-2024-13961.md create mode 100644 2024/CVE-2024-13962.md create mode 100644 2024/CVE-2024-13966.md create mode 100644 2024/CVE-2024-1442.md create mode 100644 2024/CVE-2024-1592.md create mode 100644 2024/CVE-2024-1621.md create mode 100644 2024/CVE-2024-1663.md create mode 100644 2024/CVE-2024-1681.md create mode 100644 2024/CVE-2024-1682.md create mode 100644 2024/CVE-2024-1710.md create mode 100644 2024/CVE-2024-1728.md create mode 100644 2024/CVE-2024-1764.md create mode 100644 2024/CVE-2024-1780.md create mode 100644 2024/CVE-2024-1898.md create mode 100644 2024/CVE-2024-1900.md create mode 100644 2024/CVE-2024-1901.md create mode 100644 2024/CVE-2024-1968.md create mode 100644 2024/CVE-2024-20076.md create mode 100644 2024/CVE-2024-20077.md create mode 100644 2024/CVE-2024-20088.md create mode 100644 2024/CVE-2024-20090.md create mode 100644 2024/CVE-2024-20091.md create mode 100644 2024/CVE-2024-20092.md create mode 100644 2024/CVE-2024-20093.md create mode 100644 2024/CVE-2024-20095.md create mode 100644 2024/CVE-2024-20096.md create mode 100644 2024/CVE-2024-20097.md create mode 100644 2024/CVE-2024-20104.md create mode 100644 2024/CVE-2024-20105.md create mode 100644 2024/CVE-2024-20106.md create mode 100644 2024/CVE-2024-20107.md create mode 100644 2024/CVE-2024-20116.md create mode 100644 2024/CVE-2024-20130.md create mode 100644 2024/CVE-2024-20136.md create mode 100644 2024/CVE-2024-20137.md create mode 100644 2024/CVE-2024-20253.md create mode 100644 2024/CVE-2024-20269.md create mode 100644 2024/CVE-2024-20300.md create mode 100644 2024/CVE-2024-20365.md create mode 100644 2024/CVE-2024-20377.md create mode 100644 2024/CVE-2024-20387.md create mode 100644 2024/CVE-2024-20388.md create mode 100644 2024/CVE-2024-20403.md create mode 100644 2024/CVE-2024-20409.md create mode 100644 2024/CVE-2024-20424.md create mode 100644 2024/CVE-2024-20433.md create mode 100644 2024/CVE-2024-20434.md create mode 100644 2024/CVE-2024-20439.md create mode 100644 2024/CVE-2024-20440.md create mode 100644 2024/CVE-2024-20455.md create mode 100644 2024/CVE-2024-20467.md create mode 100644 2024/CVE-2024-20469.md create mode 100644 2024/CVE-2024-20481.md create mode 100644 2024/CVE-2024-20515.md create mode 100644 2024/CVE-2024-20889.md create mode 100644 2024/CVE-2024-20890.md create mode 100644 2024/CVE-2024-20918.md create mode 100644 2024/CVE-2024-20919.md create mode 100644 2024/CVE-2024-20921.md create mode 100644 2024/CVE-2024-21182.md create mode 100644 2024/CVE-2024-21193.md create mode 100644 2024/CVE-2024-21194.md create mode 100644 2024/CVE-2024-21196.md create mode 100644 2024/CVE-2024-21197.md create mode 100644 2024/CVE-2024-21198.md create mode 100644 2024/CVE-2024-21199.md create mode 100644 2024/CVE-2024-21201.md create mode 100644 2024/CVE-2024-21212.md create mode 100644 2024/CVE-2024-21213.md create mode 100644 2024/CVE-2024-21216.md create mode 100644 2024/CVE-2024-21219.md create mode 100644 2024/CVE-2024-21230.md create mode 100644 2024/CVE-2024-21231.md create mode 100644 2024/CVE-2024-21236.md create mode 100644 2024/CVE-2024-21237.md create mode 100644 2024/CVE-2024-21239.md create mode 100644 2024/CVE-2024-21241.md create mode 100644 2024/CVE-2024-21287.md create mode 100644 2024/CVE-2024-21403.md create mode 100644 2024/CVE-2024-21409.md create mode 100644 2024/CVE-2024-21455.md create mode 100644 2024/CVE-2024-21489.md create mode 100644 2024/CVE-2024-21510.md create mode 100644 2024/CVE-2024-21528.md create mode 100644 2024/CVE-2024-21529.md create mode 100644 2024/CVE-2024-21530.md create mode 100644 2024/CVE-2024-21531.md create mode 100644 2024/CVE-2024-21532.md create mode 100644 2024/CVE-2024-21533.md create mode 100644 2024/CVE-2024-21534.md create mode 100644 2024/CVE-2024-21535.md create mode 100644 2024/CVE-2024-21536.md create mode 100644 2024/CVE-2024-21537.md create mode 100644 2024/CVE-2024-21538.md create mode 100644 2024/CVE-2024-21539.md create mode 100644 2024/CVE-2024-21541.md create mode 100644 2024/CVE-2024-21542.md create mode 100644 2024/CVE-2024-21543.md create mode 100644 2024/CVE-2024-21544.md create mode 100644 2024/CVE-2024-21546.md create mode 100644 2024/CVE-2024-21547.md create mode 100644 2024/CVE-2024-21548.md create mode 100644 2024/CVE-2024-21549.md create mode 100644 2024/CVE-2024-21591.md create mode 100644 2024/CVE-2024-2166.md create mode 100644 2024/CVE-2024-21791.md create mode 100644 2024/CVE-2024-21799.md create mode 100644 2024/CVE-2024-21803.md create mode 100644 2024/CVE-2024-21937.md create mode 100644 2024/CVE-2024-21957.md create mode 100644 2024/CVE-2024-21958.md create mode 100644 2024/CVE-2024-21960.md create mode 100644 2024/CVE-2024-2201.md create mode 100644 2024/CVE-2024-22029.md create mode 100644 2024/CVE-2024-22043.md create mode 100644 2024/CVE-2024-22050.md create mode 100644 2024/CVE-2024-22102.md create mode 100644 2024/CVE-2024-22103.md create mode 100644 2024/CVE-2024-22104.md create mode 100644 2024/CVE-2024-22105.md create mode 100644 2024/CVE-2024-22106.md create mode 100644 2024/CVE-2024-22253.md create mode 100644 2024/CVE-2024-22255.md create mode 100644 2024/CVE-2024-22268.md create mode 100644 2024/CVE-2024-22371.md create mode 100644 2024/CVE-2024-22376.md create mode 100644 2024/CVE-2024-22399.md create mode 100644 2024/CVE-2024-22733.md create mode 100644 2024/CVE-2024-23226.md create mode 100644 2024/CVE-2024-23309.md create mode 100644 2024/CVE-2024-23321.md create mode 100644 2024/CVE-2024-23372.md create mode 100644 2024/CVE-2024-23373.md create mode 100644 2024/CVE-2024-23380.md create mode 100644 2024/CVE-2024-23385.md create mode 100644 2024/CVE-2024-2340.md create mode 100644 2024/CVE-2024-23443.md create mode 100644 2024/CVE-2024-23556.md create mode 100644 2024/CVE-2024-2359.md create mode 100644 2024/CVE-2024-23594.md create mode 100644 2024/CVE-2024-2362.md create mode 100644 2024/CVE-2024-23650.md create mode 100644 2024/CVE-2024-23666.md create mode 100644 2024/CVE-2024-23710.md create mode 100644 2024/CVE-2024-23733.md create mode 100644 2024/CVE-2024-2383.md create mode 100644 2024/CVE-2024-23831.md create mode 100644 2024/CVE-2024-23911.md create mode 100644 2024/CVE-2024-23944.md create mode 100644 2024/CVE-2024-23957.md create mode 100644 2024/CVE-2024-23983.md create mode 100644 2024/CVE-2024-2403.md create mode 100644 2024/CVE-2024-24409.md create mode 100644 2024/CVE-2024-24416.md create mode 100644 2024/CVE-2024-24417.md create mode 100644 2024/CVE-2024-24418.md create mode 100644 2024/CVE-2024-24419.md create mode 100644 2024/CVE-2024-24420.md create mode 100644 2024/CVE-2024-24421.md create mode 100644 2024/CVE-2024-24422.md create mode 100644 2024/CVE-2024-24423.md create mode 100644 2024/CVE-2024-24424.md create mode 100644 2024/CVE-2024-24425.md create mode 100644 2024/CVE-2024-24426.md create mode 100644 2024/CVE-2024-24427.md create mode 100644 2024/CVE-2024-24428.md create mode 100644 2024/CVE-2024-24429.md create mode 100644 2024/CVE-2024-24430.md create mode 100644 2024/CVE-2024-24431.md create mode 100644 2024/CVE-2024-24432.md create mode 100644 2024/CVE-2024-24442.md create mode 100644 2024/CVE-2024-24443.md create mode 100644 2024/CVE-2024-24444.md create mode 100644 2024/CVE-2024-24445.md create mode 100644 2024/CVE-2024-24446.md create mode 100644 2024/CVE-2024-24447.md create mode 100644 2024/CVE-2024-24449.md create mode 100644 2024/CVE-2024-24450.md create mode 100644 2024/CVE-2024-24451.md create mode 100644 2024/CVE-2024-24684.md create mode 100644 2024/CVE-2024-24685.md create mode 100644 2024/CVE-2024-24686.md create mode 100644 2024/CVE-2024-24759.md create mode 100644 2024/CVE-2024-24777.md create mode 100644 2024/CVE-2024-24780.md create mode 100644 2024/CVE-2024-24914.md create mode 100644 2024/CVE-2024-24926.md create mode 100644 2024/CVE-2024-24989.md create mode 100644 2024/CVE-2024-24990.md create mode 100644 2024/CVE-2024-24993.md create mode 100644 2024/CVE-2024-25066.md create mode 100644 2024/CVE-2024-25073.md create mode 100644 2024/CVE-2024-25074.md create mode 100644 2024/CVE-2024-25086.md create mode 100644 2024/CVE-2024-25087.md create mode 100644 2024/CVE-2024-25088.md create mode 100644 2024/CVE-2024-25096.md create mode 100644 2024/CVE-2024-25270.md create mode 100644 2024/CVE-2024-25411.md create mode 100644 2024/CVE-2024-25412.md create mode 100644 2024/CVE-2024-25431.md create mode 100644 2024/CVE-2024-2548.md create mode 100644 2024/CVE-2024-25506.md create mode 100644 2024/CVE-2024-2552.md create mode 100644 2024/CVE-2024-25561.md create mode 100644 2024/CVE-2024-25636.md create mode 100644 2024/CVE-2024-25694.md create mode 100644 2024/CVE-2024-25885.md create mode 100644 2024/CVE-2024-26011.md create mode 100644 2024/CVE-2024-26027.md create mode 100644 2024/CVE-2024-26092.md create mode 100644 2024/CVE-2024-26139.md create mode 100644 2024/CVE-2024-2624.md create mode 100644 2024/CVE-2024-26251.md create mode 100644 2024/CVE-2024-26275.md create mode 100644 2024/CVE-2024-26277.md create mode 100644 2024/CVE-2024-26314.md create mode 100644 2024/CVE-2024-26317.md create mode 100644 2024/CVE-2024-2643.md create mode 100644 2024/CVE-2024-2658.md create mode 100644 2024/CVE-2024-26669.md create mode 100644 2024/CVE-2024-26672.md create mode 100644 2024/CVE-2024-26687.md create mode 100644 2024/CVE-2024-26739.md create mode 100644 2024/CVE-2024-26809.md create mode 100644 2024/CVE-2024-26913.md create mode 100644 2024/CVE-2024-26921.md create mode 100644 2024/CVE-2024-26930.md create mode 100644 2024/CVE-2024-26944.md create mode 100644 2024/CVE-2024-26952.md create mode 100644 2024/CVE-2024-27042.md create mode 100644 2024/CVE-2024-27115.md create mode 100644 2024/CVE-2024-27120.md create mode 100644 2024/CVE-2024-27126.md create mode 100644 2024/CVE-2024-2730.md create mode 100644 2024/CVE-2024-27305.md create mode 100644 2024/CVE-2024-2731.md create mode 100644 2024/CVE-2024-27388.md create mode 100644 2024/CVE-2024-27394.md create mode 100644 2024/CVE-2024-27397.md create mode 100644 2024/CVE-2024-2750.md create mode 100644 2024/CVE-2024-27527.md create mode 100644 2024/CVE-2024-27528.md create mode 100644 2024/CVE-2024-27529.md create mode 100644 2024/CVE-2024-27530.md create mode 100644 2024/CVE-2024-27532.md create mode 100644 2024/CVE-2024-2771.md create mode 100644 2024/CVE-2024-27766.md create mode 100644 2024/CVE-2024-27808.md create mode 100644 2024/CVE-2024-2782.md create mode 100644 2024/CVE-2024-27821.md create mode 100644 2024/CVE-2024-27876.md create mode 100644 2024/CVE-2024-27912.md create mode 100644 2024/CVE-2024-2796.md create mode 100644 2024/CVE-2024-27980.md create mode 100644 2024/CVE-2024-27982.md create mode 100644 2024/CVE-2024-28038.md create mode 100644 2024/CVE-2024-28046.md create mode 100644 2024/CVE-2024-28052.md create mode 100644 2024/CVE-2024-28103.md create mode 100644 2024/CVE-2024-28114.md create mode 100644 2024/CVE-2024-28138.md create mode 100644 2024/CVE-2024-28139.md create mode 100644 2024/CVE-2024-28140.md create mode 100644 2024/CVE-2024-28141.md create mode 100644 2024/CVE-2024-28142.md create mode 100644 2024/CVE-2024-28143.md create mode 100644 2024/CVE-2024-28144.md create mode 100644 2024/CVE-2024-28145.md create mode 100644 2024/CVE-2024-28146.md create mode 100644 2024/CVE-2024-2869.md create mode 100644 2024/CVE-2024-28726.md create mode 100644 2024/CVE-2024-28728.md create mode 100644 2024/CVE-2024-28729.md create mode 100644 2024/CVE-2024-28730.md create mode 100644 2024/CVE-2024-28731.md create mode 100644 2024/CVE-2024-28762.md create mode 100644 2024/CVE-2024-28784.md create mode 100644 2024/CVE-2024-28885.md create mode 100644 2024/CVE-2024-28888.md create mode 100644 2024/CVE-2024-28894.md create mode 100644 2024/CVE-2024-28953.md create mode 100644 2024/CVE-2024-28955.md create mode 100644 2024/CVE-2024-28957.md create mode 100644 2024/CVE-2024-28981.md create mode 100644 2024/CVE-2024-28982.md create mode 100644 2024/CVE-2024-28983.md create mode 100644 2024/CVE-2024-28984.md create mode 100644 2024/CVE-2024-28987.md create mode 100644 2024/CVE-2024-29014.md create mode 100644 2024/CVE-2024-29050.md create mode 100644 2024/CVE-2024-29075.md create mode 100644 2024/CVE-2024-2910.md create mode 100644 2024/CVE-2024-29146.md create mode 100644 2024/CVE-2024-29155.md create mode 100644 2024/CVE-2024-2918.md create mode 100644 2024/CVE-2024-2928.md create mode 100644 2024/CVE-2024-29292.md create mode 100644 2024/CVE-2024-29376.md create mode 100644 2024/CVE-2024-29404.md create mode 100644 2024/CVE-2024-29409.md create mode 100644 2024/CVE-2024-29643.md create mode 100644 2024/CVE-2024-29671.md create mode 100644 2024/CVE-2024-29847.md create mode 100644 2024/CVE-2024-29978.md create mode 100644 2024/CVE-2024-29994.md create mode 100644 2024/CVE-2024-29995.md create mode 100644 2024/CVE-2024-29997.md create mode 100644 2024/CVE-2024-29998.md create mode 100644 2024/CVE-2024-29999.md create mode 100644 2024/CVE-2024-30000.md create mode 100644 2024/CVE-2024-30001.md create mode 100644 2024/CVE-2024-30002.md create mode 100644 2024/CVE-2024-30003.md create mode 100644 2024/CVE-2024-30004.md create mode 100644 2024/CVE-2024-30005.md create mode 100644 2024/CVE-2024-30012.md create mode 100644 2024/CVE-2024-30021.md create mode 100644 2024/CVE-2024-30052.md create mode 100644 2024/CVE-2024-30090.md create mode 100644 2024/CVE-2024-30105.md create mode 100644 2024/CVE-2024-30126.md create mode 100644 2024/CVE-2024-30176.md create mode 100644 2024/CVE-2024-30370.md create mode 100644 2024/CVE-2024-3044.md create mode 100644 2024/CVE-2024-30485.md create mode 100644 2024/CVE-2024-30545.md create mode 100644 2024/CVE-2024-30553.md create mode 100644 2024/CVE-2024-30554.md create mode 100644 2024/CVE-2024-3062.md create mode 100644 2024/CVE-2024-3077.md create mode 100644 2024/CVE-2024-30801.md create mode 100644 2024/CVE-2024-30875.md create mode 100644 2024/CVE-2024-30896.md create mode 100644 2024/CVE-2024-30961.md create mode 100644 2024/CVE-2024-30963.md create mode 100644 2024/CVE-2024-30964.md create mode 100644 2024/CVE-2024-31007.md create mode 100644 2024/CVE-2024-31074.md create mode 100644 2024/CVE-2024-31079.md create mode 100644 2024/CVE-2024-31114.md create mode 100644 2024/CVE-2024-31141.md create mode 100644 2024/CVE-2024-31152.md create mode 100644 2024/CVE-2024-31204.md create mode 100644 2024/CVE-2024-3121.md create mode 100644 2024/CVE-2024-31228.md create mode 100644 2024/CVE-2024-31317.md create mode 100644 2024/CVE-2024-31320.md create mode 100644 2024/CVE-2024-31333.md create mode 100644 2024/CVE-2024-31337.md create mode 100644 2024/CVE-2024-31344.md create mode 100644 2024/CVE-2024-3137.md create mode 100644 2024/CVE-2024-31370.md create mode 100644 2024/CVE-2024-31387.md create mode 100644 2024/CVE-2024-31392.md create mode 100644 2024/CVE-2024-31448.md create mode 100644 2024/CVE-2024-31449.md create mode 100644 2024/CVE-2024-31580.md create mode 100644 2024/CVE-2024-31585.md create mode 100644 2024/CVE-2024-3163.md create mode 100644 2024/CVE-2024-31695.md create mode 100644 2024/CVE-2024-3177.md create mode 100644 2024/CVE-2024-31805.md create mode 100644 2024/CVE-2024-31806.md create mode 100644 2024/CVE-2024-31807.md create mode 100644 2024/CVE-2024-31808.md create mode 100644 2024/CVE-2024-31809.md create mode 100644 2024/CVE-2024-31810.md create mode 100644 2024/CVE-2024-31811.md create mode 100644 2024/CVE-2024-31812.md create mode 100644 2024/CVE-2024-31813.md create mode 100644 2024/CVE-2024-31814.md create mode 100644 2024/CVE-2024-31815.md create mode 100644 2024/CVE-2024-31816.md create mode 100644 2024/CVE-2024-31817.md create mode 100644 2024/CVE-2024-31835.md create mode 100644 2024/CVE-2024-31903.md create mode 100644 2024/CVE-2024-31952.md create mode 100644 2024/CVE-2024-31953.md create mode 100644 2024/CVE-2024-31972.md create mode 100644 2024/CVE-2024-31973.md create mode 100644 2024/CVE-2024-31975.md create mode 100644 2024/CVE-2024-31976.md create mode 100644 2024/CVE-2024-31998.md create mode 100644 2024/CVE-2024-3200.md create mode 100644 2024/CVE-2024-32083.md create mode 100644 2024/CVE-2024-32151.md create mode 100644 2024/CVE-2024-32325.md create mode 100644 2024/CVE-2024-32326.md create mode 100644 2024/CVE-2024-32332.md create mode 100644 2024/CVE-2024-32333.md create mode 100644 2024/CVE-2024-32334.md create mode 100644 2024/CVE-2024-32335.md create mode 100644 2024/CVE-2024-32428.md create mode 100644 2024/CVE-2024-32462.md create mode 100644 2024/CVE-2024-32468.md create mode 100644 2024/CVE-2024-32591.md create mode 100644 2024/CVE-2024-32635.md create mode 100644 2024/CVE-2024-32637.md create mode 100644 2024/CVE-2024-32830.md create mode 100644 2024/CVE-2024-32896.md create mode 100644 2024/CVE-2024-32911.md create mode 100644 2024/CVE-2024-33060.md create mode 100644 2024/CVE-2024-33180.md create mode 100644 2024/CVE-2024-33209.md create mode 100644 2024/CVE-2024-33210.md create mode 100644 2024/CVE-2024-33219.md create mode 100644 2024/CVE-2024-33231.md create mode 100644 2024/CVE-2024-33297.md create mode 100644 2024/CVE-2024-33298.md create mode 100644 2024/CVE-2024-33299.md create mode 100644 2024/CVE-2024-3332.md create mode 100644 2024/CVE-2024-33371.md create mode 100644 2024/CVE-2024-33401.md create mode 100644 2024/CVE-2024-33433.md create mode 100644 2024/CVE-2024-3344.md create mode 100644 2024/CVE-2024-3345.md create mode 100644 2024/CVE-2024-33452.md create mode 100644 2024/CVE-2024-33453.md create mode 100644 2024/CVE-2024-33510.md create mode 100644 2024/CVE-2024-33605.md create mode 100644 2024/CVE-2024-33610.md create mode 100644 2024/CVE-2024-33616.md create mode 100644 2024/CVE-2024-33617.md create mode 100644 2024/CVE-2024-33663.md create mode 100644 2024/CVE-2024-33665.md create mode 100644 2024/CVE-2024-33699.md create mode 100644 2024/CVE-2024-33700.md create mode 100644 2024/CVE-2024-33871.md create mode 100644 2024/CVE-2024-33898.md create mode 100644 2024/CVE-2024-3393.md create mode 100644 2024/CVE-2024-33943.md create mode 100644 2024/CVE-2024-33996.md create mode 100644 2024/CVE-2024-33997.md create mode 100644 2024/CVE-2024-33998.md create mode 100644 2024/CVE-2024-33999.md create mode 100644 2024/CVE-2024-34000.md create mode 100644 2024/CVE-2024-34001.md create mode 100644 2024/CVE-2024-34006.md create mode 100644 2024/CVE-2024-34007.md create mode 100644 2024/CVE-2024-34008.md create mode 100644 2024/CVE-2024-34009.md create mode 100644 2024/CVE-2024-34012.md create mode 100644 2024/CVE-2024-3408.md create mode 100644 2024/CVE-2024-34155.md create mode 100644 2024/CVE-2024-34156.md create mode 100644 2024/CVE-2024-34158.md create mode 100644 2024/CVE-2024-34162.md create mode 100644 2024/CVE-2024-34193.md create mode 100644 2024/CVE-2024-34195.md create mode 100644 2024/CVE-2024-34198.md create mode 100644 2024/CVE-2024-34235.md create mode 100644 2024/CVE-2024-34331.md create mode 100644 2024/CVE-2024-34343.md create mode 100644 2024/CVE-2024-34370.md create mode 100644 2024/CVE-2024-34402.md create mode 100644 2024/CVE-2024-34405.md create mode 100644 2024/CVE-2024-34406.md create mode 100644 2024/CVE-2024-34423.md create mode 100644 2024/CVE-2024-34426.md create mode 100644 2024/CVE-2024-34443.md create mode 100644 2024/CVE-2024-34444.md create mode 100644 2024/CVE-2024-34463.md create mode 100644 2024/CVE-2024-34519.md create mode 100644 2024/CVE-2024-34719.md create mode 100644 2024/CVE-2024-34739.md create mode 100644 2024/CVE-2024-34741.md create mode 100644 2024/CVE-2024-34750.md create mode 100644 2024/CVE-2024-34790.md create mode 100644 2024/CVE-2024-34797.md create mode 100644 2024/CVE-2024-34831.md create mode 100644 2024/CVE-2024-34882.md create mode 100644 2024/CVE-2024-34883.md create mode 100644 2024/CVE-2024-34885.md create mode 100644 2024/CVE-2024-34887.md create mode 100644 2024/CVE-2024-34891.md create mode 100644 2024/CVE-2024-34897.md create mode 100644 2024/CVE-2024-34959.md create mode 100644 2024/CVE-2024-3498.md create mode 100644 2024/CVE-2024-34990.md create mode 100644 2024/CVE-2024-35056.md create mode 100644 2024/CVE-2024-35058.md create mode 100644 2024/CVE-2024-35059.md create mode 100644 2024/CVE-2024-35060.md create mode 100644 2024/CVE-2024-35061.md create mode 100644 2024/CVE-2024-35106.md create mode 100644 2024/CVE-2024-35133.md create mode 100644 2024/CVE-2024-35161.md create mode 100644 2024/CVE-2024-35177.md create mode 100644 2024/CVE-2024-35198.md create mode 100644 2024/CVE-2024-35200.md create mode 100644 2024/CVE-2024-35230.md create mode 100644 2024/CVE-2024-35244.md create mode 100644 2024/CVE-2024-35264.md create mode 100644 2024/CVE-2024-35286.md create mode 100644 2024/CVE-2024-35287.md create mode 100644 2024/CVE-2024-35288.md create mode 100644 2024/CVE-2024-35293.md create mode 100644 2024/CVE-2024-35311.md create mode 100644 2024/CVE-2024-35315.md create mode 100644 2024/CVE-2024-35410.md create mode 100644 2024/CVE-2024-35423.md create mode 100644 2024/CVE-2024-35498.md create mode 100644 2024/CVE-2024-35515.md create mode 100644 2024/CVE-2024-35517.md create mode 100644 2024/CVE-2024-35518.md create mode 100644 2024/CVE-2024-35519.md create mode 100644 2024/CVE-2024-35520.md create mode 100644 2024/CVE-2024-35522.md create mode 100644 2024/CVE-2024-35584.md create mode 100644 2024/CVE-2024-35621.md create mode 100644 2024/CVE-2024-35639.md create mode 100644 2024/CVE-2024-35640.md create mode 100644 2024/CVE-2024-35642.md create mode 100644 2024/CVE-2024-35681.md create mode 100644 2024/CVE-2024-3572.md create mode 100644 2024/CVE-2024-3574.md create mode 100644 2024/CVE-2024-35756.md create mode 100644 2024/CVE-2024-35866.md create mode 100644 2024/CVE-2024-35869.md create mode 100644 2024/CVE-2024-35880.md create mode 100644 2024/CVE-2024-35887.md create mode 100644 2024/CVE-2024-35929.md create mode 100644 2024/CVE-2024-35933.md create mode 100644 2024/CVE-2024-35948.md create mode 100644 2024/CVE-2024-35949.md create mode 100644 2024/CVE-2024-36006.md create mode 100644 2024/CVE-2024-36013.md create mode 100644 2024/CVE-2024-36016.md create mode 100644 2024/CVE-2024-36034.md create mode 100644 2024/CVE-2024-36035.md create mode 100644 2024/CVE-2024-36039.md create mode 100644 2024/CVE-2024-36042.md create mode 100644 2024/CVE-2024-3605.md create mode 100644 2024/CVE-2024-36060.md create mode 100644 2024/CVE-2024-36061.md create mode 100644 2024/CVE-2024-36062.md create mode 100644 2024/CVE-2024-36063.md create mode 100644 2024/CVE-2024-36064.md create mode 100644 2024/CVE-2024-36066.md create mode 100644 2024/CVE-2024-36137.md create mode 100644 2024/CVE-2024-36138.md create mode 100644 2024/CVE-2024-36248.md create mode 100644 2024/CVE-2024-36251.md create mode 100644 2024/CVE-2024-3635.md create mode 100644 2024/CVE-2024-36383.md create mode 100644 2024/CVE-2024-36427.md create mode 100644 2024/CVE-2024-36437.md create mode 100644 2024/CVE-2024-36465.md create mode 100644 2024/CVE-2024-36467.md create mode 100644 2024/CVE-2024-36469.md create mode 100644 2024/CVE-2024-36474.md create mode 100644 2024/CVE-2024-36476.md create mode 100644 2024/CVE-2024-36494.md create mode 100644 2024/CVE-2024-36498.md create mode 100644 2024/CVE-2024-3651.md create mode 100644 2024/CVE-2024-36510.md create mode 100644 2024/CVE-2024-36518.md create mode 100644 2024/CVE-2024-3656.md create mode 100644 2024/CVE-2024-36599.md create mode 100644 2024/CVE-2024-36623.md create mode 100644 2024/CVE-2024-36694.md create mode 100644 2024/CVE-2024-36728.md create mode 100644 2024/CVE-2024-36729.md create mode 100644 2024/CVE-2024-36814.md create mode 100644 2024/CVE-2024-36823.md create mode 100644 2024/CVE-2024-36842.md create mode 100644 2024/CVE-2024-36899.md create mode 100644 2024/CVE-2024-36904.md create mode 100644 2024/CVE-2024-36908.md create mode 100644 2024/CVE-2024-36913.md create mode 100644 2024/CVE-2024-36974.md create mode 100644 2024/CVE-2024-36978.md create mode 100644 2024/CVE-2024-37052.md create mode 100644 2024/CVE-2024-37054.md create mode 100644 2024/CVE-2024-37060.md create mode 100644 2024/CVE-2024-37148.md create mode 100644 2024/CVE-2024-37149.md create mode 100644 2024/CVE-2024-37168.md create mode 100644 2024/CVE-2024-37285.md create mode 100644 2024/CVE-2024-37288.md create mode 100644 2024/CVE-2024-37334.md create mode 100644 2024/CVE-2024-37359.md create mode 100644 2024/CVE-2024-37360.md create mode 100644 2024/CVE-2024-37361.md create mode 100644 2024/CVE-2024-37362.md create mode 100644 2024/CVE-2024-37363.md create mode 100644 2024/CVE-2024-37371.md create mode 100644 2024/CVE-2024-37383.md create mode 100644 2024/CVE-2024-37397.md create mode 100644 2024/CVE-2024-37404.md create mode 100644 2024/CVE-2024-37437.md create mode 100644 2024/CVE-2024-37450.md create mode 100644 2024/CVE-2024-37523.md create mode 100644 2024/CVE-2024-37536.md create mode 100644 2024/CVE-2024-37549.md create mode 100644 2024/CVE-2024-37558.md create mode 100644 2024/CVE-2024-37573.md create mode 100644 2024/CVE-2024-37574.md create mode 100644 2024/CVE-2024-37575.md create mode 100644 2024/CVE-2024-37600.md create mode 100644 2024/CVE-2024-37601.md create mode 100644 2024/CVE-2024-37602.md create mode 100644 2024/CVE-2024-37603.md create mode 100644 2024/CVE-2024-37606.md create mode 100644 2024/CVE-2024-37654.md create mode 100644 2024/CVE-2024-37728.md create mode 100644 2024/CVE-2024-37782.md create mode 100644 2024/CVE-2024-37783.md create mode 100644 2024/CVE-2024-37816.md create mode 100644 2024/CVE-2024-37844.md create mode 100644 2024/CVE-2024-37845.md create mode 100644 2024/CVE-2024-37846.md create mode 100644 2024/CVE-2024-37847.md create mode 100644 2024/CVE-2024-37862.md create mode 100644 2024/CVE-2024-37868.md create mode 100644 2024/CVE-2024-37869.md create mode 100644 2024/CVE-2024-37902.md create mode 100644 2024/CVE-2024-37921.md create mode 100644 2024/CVE-2024-38014.md create mode 100644 2024/CVE-2024-38018.md create mode 100644 2024/CVE-2024-38022.md create mode 100644 2024/CVE-2024-38023.md create mode 100644 2024/CVE-2024-38024.md create mode 100644 2024/CVE-2024-3803.md create mode 100644 2024/CVE-2024-38036.md create mode 100644 2024/CVE-2024-3804.md create mode 100644 2024/CVE-2024-38054.md create mode 100644 2024/CVE-2024-38061.md create mode 100644 2024/CVE-2024-38080.md create mode 100644 2024/CVE-2024-38081.md create mode 100644 2024/CVE-2024-38083.md create mode 100644 2024/CVE-2024-38084.md create mode 100644 2024/CVE-2024-38093.md create mode 100644 2024/CVE-2024-38094.md create mode 100644 2024/CVE-2024-38095.md create mode 100644 2024/CVE-2024-38097.md create mode 100644 2024/CVE-2024-38098.md create mode 100644 2024/CVE-2024-38124.md create mode 100644 2024/CVE-2024-38144.md create mode 100644 2024/CVE-2024-38164.md create mode 100644 2024/CVE-2024-38193.md create mode 100644 2024/CVE-2024-38200.md create mode 100644 2024/CVE-2024-38227.md create mode 100644 2024/CVE-2024-3825.md create mode 100644 2024/CVE-2024-3826.md create mode 100644 2024/CVE-2024-38271.md create mode 100644 2024/CVE-2024-38272.md create mode 100644 2024/CVE-2024-38285.md create mode 100644 2024/CVE-2024-38286.md create mode 100644 2024/CVE-2024-38305.md create mode 100644 2024/CVE-2024-38365.md create mode 100644 2024/CVE-2024-38392.md create mode 100644 2024/CVE-2024-38399.md create mode 100644 2024/CVE-2024-38402.md create mode 100644 2024/CVE-2024-38426.md create mode 100644 2024/CVE-2024-38428.md create mode 100644 2024/CVE-2024-38434.md create mode 100644 2024/CVE-2024-38440.md create mode 100644 2024/CVE-2024-38459.md create mode 100644 2024/CVE-2024-38474.md create mode 100644 2024/CVE-2024-38476.md create mode 100644 2024/CVE-2024-38477.md create mode 100644 2024/CVE-2024-38510.md create mode 100644 2024/CVE-2024-3852.md create mode 100644 2024/CVE-2024-38541.md create mode 100644 2024/CVE-2024-3856.md create mode 100644 2024/CVE-2024-38570.md create mode 100644 2024/CVE-2024-38575.md create mode 100644 2024/CVE-2024-3859.md create mode 100644 2024/CVE-2024-38608.md create mode 100644 2024/CVE-2024-38630.md create mode 100644 2024/CVE-2024-38689.md create mode 100644 2024/CVE-2024-38738.md create mode 100644 2024/CVE-2024-38809.md create mode 100644 2024/CVE-2024-38812.md create mode 100644 2024/CVE-2024-38813.md create mode 100644 2024/CVE-2024-38816.md create mode 100644 2024/CVE-2024-38819.md create mode 100644 2024/CVE-2024-38820.md create mode 100644 2024/CVE-2024-38821.md create mode 100644 2024/CVE-2024-38827.md create mode 100644 2024/CVE-2024-38828.md create mode 100644 2024/CVE-2024-38829.md create mode 100644 2024/CVE-2024-38830.md create mode 100644 2024/CVE-2024-38831.md create mode 100644 2024/CVE-2024-38871.md create mode 100644 2024/CVE-2024-3899.md create mode 100644 2024/CVE-2024-3900.md create mode 100644 2024/CVE-2024-3901.md create mode 100644 2024/CVE-2024-39081.md create mode 100644 2024/CVE-2024-39094.md create mode 100644 2024/CVE-2024-39178.md create mode 100644 2024/CVE-2024-39205.md create mode 100644 2024/CVE-2024-39220.md create mode 100644 2024/CVE-2024-39282.md create mode 100644 2024/CVE-2024-3930.md create mode 100644 2024/CVE-2024-39332.md create mode 100644 2024/CVE-2024-39338.md create mode 100644 2024/CVE-2024-39343.md create mode 100644 2024/CVE-2024-39479.md create mode 100644 2024/CVE-2024-39487.md create mode 100644 2024/CVE-2024-39503.md create mode 100644 2024/CVE-2024-39508.md create mode 100644 2024/CVE-2024-39573.md create mode 100644 2024/CVE-2024-39610.md create mode 100644 2024/CVE-2024-39639.md create mode 100644 2024/CVE-2024-39640.md create mode 100644 2024/CVE-2024-39650.md create mode 100644 2024/CVE-2024-39654.md create mode 100644 2024/CVE-2024-39664.md create mode 100644 2024/CVE-2024-39698.md create mode 100644 2024/CVE-2024-39702.md create mode 100644 2024/CVE-2024-39704.md create mode 100644 2024/CVE-2024-39713.md create mode 100644 2024/CVE-2024-39719.md create mode 100644 2024/CVE-2024-39720.md create mode 100644 2024/CVE-2024-39721.md create mode 100644 2024/CVE-2024-39722.md create mode 100644 2024/CVE-2024-39766.md create mode 100644 2024/CVE-2024-39838.md create mode 100644 2024/CVE-2024-39890.md create mode 100644 2024/CVE-2024-39894.md create mode 100644 2024/CVE-2024-39917.md create mode 100644 2024/CVE-2024-39922.md create mode 100644 2024/CVE-2024-39924.md create mode 100644 2024/CVE-2024-39925.md create mode 100644 2024/CVE-2024-3995.md create mode 100644 2024/CVE-2024-3996.md create mode 100644 2024/CVE-2024-4002.md create mode 100644 2024/CVE-2024-4004.md create mode 100644 2024/CVE-2024-40068.md create mode 100644 2024/CVE-2024-40069.md create mode 100644 2024/CVE-2024-40070.md create mode 100644 2024/CVE-2024-40071.md create mode 100644 2024/CVE-2024-40072.md create mode 100644 2024/CVE-2024-40073.md create mode 100644 2024/CVE-2024-40074.md create mode 100644 2024/CVE-2024-40083.md create mode 100644 2024/CVE-2024-40084.md create mode 100644 2024/CVE-2024-40085.md create mode 100644 2024/CVE-2024-40086.md create mode 100644 2024/CVE-2024-40087.md create mode 100644 2024/CVE-2024-40088.md create mode 100644 2024/CVE-2024-40089.md create mode 100644 2024/CVE-2024-40090.md create mode 100644 2024/CVE-2024-40091.md create mode 100644 2024/CVE-2024-40094.md create mode 100644 2024/CVE-2024-40111.md create mode 100644 2024/CVE-2024-40239.md create mode 100644 2024/CVE-2024-40240.md create mode 100644 2024/CVE-2024-40431.md create mode 100644 2024/CVE-2024-40432.md create mode 100644 2024/CVE-2024-40443.md create mode 100644 2024/CVE-2024-40445.md create mode 100644 2024/CVE-2024-40446.md create mode 100644 2024/CVE-2024-40453.md create mode 100644 2024/CVE-2024-40457.md create mode 100644 2024/CVE-2024-40458.md create mode 100644 2024/CVE-2024-40459.md create mode 100644 2024/CVE-2024-40460.md create mode 100644 2024/CVE-2024-40461.md create mode 100644 2024/CVE-2024-40462.md create mode 100644 2024/CVE-2024-40506.md create mode 100644 2024/CVE-2024-40507.md create mode 100644 2024/CVE-2024-40508.md create mode 100644 2024/CVE-2024-40509.md create mode 100644 2024/CVE-2024-40510.md create mode 100644 2024/CVE-2024-40511.md create mode 100644 2024/CVE-2024-40512.md create mode 100644 2024/CVE-2024-40586.md create mode 100644 2024/CVE-2024-4062.md create mode 100644 2024/CVE-2024-40635.md create mode 100644 2024/CVE-2024-40638.md create mode 100644 2024/CVE-2024-40656.md create mode 100644 2024/CVE-2024-40662.md create mode 100644 2024/CVE-2024-40676.md create mode 100644 2024/CVE-2024-40711.md create mode 100644 2024/CVE-2024-40797.md create mode 100644 2024/CVE-2024-40801.md create mode 100644 2024/CVE-2024-40838.md create mode 100644 2024/CVE-2024-40843.md create mode 100644 2024/CVE-2024-40854.md create mode 100644 2024/CVE-2024-4089.md create mode 100644 2024/CVE-2024-40890.md create mode 100644 2024/CVE-2024-40891.md create mode 100644 2024/CVE-2024-4091.md create mode 100644 2024/CVE-2024-41009.md create mode 100644 2024/CVE-2024-41010.md create mode 100644 2024/CVE-2024-41013.md create mode 100644 2024/CVE-2024-41014.md create mode 100644 2024/CVE-2024-41015.md create mode 100644 2024/CVE-2024-41016.md create mode 100644 2024/CVE-2024-41017.md create mode 100644 2024/CVE-2024-41018.md create mode 100644 2024/CVE-2024-41019.md create mode 100644 2024/CVE-2024-41061.md create mode 100644 2024/CVE-2024-41071.md create mode 100644 2024/CVE-2024-41096.md create mode 100644 2024/CVE-2024-41121.md create mode 100644 2024/CVE-2024-41124.md create mode 100644 2024/CVE-2024-41128.md create mode 100644 2024/CVE-2024-41195.md create mode 100644 2024/CVE-2024-41196.md create mode 100644 2024/CVE-2024-41197.md create mode 100644 2024/CVE-2024-41198.md create mode 100644 2024/CVE-2024-41199.md create mode 100644 2024/CVE-2024-41209.md create mode 100644 2024/CVE-2024-41217.md create mode 100644 2024/CVE-2024-41270.md create mode 100644 2024/CVE-2024-41276.md create mode 100644 2024/CVE-2024-41290.md create mode 100644 2024/CVE-2024-41319.md create mode 100644 2024/CVE-2024-41344.md create mode 100644 2024/CVE-2024-41345.md create mode 100644 2024/CVE-2024-41346.md create mode 100644 2024/CVE-2024-41347.md create mode 100644 2024/CVE-2024-41348.md create mode 100644 2024/CVE-2024-41349.md create mode 100644 2024/CVE-2024-41350.md create mode 100644 2024/CVE-2024-41351.md create mode 100644 2024/CVE-2024-41358.md create mode 100644 2024/CVE-2024-41361.md create mode 100644 2024/CVE-2024-41364.md create mode 100644 2024/CVE-2024-41366.md create mode 100644 2024/CVE-2024-41367.md create mode 100644 2024/CVE-2024-41368.md create mode 100644 2024/CVE-2024-41369.md create mode 100644 2024/CVE-2024-41370.md create mode 100644 2024/CVE-2024-41371.md create mode 100644 2024/CVE-2024-41372.md create mode 100644 2024/CVE-2024-41436.md create mode 100644 2024/CVE-2024-41447.md create mode 100644 2024/CVE-2024-41453.md create mode 100644 2024/CVE-2024-41454.md create mode 100644 2024/CVE-2024-41481.md create mode 100644 2024/CVE-2024-41482.md create mode 100644 2024/CVE-2024-4157.md create mode 100644 2024/CVE-2024-41594.md create mode 100644 2024/CVE-2024-41622.md create mode 100644 2024/CVE-2024-41623.md create mode 100644 2024/CVE-2024-41629.md create mode 100644 2024/CVE-2024-41644.md create mode 100644 2024/CVE-2024-41645.md create mode 100644 2024/CVE-2024-41646.md create mode 100644 2024/CVE-2024-41647.md create mode 100644 2024/CVE-2024-41648.md create mode 100644 2024/CVE-2024-41649.md create mode 100644 2024/CVE-2024-41650.md create mode 100644 2024/CVE-2024-41678.md create mode 100644 2024/CVE-2024-41703.md create mode 100644 2024/CVE-2024-41704.md create mode 100644 2024/CVE-2024-41710.md create mode 100644 2024/CVE-2024-41713.md create mode 100644 2024/CVE-2024-41714.md create mode 100644 2024/CVE-2024-41720.md create mode 100644 2024/CVE-2024-41730.md create mode 100644 2024/CVE-2024-4176.md create mode 100644 2024/CVE-2024-4181.md create mode 100644 2024/CVE-2024-41967.md create mode 100644 2024/CVE-2024-41968.md create mode 100644 2024/CVE-2024-41969.md create mode 100644 2024/CVE-2024-41970.md create mode 100644 2024/CVE-2024-41971.md create mode 100644 2024/CVE-2024-41972.md create mode 100644 2024/CVE-2024-41973.md create mode 100644 2024/CVE-2024-41974.md create mode 100644 2024/CVE-2024-41987.md create mode 100644 2024/CVE-2024-41988.md create mode 100644 2024/CVE-2024-41992.md create mode 100644 2024/CVE-2024-42007.md create mode 100644 2024/CVE-2024-42041.md create mode 100644 2024/CVE-2024-42049.md create mode 100644 2024/CVE-2024-42050.md create mode 100644 2024/CVE-2024-42051.md create mode 100644 2024/CVE-2024-42052.md create mode 100644 2024/CVE-2024-42053.md create mode 100644 2024/CVE-2024-42162.md create mode 100644 2024/CVE-2024-42218.md create mode 100644 2024/CVE-2024-42219.md create mode 100644 2024/CVE-2024-42228.md create mode 100644 2024/CVE-2024-42323.md create mode 100644 2024/CVE-2024-42327.md create mode 100644 2024/CVE-2024-42346.md create mode 100644 2024/CVE-2024-42353.md create mode 100644 2024/CVE-2024-42364.md create mode 100644 2024/CVE-2024-42415.md create mode 100644 2024/CVE-2024-42448.md create mode 100644 2024/CVE-2024-42450.md create mode 100644 2024/CVE-2024-42471.md create mode 100644 2024/CVE-2024-42515.md create mode 100644 2024/CVE-2024-42523.md create mode 100644 2024/CVE-2024-42531.md create mode 100644 2024/CVE-2024-4263.md create mode 100644 2024/CVE-2024-42633.md create mode 100644 2024/CVE-2024-42640.md create mode 100644 2024/CVE-2024-42642.md create mode 100644 2024/CVE-2024-42671.md create mode 100644 2024/CVE-2024-42812.md create mode 100644 2024/CVE-2024-42834.md create mode 100644 2024/CVE-2024-42861.md create mode 100644 2024/CVE-2024-42898.md create mode 100644 2024/CVE-2024-43024.md create mode 100644 2024/CVE-2024-43025.md create mode 100644 2024/CVE-2024-43033.md create mode 100644 2024/CVE-2024-43040.md create mode 100644 2024/CVE-2024-43047.md create mode 100644 2024/CVE-2024-43080.md create mode 100644 2024/CVE-2024-43081.md create mode 100644 2024/CVE-2024-43087.md create mode 100644 2024/CVE-2024-43088.md create mode 100644 2024/CVE-2024-43090.md create mode 100644 2024/CVE-2024-43093.md create mode 100644 2024/CVE-2024-43097.md create mode 100644 2024/CVE-2024-43102.md create mode 100644 2024/CVE-2024-43112.md create mode 100644 2024/CVE-2024-43113.md create mode 100644 2024/CVE-2024-43114.md create mode 100644 2024/CVE-2024-43118.md create mode 100644 2024/CVE-2024-43119.md create mode 100644 2024/CVE-2024-43120.md create mode 100644 2024/CVE-2024-43122.md create mode 100644 2024/CVE-2024-43134.md create mode 100644 2024/CVE-2024-43136.md create mode 100644 2024/CVE-2024-43142.md create mode 100644 2024/CVE-2024-43143.md create mode 100644 2024/CVE-2024-43146.md create mode 100644 2024/CVE-2024-43154.md create mode 100644 2024/CVE-2024-43157.md create mode 100644 2024/CVE-2024-43158.md create mode 100644 2024/CVE-2024-43159.md create mode 100644 2024/CVE-2024-43162.md create mode 100644 2024/CVE-2024-43201.md create mode 100644 2024/CVE-2024-43208.md create mode 100644 2024/CVE-2024-43209.md create mode 100644 2024/CVE-2024-43211.md create mode 100644 2024/CVE-2024-43212.md create mode 100644 2024/CVE-2024-43215.md create mode 100644 2024/CVE-2024-43219.md create mode 100644 2024/CVE-2024-4322.md create mode 100644 2024/CVE-2024-43223.md create mode 100644 2024/CVE-2024-43229.md create mode 100644 2024/CVE-2024-43235.md create mode 100644 2024/CVE-2024-43253.md create mode 100644 2024/CVE-2024-43254.md create mode 100644 2024/CVE-2024-43260.md create mode 100644 2024/CVE-2024-43268.md create mode 100644 2024/CVE-2024-43270.md create mode 100644 2024/CVE-2024-43273.md create mode 100644 2024/CVE-2024-43277.md create mode 100644 2024/CVE-2024-43285.md create mode 100644 2024/CVE-2024-43290.md create mode 100644 2024/CVE-2024-43293.md create mode 100644 2024/CVE-2024-43296.md create mode 100644 2024/CVE-2024-43297.md create mode 100644 2024/CVE-2024-43298.md create mode 100644 2024/CVE-2024-43302.md create mode 100644 2024/CVE-2024-43310.md create mode 100644 2024/CVE-2024-43312.md create mode 100644 2024/CVE-2024-43314.md create mode 100644 2024/CVE-2024-43323.md create mode 100644 2024/CVE-2024-43332.md create mode 100644 2024/CVE-2024-43341.md create mode 100644 2024/CVE-2024-43343.md create mode 100644 2024/CVE-2024-43355.md create mode 100644 2024/CVE-2024-43357.md create mode 100644 2024/CVE-2024-43363.md create mode 100644 2024/CVE-2024-43402.md create mode 100644 2024/CVE-2024-43415.md create mode 100644 2024/CVE-2024-43416.md create mode 100644 2024/CVE-2024-43418.md create mode 100644 2024/CVE-2024-43425.md create mode 100644 2024/CVE-2024-43426.md create mode 100644 2024/CVE-2024-4343.md create mode 100644 2024/CVE-2024-43436.md create mode 100644 2024/CVE-2024-43441.md create mode 100644 2024/CVE-2024-43447.md create mode 100644 2024/CVE-2024-43451.md create mode 100644 2024/CVE-2024-43468.md create mode 100644 2024/CVE-2024-43472.md create mode 100644 2024/CVE-2024-43483.md create mode 100644 2024/CVE-2024-43485.md create mode 100644 2024/CVE-2024-43491.md create mode 100644 2024/CVE-2024-4351.md create mode 100644 2024/CVE-2024-43535.md create mode 100644 2024/CVE-2024-43570.md create mode 100644 2024/CVE-2024-43572.md create mode 100644 2024/CVE-2024-43582.md create mode 100644 2024/CVE-2024-43583.md create mode 100644 2024/CVE-2024-43601.md create mode 100644 2024/CVE-2024-43609.md create mode 100644 2024/CVE-2024-43630.md create mode 100644 2024/CVE-2024-43762.md create mode 100644 2024/CVE-2024-43768.md create mode 100644 2024/CVE-2024-43770.md create mode 100644 2024/CVE-2024-43779.md create mode 100644 2024/CVE-2024-43788.md create mode 100644 2024/CVE-2024-43795.md create mode 100644 2024/CVE-2024-43796.md create mode 100644 2024/CVE-2024-43799.md create mode 100644 2024/CVE-2024-43800.md create mode 100644 2024/CVE-2024-43833.md create mode 100644 2024/CVE-2024-43836.md create mode 100644 2024/CVE-2024-43837.md create mode 100644 2024/CVE-2024-43882.md create mode 100644 2024/CVE-2024-43919.md create mode 100644 2024/CVE-2024-43965.md create mode 100644 2024/CVE-2024-43974.md create mode 100644 2024/CVE-2024-43998.md create mode 100644 2024/CVE-2024-44000.md create mode 100644 2024/CVE-2024-44068.md create mode 100644 2024/CVE-2024-44085.md create mode 100644 2024/CVE-2024-44133.md create mode 100644 2024/CVE-2024-44170.md create mode 100644 2024/CVE-2024-44187.md create mode 100644 2024/CVE-2024-44193.md create mode 100644 2024/CVE-2024-44197.md create mode 100644 2024/CVE-2024-44198.md create mode 100644 2024/CVE-2024-44199.md create mode 100644 2024/CVE-2024-44200.md create mode 100644 2024/CVE-2024-44201.md create mode 100644 2024/CVE-2024-44235.md create mode 100644 2024/CVE-2024-44252.md create mode 100644 2024/CVE-2024-44258.md create mode 100644 2024/CVE-2024-44285.md create mode 100644 2024/CVE-2024-44308.md create mode 100644 2024/CVE-2024-44309.md create mode 100644 2024/CVE-2024-44313.md create mode 100644 2024/CVE-2024-44337.md create mode 100644 2024/CVE-2024-44349.md create mode 100644 2024/CVE-2024-44450.md create mode 100644 2024/CVE-2024-44541.md create mode 100644 2024/CVE-2024-44542.md create mode 100644 2024/CVE-2024-44610.md create mode 100644 2024/CVE-2024-44623.md create mode 100644 2024/CVE-2024-44625.md create mode 100644 2024/CVE-2024-4464.md create mode 100644 2024/CVE-2024-44667.md create mode 100644 2024/CVE-2024-44727.md create mode 100644 2024/CVE-2024-44728.md create mode 100644 2024/CVE-2024-44756.md create mode 100644 2024/CVE-2024-44757.md create mode 100644 2024/CVE-2024-44758.md create mode 100644 2024/CVE-2024-44759.md create mode 100644 2024/CVE-2024-44765.md create mode 100644 2024/CVE-2024-44771.md create mode 100644 2024/CVE-2024-44808.md create mode 100644 2024/CVE-2024-44809.md create mode 100644 2024/CVE-2024-44812.md create mode 100644 2024/CVE-2024-44815.md create mode 100644 2024/CVE-2024-44825.md create mode 100644 2024/CVE-2024-44849.md create mode 100644 2024/CVE-2024-44852.md create mode 100644 2024/CVE-2024-44853.md create mode 100644 2024/CVE-2024-44854.md create mode 100644 2024/CVE-2024-44855.md create mode 100644 2024/CVE-2024-44856.md create mode 100644 2024/CVE-2024-44866.md create mode 100644 2024/CVE-2024-44867.md create mode 100644 2024/CVE-2024-44871.md create mode 100644 2024/CVE-2024-44902.md create mode 100644 2024/CVE-2024-44903.md create mode 100644 2024/CVE-2024-44910.md create mode 100644 2024/CVE-2024-44911.md create mode 100644 2024/CVE-2024-44912.md create mode 100644 2024/CVE-2024-44941.md create mode 100644 2024/CVE-2024-44942.md create mode 100644 2024/CVE-2024-44946.md create mode 100644 2024/CVE-2024-44947.md create mode 100644 2024/CVE-2024-44951.md create mode 100644 2024/CVE-2024-4502.md create mode 100644 2024/CVE-2024-4503.md create mode 100644 2024/CVE-2024-45034.md create mode 100644 2024/CVE-2024-45040.md create mode 100644 2024/CVE-2024-45046.md create mode 100644 2024/CVE-2024-4505.md create mode 100644 2024/CVE-2024-45052.md create mode 100644 2024/CVE-2024-45057.md create mode 100644 2024/CVE-2024-45058.md create mode 100644 2024/CVE-2024-4506.md create mode 100644 2024/CVE-2024-4507.md create mode 100644 2024/CVE-2024-4508.md create mode 100644 2024/CVE-2024-4510.md create mode 100644 2024/CVE-2024-4511.md create mode 100644 2024/CVE-2024-45170.md create mode 100644 2024/CVE-2024-45171.md create mode 100644 2024/CVE-2024-45172.md create mode 100644 2024/CVE-2024-45173.md create mode 100644 2024/CVE-2024-45174.md create mode 100644 2024/CVE-2024-45175.md create mode 100644 2024/CVE-2024-45176.md create mode 100644 2024/CVE-2024-45177.md create mode 100644 2024/CVE-2024-45178.md create mode 100644 2024/CVE-2024-45179.md create mode 100644 2024/CVE-2024-45181.md create mode 100644 2024/CVE-2024-45182.md create mode 100644 2024/CVE-2024-45186.md create mode 100644 2024/CVE-2024-45195.md create mode 100644 2024/CVE-2024-45200.md create mode 100644 2024/CVE-2024-45216.md create mode 100644 2024/CVE-2024-45231.md create mode 100644 2024/CVE-2024-45234.md create mode 100644 2024/CVE-2024-45242.md create mode 100644 2024/CVE-2024-45260.md create mode 100644 2024/CVE-2024-45261.md create mode 100644 2024/CVE-2024-45296.md create mode 100644 2024/CVE-2024-45302.md create mode 100644 2024/CVE-2024-45310.md create mode 100644 2024/CVE-2024-45320.md create mode 100644 2024/CVE-2024-45326.md create mode 100644 2024/CVE-2024-45328.md create mode 100644 2024/CVE-2024-45336.md create mode 100644 2024/CVE-2024-45337.md create mode 100644 2024/CVE-2024-45338.md create mode 100644 2024/CVE-2024-45339.md create mode 100644 2024/CVE-2024-45341.md create mode 100644 2024/CVE-2024-45352.md create mode 100644 2024/CVE-2024-45383.md create mode 100644 2024/CVE-2024-45387.md create mode 100644 2024/CVE-2024-45388.md create mode 100644 2024/CVE-2024-45389.md create mode 100644 2024/CVE-2024-45397.md create mode 100644 2024/CVE-2024-4540.md create mode 100644 2024/CVE-2024-45402.md create mode 100644 2024/CVE-2024-45409.md create mode 100644 2024/CVE-2024-45410.md create mode 100644 2024/CVE-2024-45411.md create mode 100644 2024/CVE-2024-45412.md create mode 100644 2024/CVE-2024-45415.md create mode 100644 2024/CVE-2024-45416.md create mode 100644 2024/CVE-2024-45440.md create mode 100644 2024/CVE-2024-45463.md create mode 100644 2024/CVE-2024-45476.md create mode 100644 2024/CVE-2024-45489.md create mode 100644 2024/CVE-2024-45490.md create mode 100644 2024/CVE-2024-45498.md create mode 100644 2024/CVE-2024-45505.md create mode 100644 2024/CVE-2024-45506.md create mode 100644 2024/CVE-2024-45507.md create mode 100644 2024/CVE-2024-45519.md create mode 100644 2024/CVE-2024-45589.md create mode 100644 2024/CVE-2024-45590.md create mode 100644 2024/CVE-2024-45608.md create mode 100644 2024/CVE-2024-45614.md create mode 100644 2024/CVE-2024-45622.md create mode 100644 2024/CVE-2024-45623.md create mode 100644 2024/CVE-2024-45678.md create mode 100644 2024/CVE-2024-45691.md create mode 100644 2024/CVE-2024-45699.md create mode 100644 2024/CVE-2024-45712.md create mode 100644 2024/CVE-2024-45752.md create mode 100644 2024/CVE-2024-45771.md create mode 100644 2024/CVE-2024-45774.md create mode 100644 2024/CVE-2024-4579.md create mode 100644 2024/CVE-2024-45794.md create mode 100644 2024/CVE-2024-45802.md create mode 100644 2024/CVE-2024-45803.md create mode 100644 2024/CVE-2024-45806.md create mode 100644 2024/CVE-2024-45812.md create mode 100644 2024/CVE-2024-45827.md create mode 100644 2024/CVE-2024-45848.md create mode 100644 2024/CVE-2024-45870.md create mode 100644 2024/CVE-2024-45871.md create mode 100644 2024/CVE-2024-45872.md create mode 100644 2024/CVE-2024-45875.md create mode 100644 2024/CVE-2024-45876.md create mode 100644 2024/CVE-2024-45877.md create mode 100644 2024/CVE-2024-45878.md create mode 100644 2024/CVE-2024-45879.md create mode 100644 2024/CVE-2024-45880.md create mode 100644 2024/CVE-2024-45918.md create mode 100644 2024/CVE-2024-45932.md create mode 100644 2024/CVE-2024-45933.md create mode 100644 2024/CVE-2024-45944.md create mode 100644 2024/CVE-2024-45960.md create mode 100644 2024/CVE-2024-45962.md create mode 100644 2024/CVE-2024-45964.md create mode 100644 2024/CVE-2024-45999.md create mode 100644 2024/CVE-2024-46040.md create mode 100644 2024/CVE-2024-46041.md create mode 100644 2024/CVE-2024-46054.md create mode 100644 2024/CVE-2024-46055.md create mode 100644 2024/CVE-2024-46079.md create mode 100644 2024/CVE-2024-46081.md create mode 100644 2024/CVE-2024-46082.md create mode 100644 2024/CVE-2024-46083.md create mode 100644 2024/CVE-2024-46103.md create mode 100644 2024/CVE-2024-46209.md create mode 100644 2024/CVE-2024-46210.md create mode 100644 2024/CVE-2024-46226.md create mode 100644 2024/CVE-2024-46242.md create mode 100644 2024/CVE-2024-46256.md create mode 100644 2024/CVE-2024-46257.md create mode 100644 2024/CVE-2024-46278.md create mode 100644 2024/CVE-2024-46280.md create mode 100644 2024/CVE-2024-4629.md create mode 100644 2024/CVE-2024-46292.md create mode 100644 2024/CVE-2024-46300.md create mode 100644 2024/CVE-2024-46310.md create mode 100644 2024/CVE-2024-46313.md create mode 100644 2024/CVE-2024-46325.md create mode 100644 2024/CVE-2024-46326.md create mode 100644 2024/CVE-2024-46374.md create mode 100644 2024/CVE-2024-46377.md create mode 100644 2024/CVE-2024-46382.md create mode 100644 2024/CVE-2024-46383.md create mode 100644 2024/CVE-2024-46419.md create mode 100644 2024/CVE-2024-46424.md create mode 100644 2024/CVE-2024-46429.md create mode 100644 2024/CVE-2024-46430.md create mode 100644 2024/CVE-2024-46431.md create mode 100644 2024/CVE-2024-46432.md create mode 100644 2024/CVE-2024-46433.md create mode 100644 2024/CVE-2024-46434.md create mode 100644 2024/CVE-2024-46435.md create mode 100644 2024/CVE-2024-46436.md create mode 100644 2024/CVE-2024-46437.md create mode 100644 2024/CVE-2024-46442.md create mode 100644 2024/CVE-2024-46451.md create mode 100644 2024/CVE-2024-46453.md create mode 100644 2024/CVE-2024-46455.md create mode 100644 2024/CVE-2024-46461.md create mode 100644 2024/CVE-2024-46472.md create mode 100644 2024/CVE-2024-46475.md create mode 100644 2024/CVE-2024-46479.md create mode 100644 2024/CVE-2024-46480.md create mode 100644 2024/CVE-2024-46481.md create mode 100644 2024/CVE-2024-46483.md create mode 100644 2024/CVE-2024-46486.md create mode 100644 2024/CVE-2024-46488.md create mode 100644 2024/CVE-2024-46489.md create mode 100644 2024/CVE-2024-46494.md create mode 100644 2024/CVE-2024-46505.md create mode 100644 2024/CVE-2024-46506.md create mode 100644 2024/CVE-2024-46510.md create mode 100644 2024/CVE-2024-46528.md create mode 100644 2024/CVE-2024-46532.md create mode 100644 2024/CVE-2024-46538.md create mode 100644 2024/CVE-2024-46539.md create mode 100644 2024/CVE-2024-46542.md create mode 100644 2024/CVE-2024-46605.md create mode 100644 2024/CVE-2024-46607.md create mode 100644 2024/CVE-2024-46609.md create mode 100644 2024/CVE-2024-46610.md create mode 100644 2024/CVE-2024-46612.md create mode 100644 2024/CVE-2024-46626.md create mode 100644 2024/CVE-2024-46627.md create mode 100644 2024/CVE-2024-46635.md create mode 100644 2024/CVE-2024-46644.md create mode 100644 2024/CVE-2024-46645.md create mode 100644 2024/CVE-2024-46646.md create mode 100644 2024/CVE-2024-46647.md create mode 100644 2024/CVE-2024-46648.md create mode 100644 2024/CVE-2024-46649.md create mode 100644 2024/CVE-2024-4665.md create mode 100644 2024/CVE-2024-46658.md create mode 100644 2024/CVE-2024-46669.md create mode 100644 2024/CVE-2024-46713.md create mode 100644 2024/CVE-2024-46740.md create mode 100644 2024/CVE-2024-46774.md create mode 100644 2024/CVE-2024-46786.md create mode 100644 2024/CVE-2024-46811.md create mode 100644 2024/CVE-2024-46813.md create mode 100644 2024/CVE-2024-46833.md create mode 100644 2024/CVE-2024-46909.md create mode 100644 2024/CVE-2024-46938.md create mode 100644 2024/CVE-2024-46960.md create mode 100644 2024/CVE-2024-46961.md create mode 100644 2024/CVE-2024-46962.md create mode 100644 2024/CVE-2024-46963.md create mode 100644 2024/CVE-2024-46964.md create mode 100644 2024/CVE-2024-46965.md create mode 100644 2024/CVE-2024-46966.md create mode 100644 2024/CVE-2024-46977.md create mode 100644 2024/CVE-2024-46978.md create mode 100644 2024/CVE-2024-46979.md create mode 100644 2024/CVE-2024-4698.md create mode 100644 2024/CVE-2024-46981.md create mode 100644 2024/CVE-2024-46982.md create mode 100644 2024/CVE-2024-46986.md create mode 100644 2024/CVE-2024-46987.md create mode 100644 2024/CVE-2024-47003.md create mode 100644 2024/CVE-2024-47051.md create mode 100644 2024/CVE-2024-47060.md create mode 100644 2024/CVE-2024-47062.md create mode 100644 2024/CVE-2024-47066.md create mode 100644 2024/CVE-2024-47067.md create mode 100644 2024/CVE-2024-47068.md create mode 100644 2024/CVE-2024-47069.md create mode 100644 2024/CVE-2024-47071.md create mode 100644 2024/CVE-2024-47072.md create mode 100644 2024/CVE-2024-47075.md create mode 100644 2024/CVE-2024-47076.md create mode 100644 2024/CVE-2024-47103.md create mode 100644 2024/CVE-2024-4711.md create mode 100644 2024/CVE-2024-47170.md create mode 100644 2024/CVE-2024-47175.md create mode 100644 2024/CVE-2024-47176.md create mode 100644 2024/CVE-2024-47177.md create mode 100644 2024/CVE-2024-47179.md create mode 100644 2024/CVE-2024-47182.md create mode 100644 2024/CVE-2024-47184.md create mode 100644 2024/CVE-2024-47186.md create mode 100644 2024/CVE-2024-47187.md create mode 100644 2024/CVE-2024-47195.md create mode 100644 2024/CVE-2024-47208.md create mode 100644 2024/CVE-2024-47212.md create mode 100644 2024/CVE-2024-47213.md create mode 100644 2024/CVE-2024-47214.md create mode 100644 2024/CVE-2024-47215.md create mode 100644 2024/CVE-2024-47217.md create mode 100644 2024/CVE-2024-47223.md create mode 100644 2024/CVE-2024-47226.md create mode 100644 2024/CVE-2024-47315.md create mode 100644 2024/CVE-2024-47373.md create mode 100644 2024/CVE-2024-47374.md create mode 100644 2024/CVE-2024-47408.md create mode 100644 2024/CVE-2024-4741.md create mode 100644 2024/CVE-2024-47523.md create mode 100644 2024/CVE-2024-47524.md create mode 100644 2024/CVE-2024-47525.md create mode 100644 2024/CVE-2024-47526.md create mode 100644 2024/CVE-2024-47527.md create mode 100644 2024/CVE-2024-47528.md create mode 100644 2024/CVE-2024-47529.md create mode 100644 2024/CVE-2024-47530.md create mode 100644 2024/CVE-2024-47531.md create mode 100644 2024/CVE-2024-47532.md create mode 100644 2024/CVE-2024-47533.md create mode 100644 2024/CVE-2024-47535.md create mode 100644 2024/CVE-2024-47536.md create mode 100644 2024/CVE-2024-47554.md create mode 100644 2024/CVE-2024-47575.md create mode 100644 2024/CVE-2024-47595.md create mode 100644 2024/CVE-2024-47619.md create mode 100644 2024/CVE-2024-47637.md create mode 100644 2024/CVE-2024-4768.md create mode 100644 2024/CVE-2024-4769.md create mode 100644 2024/CVE-2024-47691.md create mode 100644 2024/CVE-2024-47704.md create mode 100644 2024/CVE-2024-4773.md create mode 100644 2024/CVE-2024-47730.md create mode 100644 2024/CVE-2024-47736.md create mode 100644 2024/CVE-2024-4775.md create mode 100644 2024/CVE-2024-47764.md create mode 100644 2024/CVE-2024-47765.md create mode 100644 2024/CVE-2024-47769.md create mode 100644 2024/CVE-2024-47770.md create mode 100644 2024/CVE-2024-47773.md create mode 100644 2024/CVE-2024-47796.md create mode 100644 2024/CVE-2024-47799.md create mode 100644 2024/CVE-2024-47810.md create mode 100644 2024/CVE-2024-47814.md create mode 100644 2024/CVE-2024-47817.md create mode 100644 2024/CVE-2024-47818.md create mode 100644 2024/CVE-2024-47821.md create mode 100644 2024/CVE-2024-47822.md create mode 100644 2024/CVE-2024-47823.md create mode 100644 2024/CVE-2024-47827.md create mode 100644 2024/CVE-2024-47828.md create mode 100644 2024/CVE-2024-47830.md create mode 100644 2024/CVE-2024-47833.md create mode 100644 2024/CVE-2024-47836.md create mode 100644 2024/CVE-2024-4785.md create mode 100644 2024/CVE-2024-47850.md create mode 100644 2024/CVE-2024-47854.md create mode 100644 2024/CVE-2024-47865.md create mode 100644 2024/CVE-2024-47873.md create mode 100644 2024/CVE-2024-47874.md create mode 100644 2024/CVE-2024-47875.md create mode 100644 2024/CVE-2024-47878.md create mode 100644 2024/CVE-2024-47879.md create mode 100644 2024/CVE-2024-47880.md create mode 100644 2024/CVE-2024-47881.md create mode 100644 2024/CVE-2024-47882.md create mode 100644 2024/CVE-2024-47883.md create mode 100644 2024/CVE-2024-47885.md create mode 100644 2024/CVE-2024-47887.md create mode 100644 2024/CVE-2024-47935.md create mode 100644 2024/CVE-2024-47943.md create mode 100644 2024/CVE-2024-47944.md create mode 100644 2024/CVE-2024-47945.md create mode 100644 2024/CVE-2024-47946.md create mode 100644 2024/CVE-2024-47947.md create mode 100644 2024/CVE-2024-47948.md create mode 100644 2024/CVE-2024-47949.md create mode 100644 2024/CVE-2024-47950.md create mode 100644 2024/CVE-2024-48007.md create mode 100644 2024/CVE-2024-48008.md create mode 100644 2024/CVE-2024-48010.md create mode 100644 2024/CVE-2024-48011.md create mode 100644 2024/CVE-2024-48016.md create mode 100644 2024/CVE-2024-48061.md create mode 100644 2024/CVE-2024-48063.md create mode 100644 2024/CVE-2024-48119.md create mode 100644 2024/CVE-2024-48120.md create mode 100644 2024/CVE-2024-48139.md create mode 100644 2024/CVE-2024-48170.md create mode 100644 2024/CVE-2024-48197.md create mode 100644 2024/CVE-2024-48202.md create mode 100644 2024/CVE-2024-48208.md create mode 100644 2024/CVE-2024-48214.md create mode 100644 2024/CVE-2024-48217.md create mode 100644 2024/CVE-2024-48245.md create mode 100644 2024/CVE-2024-48246.md create mode 100644 2024/CVE-2024-48248.md create mode 100644 2024/CVE-2024-48307.md create mode 100644 2024/CVE-2024-48312.md create mode 100644 2024/CVE-2024-48322.md create mode 100644 2024/CVE-2024-48325.md create mode 100644 2024/CVE-2024-48336.md create mode 100644 2024/CVE-2024-48359.md create mode 100644 2024/CVE-2024-48360.md create mode 100644 2024/CVE-2024-48392.md create mode 100644 2024/CVE-2024-48396.md create mode 100644 2024/CVE-2024-48410.md create mode 100644 2024/CVE-2024-48415.md create mode 100644 2024/CVE-2024-48427.md create mode 100644 2024/CVE-2024-48440.md create mode 100644 2024/CVE-2024-48441.md create mode 100644 2024/CVE-2024-48442.md create mode 100644 2024/CVE-2024-4846.md create mode 100644 2024/CVE-2024-48510.md create mode 100644 2024/CVE-2024-48514.md create mode 100644 2024/CVE-2024-48530.md create mode 100644 2024/CVE-2024-48531.md create mode 100644 2024/CVE-2024-48533.md create mode 100644 2024/CVE-2024-48534.md create mode 100644 2024/CVE-2024-48535.md create mode 100644 2024/CVE-2024-48536.md create mode 100644 2024/CVE-2024-48569.md create mode 100644 2024/CVE-2024-48579.md create mode 100644 2024/CVE-2024-48580.md create mode 100644 2024/CVE-2024-48581.md create mode 100644 2024/CVE-2024-48589.md create mode 100644 2024/CVE-2024-48590.md create mode 100644 2024/CVE-2024-48591.md create mode 100644 2024/CVE-2024-48594.md create mode 100644 2024/CVE-2024-48605.md create mode 100644 2024/CVE-2024-48615.md create mode 100644 2024/CVE-2024-48644.md create mode 100644 2024/CVE-2024-48646.md create mode 100644 2024/CVE-2024-48647.md create mode 100644 2024/CVE-2024-48648.md create mode 100644 2024/CVE-2024-48651.md create mode 100644 2024/CVE-2024-48652.md create mode 100644 2024/CVE-2024-48655.md create mode 100644 2024/CVE-2024-48766.md create mode 100644 2024/CVE-2024-48788.md create mode 100644 2024/CVE-2024-4881.md create mode 100644 2024/CVE-2024-48813.md create mode 100644 2024/CVE-2024-48841.md create mode 100644 2024/CVE-2024-48877.md create mode 100644 2024/CVE-2024-48887.md create mode 100644 2024/CVE-2024-48895.md create mode 100644 2024/CVE-2024-48905.md create mode 100644 2024/CVE-2024-48906.md create mode 100644 2024/CVE-2024-48907.md create mode 100644 2024/CVE-2024-48914.md create mode 100644 2024/CVE-2024-48950.md create mode 100644 2024/CVE-2024-48951.md create mode 100644 2024/CVE-2024-48952.md create mode 100644 2024/CVE-2024-48953.md create mode 100644 2024/CVE-2024-48954.md create mode 100644 2024/CVE-2024-48955.md create mode 100644 2024/CVE-2024-48956.md create mode 100644 2024/CVE-2024-48987.md create mode 100644 2024/CVE-2024-48990.md create mode 100644 2024/CVE-2024-48991.md create mode 100644 2024/CVE-2024-48992.md create mode 100644 2024/CVE-2024-49019.md create mode 100644 2024/CVE-2024-49035.md create mode 100644 2024/CVE-2024-49039.md create mode 100644 2024/CVE-2024-49040.md create mode 100644 2024/CVE-2024-49049.md create mode 100644 2024/CVE-2024-49051.md create mode 100644 2024/CVE-2024-49057.md create mode 100644 2024/CVE-2024-49107.md create mode 100644 2024/CVE-2024-49112.md create mode 100644 2024/CVE-2024-49113.md create mode 100644 2024/CVE-2024-49117.md create mode 100644 2024/CVE-2024-49118.md create mode 100644 2024/CVE-2024-49122.md create mode 100644 2024/CVE-2024-49124.md create mode 100644 2024/CVE-2024-49138.md create mode 100644 2024/CVE-2024-49193.md create mode 100644 2024/CVE-2024-49203.md create mode 100644 2024/CVE-2024-49214.md create mode 100644 2024/CVE-2024-49328.md create mode 100644 2024/CVE-2024-49368.md create mode 100644 2024/CVE-2024-49369.md create mode 100644 2024/CVE-2024-49379.md create mode 100644 2024/CVE-2024-49504.md create mode 100644 2024/CVE-2024-49568.md create mode 100644 2024/CVE-2024-49569.md create mode 100644 2024/CVE-2024-49576.md create mode 100644 2024/CVE-2024-49581.md create mode 100644 2024/CVE-2024-49588.md create mode 100644 2024/CVE-2024-49589.md create mode 100644 2024/CVE-2024-49592.md create mode 100644 2024/CVE-2024-49606.md create mode 100644 2024/CVE-2024-49607.md create mode 100644 2024/CVE-2024-4961.md create mode 100644 2024/CVE-2024-4962.md create mode 100644 2024/CVE-2024-4964.md create mode 100644 2024/CVE-2024-49653.md create mode 100644 2024/CVE-2024-49666.md create mode 100644 2024/CVE-2024-49668.md create mode 100644 2024/CVE-2024-49681.md create mode 100644 2024/CVE-2024-49699.md create mode 100644 2024/CVE-2024-49705.md create mode 100644 2024/CVE-2024-49706.md create mode 100644 2024/CVE-2024-49707.md create mode 100644 2024/CVE-2024-49708.md create mode 100644 2024/CVE-2024-49709.md create mode 100644 2024/CVE-2024-49733.md create mode 100644 2024/CVE-2024-49744.md create mode 100644 2024/CVE-2024-49761.md create mode 100644 2024/CVE-2024-49763.md create mode 100644 2024/CVE-2024-49766.md create mode 100644 2024/CVE-2024-49767.md create mode 100644 2024/CVE-2024-49768.md create mode 100644 2024/CVE-2024-49769.md create mode 100644 2024/CVE-2024-49807.md create mode 100644 2024/CVE-2024-49848.md create mode 100644 2024/CVE-2024-49861.md create mode 100644 2024/CVE-2024-49928.md create mode 100644 2024/CVE-2024-4995.md create mode 100644 2024/CVE-2024-4996.md create mode 100644 2024/CVE-2024-49960.md create mode 100644 2024/CVE-2024-49989.md create mode 100644 2024/CVE-2024-50029.md create mode 100644 2024/CVE-2024-50047.md create mode 100644 2024/CVE-2024-50061.md create mode 100644 2024/CVE-2024-50063.md create mode 100644 2024/CVE-2024-50066.md create mode 100644 2024/CVE-2024-50073.md create mode 100644 2024/CVE-2024-5008.md create mode 100644 2024/CVE-2024-50112.md create mode 100644 2024/CVE-2024-50164.md create mode 100644 2024/CVE-2024-50172.md create mode 100644 2024/CVE-2024-50196.md create mode 100644 2024/CVE-2024-50217.md create mode 100644 2024/CVE-2024-50226.md create mode 100644 2024/CVE-2024-50246.md create mode 100644 2024/CVE-2024-50248.md create mode 100644 2024/CVE-2024-50251.md create mode 100644 2024/CVE-2024-5026.md create mode 100644 2024/CVE-2024-50264.md create mode 100644 2024/CVE-2024-5029.md create mode 100644 2024/CVE-2024-5030.md create mode 100644 2024/CVE-2024-50302.md create mode 100644 2024/CVE-2024-50310.md create mode 100644 2024/CVE-2024-50311.md create mode 100644 2024/CVE-2024-50312.md create mode 100644 2024/CVE-2024-50334.md create mode 100644 2024/CVE-2024-50335.md create mode 100644 2024/CVE-2024-50338.md create mode 100644 2024/CVE-2024-50339.md create mode 100644 2024/CVE-2024-50340.md create mode 100644 2024/CVE-2024-50344.md create mode 100644 2024/CVE-2024-50345.md create mode 100644 2024/CVE-2024-50349.md create mode 100644 2024/CVE-2024-50379.md create mode 100644 2024/CVE-2024-50382.md create mode 100644 2024/CVE-2024-50383.md create mode 100644 2024/CVE-2024-50395.md create mode 100644 2024/CVE-2024-50404.md create mode 100644 2024/CVE-2024-50405.md create mode 100644 2024/CVE-2024-50427.md create mode 100644 2024/CVE-2024-50450.md create mode 100644 2024/CVE-2024-50473.md create mode 100644 2024/CVE-2024-50475.md create mode 100644 2024/CVE-2024-50476.md create mode 100644 2024/CVE-2024-50477.md create mode 100644 2024/CVE-2024-50478.md create mode 100644 2024/CVE-2024-50482.md create mode 100644 2024/CVE-2024-50483.md create mode 100644 2024/CVE-2024-50485.md create mode 100644 2024/CVE-2024-50488.md create mode 100644 2024/CVE-2024-50490.md create mode 100644 2024/CVE-2024-50491.md create mode 100644 2024/CVE-2024-50492.md create mode 100644 2024/CVE-2024-50493.md create mode 100644 2024/CVE-2024-50498.md create mode 100644 2024/CVE-2024-50507.md create mode 100644 2024/CVE-2024-50508.md create mode 100644 2024/CVE-2024-50509.md create mode 100644 2024/CVE-2024-50510.md create mode 100644 2024/CVE-2024-50550.md create mode 100644 2024/CVE-2024-50584.md create mode 100644 2024/CVE-2024-50585.md create mode 100644 2024/CVE-2024-50588.md create mode 100644 2024/CVE-2024-50589.md create mode 100644 2024/CVE-2024-50590.md create mode 100644 2024/CVE-2024-50591.md create mode 100644 2024/CVE-2024-50592.md create mode 100644 2024/CVE-2024-50593.md create mode 100644 2024/CVE-2024-50602.md create mode 100644 2024/CVE-2024-50603.md create mode 100644 2024/CVE-2024-50608.md create mode 100644 2024/CVE-2024-50609.md create mode 100644 2024/CVE-2024-50623.md create mode 100644 2024/CVE-2024-50625.md create mode 100644 2024/CVE-2024-50626.md create mode 100644 2024/CVE-2024-50627.md create mode 100644 2024/CVE-2024-50628.md create mode 100644 2024/CVE-2024-50633.md create mode 100644 2024/CVE-2024-50657.md create mode 100644 2024/CVE-2024-50677.md create mode 100644 2024/CVE-2024-50704.md create mode 100644 2024/CVE-2024-50705.md create mode 100644 2024/CVE-2024-50706.md create mode 100644 2024/CVE-2024-50707.md create mode 100644 2024/CVE-2024-50724.md create mode 100644 2024/CVE-2024-50803.md create mode 100644 2024/CVE-2024-50804.md create mode 100644 2024/CVE-2024-50807.md create mode 100644 2024/CVE-2024-5082.md create mode 100644 2024/CVE-2024-5083.md create mode 100644 2024/CVE-2024-50848.md create mode 100644 2024/CVE-2024-50849.md create mode 100644 2024/CVE-2024-50920.md create mode 100644 2024/CVE-2024-50921.md create mode 100644 2024/CVE-2024-50924.md create mode 100644 2024/CVE-2024-50928.md create mode 100644 2024/CVE-2024-50929.md create mode 100644 2024/CVE-2024-50930.md create mode 100644 2024/CVE-2024-50931.md create mode 100644 2024/CVE-2024-50944.md create mode 100644 2024/CVE-2024-50945.md create mode 100644 2024/CVE-2024-50960.md create mode 100644 2024/CVE-2024-50967.md create mode 100644 2024/CVE-2024-50968.md create mode 100644 2024/CVE-2024-50969.md create mode 100644 2024/CVE-2024-50970.md create mode 100644 2024/CVE-2024-50971.md create mode 100644 2024/CVE-2024-50972.md create mode 100644 2024/CVE-2024-50986.md create mode 100644 2024/CVE-2024-51026.md create mode 100644 2024/CVE-2024-51027.md create mode 100644 2024/CVE-2024-51030.md create mode 100644 2024/CVE-2024-51031.md create mode 100644 2024/CVE-2024-51032.md create mode 100644 2024/CVE-2024-51037.md create mode 100644 2024/CVE-2024-51051.md create mode 100644 2024/CVE-2024-51053.md create mode 100644 2024/CVE-2024-51060.md create mode 100644 2024/CVE-2024-51063.md create mode 100644 2024/CVE-2024-51064.md create mode 100644 2024/CVE-2024-51065.md create mode 100644 2024/CVE-2024-51066.md create mode 100644 2024/CVE-2024-51072.md create mode 100644 2024/CVE-2024-51073.md create mode 100644 2024/CVE-2024-51074.md create mode 100644 2024/CVE-2024-51091.md create mode 100644 2024/CVE-2024-51111.md create mode 100644 2024/CVE-2024-51112.md create mode 100644 2024/CVE-2024-51114.md create mode 100644 2024/CVE-2024-51115.md create mode 100644 2024/CVE-2024-51116.md create mode 100644 2024/CVE-2024-51127.md create mode 100644 2024/CVE-2024-51132.md create mode 100644 2024/CVE-2024-51135.md create mode 100644 2024/CVE-2024-51136.md create mode 100644 2024/CVE-2024-51141.md create mode 100644 2024/CVE-2024-51142.md create mode 100644 2024/CVE-2024-51144.md create mode 100644 2024/CVE-2024-51156.md create mode 100644 2024/CVE-2024-51162.md create mode 100644 2024/CVE-2024-51163.md create mode 100644 2024/CVE-2024-51179.md create mode 100644 2024/CVE-2024-51186.md create mode 100644 2024/CVE-2024-51187.md create mode 100644 2024/CVE-2024-51188.md create mode 100644 2024/CVE-2024-51189.md create mode 100644 2024/CVE-2024-51190.md create mode 100644 2024/CVE-2024-51208.md create mode 100644 2024/CVE-2024-51209.md create mode 100644 2024/CVE-2024-51210.md create mode 100644 2024/CVE-2024-51211.md create mode 100644 2024/CVE-2024-51228.md create mode 100644 2024/CVE-2024-5124.md create mode 100644 2024/CVE-2024-51240.md create mode 100644 2024/CVE-2024-51324.md create mode 100644 2024/CVE-2024-51326.md create mode 100644 2024/CVE-2024-51327.md create mode 100644 2024/CVE-2024-51328.md create mode 100644 2024/CVE-2024-51329.md create mode 100644 2024/CVE-2024-51330.md create mode 100644 2024/CVE-2024-51337.md create mode 100644 2024/CVE-2024-51358.md create mode 100644 2024/CVE-2024-51363.md create mode 100644 2024/CVE-2024-51364.md create mode 100644 2024/CVE-2024-51376.md create mode 100644 2024/CVE-2024-51378.md create mode 100644 2024/CVE-2024-51379.md create mode 100644 2024/CVE-2024-51380.md create mode 100644 2024/CVE-2024-51381.md create mode 100644 2024/CVE-2024-51382.md create mode 100644 2024/CVE-2024-51406.md create mode 100644 2024/CVE-2024-51407.md create mode 100644 2024/CVE-2024-51408.md create mode 100644 2024/CVE-2024-51409.md create mode 100644 2024/CVE-2024-51417.md create mode 100644 2024/CVE-2024-51430.md create mode 100644 2024/CVE-2024-51431.md create mode 100644 2024/CVE-2024-51432.md create mode 100644 2024/CVE-2024-51434.md create mode 100644 2024/CVE-2024-51442.md create mode 100644 2024/CVE-2024-51466.md create mode 100644 2024/CVE-2024-51478.md create mode 100644 2024/CVE-2024-51479.md create mode 100644 2024/CVE-2024-51480.md create mode 100644 2024/CVE-2024-51482.md create mode 100644 2024/CVE-2024-51483.md create mode 100644 2024/CVE-2024-51484.md create mode 100644 2024/CVE-2024-51485.md create mode 100644 2024/CVE-2024-51486.md create mode 100644 2024/CVE-2024-51487.md create mode 100644 2024/CVE-2024-51488.md create mode 100644 2024/CVE-2024-51489.md create mode 100644 2024/CVE-2024-51490.md create mode 100644 2024/CVE-2024-51491.md create mode 100644 2024/CVE-2024-51492.md create mode 100644 2024/CVE-2024-51494.md create mode 100644 2024/CVE-2024-51495.md create mode 100644 2024/CVE-2024-51496.md create mode 100644 2024/CVE-2024-51497.md create mode 100644 2024/CVE-2024-51498.md create mode 100644 2024/CVE-2024-51500.md create mode 100644 2024/CVE-2024-51501.md create mode 100644 2024/CVE-2024-51502.md create mode 100644 2024/CVE-2024-51504.md create mode 100644 2024/CVE-2024-51567.md create mode 100644 2024/CVE-2024-51568.md create mode 100644 2024/CVE-2024-51665.md create mode 100644 2024/CVE-2024-5170.md create mode 100644 2024/CVE-2024-51735.md create mode 100644 2024/CVE-2024-51736.md create mode 100644 2024/CVE-2024-51737.md create mode 100644 2024/CVE-2024-5174.md create mode 100644 2024/CVE-2024-51741.md create mode 100644 2024/CVE-2024-51746.md create mode 100644 2024/CVE-2024-51747.md create mode 100644 2024/CVE-2024-51748.md create mode 100644 2024/CVE-2024-51751.md create mode 100644 2024/CVE-2024-51774.md create mode 100644 2024/CVE-2024-5178.md create mode 100644 2024/CVE-2024-51788.md create mode 100644 2024/CVE-2024-51793.md create mode 100644 2024/CVE-2024-51818.md create mode 100644 2024/CVE-2024-5194.md create mode 100644 2024/CVE-2024-5195.md create mode 100644 2024/CVE-2024-5196.md create mode 100644 2024/CVE-2024-51996.md create mode 100644 2024/CVE-2024-51997.md create mode 100644 2024/CVE-2024-51998.md create mode 100644 2024/CVE-2024-52000.md create mode 100644 2024/CVE-2024-52002.md create mode 100644 2024/CVE-2024-52005.md create mode 100644 2024/CVE-2024-52006.md create mode 100644 2024/CVE-2024-52033.md create mode 100644 2024/CVE-2024-52035.md create mode 100644 2024/CVE-2024-52046.md create mode 100644 2024/CVE-2024-5206.md create mode 100644 2024/CVE-2024-52286.md create mode 100644 2024/CVE-2024-52293.md create mode 100644 2024/CVE-2024-52301.md create mode 100644 2024/CVE-2024-52302.md create mode 100644 2024/CVE-2024-52303.md create mode 100644 2024/CVE-2024-52305.md create mode 100644 2024/CVE-2024-52316.md create mode 100644 2024/CVE-2024-52317.md create mode 100644 2024/CVE-2024-52318.md create mode 100644 2024/CVE-2024-52320.md create mode 100644 2024/CVE-2024-52333.md create mode 100644 2024/CVE-2024-52336.md create mode 100644 2024/CVE-2024-52337.md create mode 100644 2024/CVE-2024-52338.md create mode 100644 2024/CVE-2024-52375.md create mode 100644 2024/CVE-2024-52380.md create mode 100644 2024/CVE-2024-52382.md create mode 100644 2024/CVE-2024-52402.md create mode 100644 2024/CVE-2024-5241.md create mode 100644 2024/CVE-2024-52427.md create mode 100644 2024/CVE-2024-52429.md create mode 100644 2024/CVE-2024-5243.md create mode 100644 2024/CVE-2024-52430.md create mode 100644 2024/CVE-2024-52433.md create mode 100644 2024/CVE-2024-52475.md create mode 100644 2024/CVE-2024-5249.md create mode 100644 2024/CVE-2024-5250.md create mode 100644 2024/CVE-2024-52510.md create mode 100644 2024/CVE-2024-52531.md create mode 100644 2024/CVE-2024-52533.md create mode 100644 2024/CVE-2024-52544.md create mode 100644 2024/CVE-2024-52545.md create mode 100644 2024/CVE-2024-52546.md create mode 100644 2024/CVE-2024-52547.md create mode 100644 2024/CVE-2024-52548.md create mode 100644 2024/CVE-2024-52550.md create mode 100644 2024/CVE-2024-52602.md create mode 100644 2024/CVE-2024-52615.md create mode 100644 2024/CVE-2024-52616.md create mode 100644 2024/CVE-2024-52711.md create mode 100644 2024/CVE-2024-52726.md create mode 100644 2024/CVE-2024-52765.md create mode 100644 2024/CVE-2024-52794.md create mode 100644 2024/CVE-2024-52798.md create mode 100644 2024/CVE-2024-52800.md create mode 100644 2024/CVE-2024-52804.md create mode 100644 2024/CVE-2024-52867.md create mode 100644 2024/CVE-2024-52869.md create mode 100644 2024/CVE-2024-52870.md create mode 100644 2024/CVE-2024-52874.md create mode 100644 2024/CVE-2024-52875.md create mode 100644 2024/CVE-2024-52881.md create mode 100644 2024/CVE-2024-52882.md create mode 100644 2024/CVE-2024-52883.md create mode 100644 2024/CVE-2024-52884.md create mode 100644 2024/CVE-2024-52887.md create mode 100644 2024/CVE-2024-52888.md create mode 100644 2024/CVE-2024-52917.md create mode 100644 2024/CVE-2024-52918.md create mode 100644 2024/CVE-2024-52940.md create mode 100644 2024/CVE-2024-52951.md create mode 100644 2024/CVE-2024-52980.md create mode 100644 2024/CVE-2024-52981.md create mode 100644 2024/CVE-2024-53027.md create mode 100644 2024/CVE-2024-53095.md create mode 100644 2024/CVE-2024-53103.md create mode 100644 2024/CVE-2024-53104.md create mode 100644 2024/CVE-2024-53108.md create mode 100644 2024/CVE-2024-53125.md create mode 100644 2024/CVE-2024-53133.md create mode 100644 2024/CVE-2024-53141.md create mode 100644 2024/CVE-2024-53150.md create mode 100644 2024/CVE-2024-53166.md create mode 100644 2024/CVE-2024-53170.md create mode 100644 2024/CVE-2024-53172.md create mode 100644 2024/CVE-2024-53176.md create mode 100644 2024/CVE-2024-53178.md create mode 100644 2024/CVE-2024-53179.md create mode 100644 2024/CVE-2024-53180.md create mode 100644 2024/CVE-2024-53181.md create mode 100644 2024/CVE-2024-53182.md create mode 100644 2024/CVE-2024-53183.md create mode 100644 2024/CVE-2024-53184.md create mode 100644 2024/CVE-2024-53185.md create mode 100644 2024/CVE-2024-53186.md create mode 100644 2024/CVE-2024-53187.md create mode 100644 2024/CVE-2024-53188.md create mode 100644 2024/CVE-2024-53189.md create mode 100644 2024/CVE-2024-53191.md create mode 100644 2024/CVE-2024-53194.md create mode 100644 2024/CVE-2024-53195.md create mode 100644 2024/CVE-2024-53196.md create mode 100644 2024/CVE-2024-53197.md create mode 100644 2024/CVE-2024-53198.md create mode 100644 2024/CVE-2024-53199.md create mode 100644 2024/CVE-2024-53200.md create mode 100644 2024/CVE-2024-53201.md create mode 100644 2024/CVE-2024-53202.md create mode 100644 2024/CVE-2024-53203.md create mode 100644 2024/CVE-2024-53204.md create mode 100644 2024/CVE-2024-53205.md create mode 100644 2024/CVE-2024-53206.md create mode 100644 2024/CVE-2024-53207.md create mode 100644 2024/CVE-2024-53208.md create mode 100644 2024/CVE-2024-53209.md create mode 100644 2024/CVE-2024-53210.md create mode 100644 2024/CVE-2024-53211.md create mode 100644 2024/CVE-2024-53212.md create mode 100644 2024/CVE-2024-53213.md create mode 100644 2024/CVE-2024-53214.md create mode 100644 2024/CVE-2024-53215.md create mode 100644 2024/CVE-2024-53216.md create mode 100644 2024/CVE-2024-53217.md create mode 100644 2024/CVE-2024-53218.md create mode 100644 2024/CVE-2024-53219.md create mode 100644 2024/CVE-2024-53220.md create mode 100644 2024/CVE-2024-53221.md create mode 100644 2024/CVE-2024-53222.md create mode 100644 2024/CVE-2024-53223.md create mode 100644 2024/CVE-2024-53224.md create mode 100644 2024/CVE-2024-53225.md create mode 100644 2024/CVE-2024-53226.md create mode 100644 2024/CVE-2024-53227.md create mode 100644 2024/CVE-2024-53228.md create mode 100644 2024/CVE-2024-53229.md create mode 100644 2024/CVE-2024-53230.md create mode 100644 2024/CVE-2024-53231.md create mode 100644 2024/CVE-2024-53232.md create mode 100644 2024/CVE-2024-53233.md create mode 100644 2024/CVE-2024-53234.md create mode 100644 2024/CVE-2024-53235.md create mode 100644 2024/CVE-2024-53236.md create mode 100644 2024/CVE-2024-53237.md create mode 100644 2024/CVE-2024-53238.md create mode 100644 2024/CVE-2024-53239.md create mode 100644 2024/CVE-2024-5324.md create mode 100644 2024/CVE-2024-53255.md create mode 100644 2024/CVE-2024-53259.md create mode 100644 2024/CVE-2024-53263.md create mode 100644 2024/CVE-2024-53272.md create mode 100644 2024/CVE-2024-53273.md create mode 100644 2024/CVE-2024-53274.md create mode 100644 2024/CVE-2024-53275.md create mode 100644 2024/CVE-2024-53276.md create mode 100644 2024/CVE-2024-53279.md create mode 100644 2024/CVE-2024-53280.md create mode 100644 2024/CVE-2024-53281.md create mode 100644 2024/CVE-2024-53282.md create mode 100644 2024/CVE-2024-53283.md create mode 100644 2024/CVE-2024-53284.md create mode 100644 2024/CVE-2024-53285.md create mode 100644 2024/CVE-2024-5333.md create mode 100644 2024/CVE-2024-53345.md create mode 100644 2024/CVE-2024-53354.md create mode 100644 2024/CVE-2024-53355.md create mode 100644 2024/CVE-2024-53356.md create mode 100644 2024/CVE-2024-53357.md create mode 100644 2024/CVE-2024-53359.md create mode 100644 2024/CVE-2024-5336.md create mode 100644 2024/CVE-2024-5337.md create mode 100644 2024/CVE-2024-53375.md create mode 100644 2024/CVE-2024-53376.md create mode 100644 2024/CVE-2024-5338.md create mode 100644 2024/CVE-2024-53382.md create mode 100644 2024/CVE-2024-53384.md create mode 100644 2024/CVE-2024-53386.md create mode 100644 2024/CVE-2024-53387.md create mode 100644 2024/CVE-2024-53388.md create mode 100644 2024/CVE-2024-5339.md create mode 100644 2024/CVE-2024-5340.md create mode 100644 2024/CVE-2024-53407.md create mode 100644 2024/CVE-2024-53408.md create mode 100644 2024/CVE-2024-53427.md create mode 100644 2024/CVE-2024-53438.md create mode 100644 2024/CVE-2024-53442.md create mode 100644 2024/CVE-2024-53450.md create mode 100644 2024/CVE-2024-53470.md create mode 100644 2024/CVE-2024-53471.md create mode 100644 2024/CVE-2024-53472.md create mode 100644 2024/CVE-2024-53473.md create mode 100644 2024/CVE-2024-53476.md create mode 100644 2024/CVE-2024-53522.md create mode 100644 2024/CVE-2024-53542.md create mode 100644 2024/CVE-2024-53543.md create mode 100644 2024/CVE-2024-53544.md create mode 100644 2024/CVE-2024-53552.md create mode 100644 2024/CVE-2024-53569.md create mode 100644 2024/CVE-2024-53588.md create mode 100644 2024/CVE-2024-53589.md create mode 100644 2024/CVE-2024-53591.md create mode 100644 2024/CVE-2024-53614.md create mode 100644 2024/CVE-2024-53615.md create mode 100644 2024/CVE-2024-53617.md create mode 100644 2024/CVE-2024-53619.md create mode 100644 2024/CVE-2024-53620.md create mode 100644 2024/CVE-2024-53675.md create mode 100644 2024/CVE-2024-53676.md create mode 100644 2024/CVE-2024-53677.md create mode 100644 2024/CVE-2024-53685.md create mode 100644 2024/CVE-2024-53687.md create mode 100644 2024/CVE-2024-53691.md create mode 100644 2024/CVE-2024-53693.md create mode 100644 2024/CVE-2024-53703.md create mode 100644 2024/CVE-2024-53704.md create mode 100644 2024/CVE-2024-53737.md create mode 100644 2024/CVE-2024-53807.md create mode 100644 2024/CVE-2024-53861.md create mode 100644 2024/CVE-2024-53899.md create mode 100644 2024/CVE-2024-53900.md create mode 100644 2024/CVE-2024-53908.md create mode 100644 2024/CVE-2024-53920.md create mode 100644 2024/CVE-2024-53924.md create mode 100644 2024/CVE-2024-53930.md create mode 100644 2024/CVE-2024-53931.md create mode 100644 2024/CVE-2024-53932.md create mode 100644 2024/CVE-2024-53933.md create mode 100644 2024/CVE-2024-53934.md create mode 100644 2024/CVE-2024-53935.md create mode 100644 2024/CVE-2024-53936.md create mode 100644 2024/CVE-2024-53937.md create mode 100644 2024/CVE-2024-53938.md create mode 100644 2024/CVE-2024-53939.md create mode 100644 2024/CVE-2024-53940.md create mode 100644 2024/CVE-2024-53941.md create mode 100644 2024/CVE-2024-53942.md create mode 100644 2024/CVE-2024-53943.md create mode 100644 2024/CVE-2024-53944.md create mode 100644 2024/CVE-2024-53975.md create mode 100644 2024/CVE-2024-53976.md create mode 100644 2024/CVE-2024-53981.md create mode 100644 2024/CVE-2024-53995.md create mode 100644 2024/CVE-2024-54028.md create mode 100644 2024/CVE-2024-54083.md create mode 100644 2024/CVE-2024-54085.md create mode 100644 2024/CVE-2024-54089.md create mode 100644 2024/CVE-2024-54090.md create mode 100644 2024/CVE-2024-54129.md create mode 100644 2024/CVE-2024-54130.md create mode 100644 2024/CVE-2024-54131.md create mode 100644 2024/CVE-2024-54134.md create mode 100644 2024/CVE-2024-54141.md create mode 100644 2024/CVE-2024-54143.md create mode 100644 2024/CVE-2024-54147.md create mode 100644 2024/CVE-2024-54150.md create mode 100644 2024/CVE-2024-54152.md create mode 100644 2024/CVE-2024-5416.md create mode 100644 2024/CVE-2024-54160.md create mode 100644 2024/CVE-2024-54188.md create mode 100644 2024/CVE-2024-54221.md create mode 100644 2024/CVE-2024-54239.md create mode 100644 2024/CVE-2024-54253.md create mode 100644 2024/CVE-2024-54262.md create mode 100644 2024/CVE-2024-54273.md create mode 100644 2024/CVE-2024-5429.md create mode 100644 2024/CVE-2024-54292.md create mode 100644 2024/CVE-2024-54321.md create mode 100644 2024/CVE-2024-54330.md create mode 100644 2024/CVE-2024-54363.md create mode 100644 2024/CVE-2024-54369.md create mode 100644 2024/CVE-2024-54374.md create mode 100644 2024/CVE-2024-54378.md create mode 100644 2024/CVE-2024-54379.md create mode 100644 2024/CVE-2024-54383.md create mode 100644 2024/CVE-2024-54385.md create mode 100644 2024/CVE-2024-5440.md create mode 100644 2024/CVE-2024-5443.md create mode 100644 2024/CVE-2024-54445.md create mode 100644 2024/CVE-2024-54446.md create mode 100644 2024/CVE-2024-54447.md create mode 100644 2024/CVE-2024-54448.md create mode 100644 2024/CVE-2024-54449.md create mode 100644 2024/CVE-2024-54460.md create mode 100644 2024/CVE-2024-54479.md create mode 100644 2024/CVE-2024-54488.md create mode 100644 2024/CVE-2024-54498.md create mode 100644 2024/CVE-2024-54507.md create mode 100644 2024/CVE-2024-5452.md create mode 100644 2024/CVE-2024-54525.md create mode 100644 2024/CVE-2024-54531.md create mode 100644 2024/CVE-2024-54538.md create mode 100644 2024/CVE-2024-54540.md create mode 100644 2024/CVE-2024-54676.md create mode 100644 2024/CVE-2024-54679.md create mode 100644 2024/CVE-2024-54683.md create mode 100644 2024/CVE-2024-54687.md create mode 100644 2024/CVE-2024-54730.md create mode 100644 2024/CVE-2024-54756.md create mode 100644 2024/CVE-2024-54761.md create mode 100644 2024/CVE-2024-54762.md create mode 100644 2024/CVE-2024-54763.md create mode 100644 2024/CVE-2024-54764.md create mode 100644 2024/CVE-2024-54772.md create mode 100644 2024/CVE-2024-54792.md create mode 100644 2024/CVE-2024-54794.md create mode 100644 2024/CVE-2024-54795.md create mode 100644 2024/CVE-2024-54802.md create mode 100644 2024/CVE-2024-54803.md create mode 100644 2024/CVE-2024-54804.md create mode 100644 2024/CVE-2024-54805.md create mode 100644 2024/CVE-2024-54806.md create mode 100644 2024/CVE-2024-54807.md create mode 100644 2024/CVE-2024-54808.md create mode 100644 2024/CVE-2024-54809.md create mode 100644 2024/CVE-2024-54819.md create mode 100644 2024/CVE-2024-54820.md create mode 100644 2024/CVE-2024-54846.md create mode 100644 2024/CVE-2024-54847.md create mode 100644 2024/CVE-2024-54848.md create mode 100644 2024/CVE-2024-54849.md create mode 100644 2024/CVE-2024-54851.md create mode 100644 2024/CVE-2024-54852.md create mode 100644 2024/CVE-2024-5487.md create mode 100644 2024/CVE-2024-54879.md create mode 100644 2024/CVE-2024-54880.md create mode 100644 2024/CVE-2024-54887.md create mode 100644 2024/CVE-2024-54910.md create mode 100644 2024/CVE-2024-54916.md create mode 100644 2024/CVE-2024-5493.md create mode 100644 2024/CVE-2024-54951.md create mode 100644 2024/CVE-2024-54954.md create mode 100644 2024/CVE-2024-54957.md create mode 100644 2024/CVE-2024-54958.md create mode 100644 2024/CVE-2024-54959.md create mode 100644 2024/CVE-2024-54960.md create mode 100644 2024/CVE-2024-54961.md create mode 100644 2024/CVE-2024-54994.md create mode 100644 2024/CVE-2024-54996.md create mode 100644 2024/CVE-2024-54997.md create mode 100644 2024/CVE-2024-54998.md create mode 100644 2024/CVE-2024-54999.md create mode 100644 2024/CVE-2024-55009.md create mode 100644 2024/CVE-2024-55060.md create mode 100644 2024/CVE-2024-55062.md create mode 100644 2024/CVE-2024-55063.md create mode 100644 2024/CVE-2024-55064.md create mode 100644 2024/CVE-2024-55074.md create mode 100644 2024/CVE-2024-55075.md create mode 100644 2024/CVE-2024-55076.md create mode 100644 2024/CVE-2024-55099.md create mode 100644 2024/CVE-2024-55186.md create mode 100644 2024/CVE-2024-55199.md create mode 100644 2024/CVE-2024-55210.md create mode 100644 2024/CVE-2024-55211.md create mode 100644 2024/CVE-2024-55215.md create mode 100644 2024/CVE-2024-55218.md create mode 100644 2024/CVE-2024-5527.md create mode 100644 2024/CVE-2024-55354.md create mode 100644 2024/CVE-2024-55415.md create mode 100644 2024/CVE-2024-55416.md create mode 100644 2024/CVE-2024-55417.md create mode 100644 2024/CVE-2024-55451.md create mode 100644 2024/CVE-2024-55452.md create mode 100644 2024/CVE-2024-55456.md create mode 100644 2024/CVE-2024-55457.md create mode 100644 2024/CVE-2024-55459.md create mode 100644 2024/CVE-2024-55466.md create mode 100644 2024/CVE-2024-55488.md create mode 100644 2024/CVE-2024-55492.md create mode 100644 2024/CVE-2024-55503.md create mode 100644 2024/CVE-2024-55504.md create mode 100644 2024/CVE-2024-55511.md create mode 100644 2024/CVE-2024-55544.md create mode 100644 2024/CVE-2024-55545.md create mode 100644 2024/CVE-2024-55546.md create mode 100644 2024/CVE-2024-55547.md create mode 100644 2024/CVE-2024-55548.md create mode 100644 2024/CVE-2024-55549.md create mode 100644 2024/CVE-2024-55550.md create mode 100644 2024/CVE-2024-55555.md create mode 100644 2024/CVE-2024-55556.md create mode 100644 2024/CVE-2024-55557.md create mode 100644 2024/CVE-2024-55563.md create mode 100644 2024/CVE-2024-55565.md create mode 100644 2024/CVE-2024-55569.md create mode 100644 2024/CVE-2024-5557.md create mode 100644 2024/CVE-2024-55570.md create mode 100644 2024/CVE-2024-55587.md create mode 100644 2024/CVE-2024-55591.md create mode 100644 2024/CVE-2024-5561.md create mode 100644 2024/CVE-2024-55628.md create mode 100644 2024/CVE-2024-55639.md create mode 100644 2024/CVE-2024-55641.md create mode 100644 2024/CVE-2024-55655.md create mode 100644 2024/CVE-2024-55656.md create mode 100644 2024/CVE-2024-55663.md create mode 100644 2024/CVE-2024-5567.md create mode 100644 2024/CVE-2024-5569.md create mode 100644 2024/CVE-2024-5578.md create mode 100644 2024/CVE-2024-55875.md create mode 100644 2024/CVE-2024-55881.md create mode 100644 2024/CVE-2024-55884.md create mode 100644 2024/CVE-2024-55889.md create mode 100644 2024/CVE-2024-55890.md create mode 100644 2024/CVE-2024-55916.md create mode 100644 2024/CVE-2024-55925.md create mode 100644 2024/CVE-2024-55926.md create mode 100644 2024/CVE-2024-55927.md create mode 100644 2024/CVE-2024-55928.md create mode 100644 2024/CVE-2024-55929.md create mode 100644 2024/CVE-2024-55930.md create mode 100644 2024/CVE-2024-55931.md create mode 100644 2024/CVE-2024-55956.md create mode 100644 2024/CVE-2024-55963.md create mode 100644 2024/CVE-2024-55965.md create mode 100644 2024/CVE-2024-55968.md create mode 100644 2024/CVE-2024-55972.md create mode 100644 2024/CVE-2024-55976.md create mode 100644 2024/CVE-2024-55978.md create mode 100644 2024/CVE-2024-55980.md create mode 100644 2024/CVE-2024-55981.md create mode 100644 2024/CVE-2024-55982.md create mode 100644 2024/CVE-2024-55988.md create mode 100644 2024/CVE-2024-56058.md create mode 100644 2024/CVE-2024-56059.md create mode 100644 2024/CVE-2024-56064.md create mode 100644 2024/CVE-2024-56067.md create mode 100644 2024/CVE-2024-56071.md create mode 100644 2024/CVE-2024-56084.md create mode 100644 2024/CVE-2024-56085.md create mode 100644 2024/CVE-2024-56086.md create mode 100644 2024/CVE-2024-56087.md create mode 100644 2024/CVE-2024-56113.md create mode 100644 2024/CVE-2024-56115.md create mode 100644 2024/CVE-2024-56116.md create mode 100644 2024/CVE-2024-5612.md create mode 100644 2024/CVE-2024-56128.md create mode 100644 2024/CVE-2024-56140.md create mode 100644 2024/CVE-2024-56145.md create mode 100644 2024/CVE-2024-56159.md create mode 100644 2024/CVE-2024-56161.md create mode 100644 2024/CVE-2024-56171.md create mode 100644 2024/CVE-2024-56173.md create mode 100644 2024/CVE-2024-56174.md create mode 100644 2024/CVE-2024-56175.md create mode 100644 2024/CVE-2024-56180.md create mode 100644 2024/CVE-2024-56199.md create mode 100644 2024/CVE-2024-56201.md create mode 100644 2024/CVE-2024-56249.md create mode 100644 2024/CVE-2024-56264.md create mode 100644 2024/CVE-2024-56278.md create mode 100644 2024/CVE-2024-56289.md create mode 100644 2024/CVE-2024-56326.md create mode 100644 2024/CVE-2024-56327.md create mode 100644 2024/CVE-2024-56331.md create mode 100644 2024/CVE-2024-56337.md create mode 100644 2024/CVE-2024-56340.md create mode 100644 2024/CVE-2024-56341.md create mode 100644 2024/CVE-2024-56353.md create mode 100644 2024/CVE-2024-56363.md create mode 100644 2024/CVE-2024-56374.md create mode 100644 2024/CVE-2024-56406.md create mode 100644 2024/CVE-2024-56428.md create mode 100644 2024/CVE-2024-56429.md create mode 100644 2024/CVE-2024-56431.md create mode 100644 2024/CVE-2024-56433.md create mode 100644 2024/CVE-2024-56477.md create mode 100644 2024/CVE-2024-56512.md create mode 100644 2024/CVE-2024-56513.md create mode 100644 2024/CVE-2024-56528.md create mode 100644 2024/CVE-2024-56536.md create mode 100644 2024/CVE-2024-56537.md create mode 100644 2024/CVE-2024-56538.md create mode 100644 2024/CVE-2024-56539.md create mode 100644 2024/CVE-2024-56540.md create mode 100644 2024/CVE-2024-56541.md create mode 100644 2024/CVE-2024-56542.md create mode 100644 2024/CVE-2024-56543.md create mode 100644 2024/CVE-2024-56544.md create mode 100644 2024/CVE-2024-56545.md create mode 100644 2024/CVE-2024-56546.md create mode 100644 2024/CVE-2024-56547.md create mode 100644 2024/CVE-2024-56548.md create mode 100644 2024/CVE-2024-56549.md create mode 100644 2024/CVE-2024-56550.md create mode 100644 2024/CVE-2024-56551.md create mode 100644 2024/CVE-2024-56552.md create mode 100644 2024/CVE-2024-56553.md create mode 100644 2024/CVE-2024-56554.md create mode 100644 2024/CVE-2024-56555.md create mode 100644 2024/CVE-2024-56556.md create mode 100644 2024/CVE-2024-56557.md create mode 100644 2024/CVE-2024-56558.md create mode 100644 2024/CVE-2024-56559.md create mode 100644 2024/CVE-2024-56560.md create mode 100644 2024/CVE-2024-56561.md create mode 100644 2024/CVE-2024-56562.md create mode 100644 2024/CVE-2024-56563.md create mode 100644 2024/CVE-2024-56564.md create mode 100644 2024/CVE-2024-56565.md create mode 100644 2024/CVE-2024-56566.md create mode 100644 2024/CVE-2024-56567.md create mode 100644 2024/CVE-2024-56568.md create mode 100644 2024/CVE-2024-56569.md create mode 100644 2024/CVE-2024-56570.md create mode 100644 2024/CVE-2024-56571.md create mode 100644 2024/CVE-2024-56572.md create mode 100644 2024/CVE-2024-56573.md create mode 100644 2024/CVE-2024-56574.md create mode 100644 2024/CVE-2024-56575.md create mode 100644 2024/CVE-2024-56576.md create mode 100644 2024/CVE-2024-56577.md create mode 100644 2024/CVE-2024-56578.md create mode 100644 2024/CVE-2024-56579.md create mode 100644 2024/CVE-2024-56580.md create mode 100644 2024/CVE-2024-56581.md create mode 100644 2024/CVE-2024-56582.md create mode 100644 2024/CVE-2024-56583.md create mode 100644 2024/CVE-2024-56584.md create mode 100644 2024/CVE-2024-56585.md create mode 100644 2024/CVE-2024-56586.md create mode 100644 2024/CVE-2024-56587.md create mode 100644 2024/CVE-2024-56588.md create mode 100644 2024/CVE-2024-56589.md create mode 100644 2024/CVE-2024-56590.md create mode 100644 2024/CVE-2024-56591.md create mode 100644 2024/CVE-2024-56592.md create mode 100644 2024/CVE-2024-56593.md create mode 100644 2024/CVE-2024-56594.md create mode 100644 2024/CVE-2024-56595.md create mode 100644 2024/CVE-2024-56596.md create mode 100644 2024/CVE-2024-56597.md create mode 100644 2024/CVE-2024-56598.md create mode 100644 2024/CVE-2024-56599.md create mode 100644 2024/CVE-2024-56600.md create mode 100644 2024/CVE-2024-56601.md create mode 100644 2024/CVE-2024-56602.md create mode 100644 2024/CVE-2024-56603.md create mode 100644 2024/CVE-2024-56604.md create mode 100644 2024/CVE-2024-56605.md create mode 100644 2024/CVE-2024-56606.md create mode 100644 2024/CVE-2024-56607.md create mode 100644 2024/CVE-2024-56608.md create mode 100644 2024/CVE-2024-56609.md create mode 100644 2024/CVE-2024-56610.md create mode 100644 2024/CVE-2024-56611.md create mode 100644 2024/CVE-2024-56612.md create mode 100644 2024/CVE-2024-56613.md create mode 100644 2024/CVE-2024-56614.md create mode 100644 2024/CVE-2024-56615.md create mode 100644 2024/CVE-2024-56616.md create mode 100644 2024/CVE-2024-56617.md create mode 100644 2024/CVE-2024-56618.md create mode 100644 2024/CVE-2024-56619.md create mode 100644 2024/CVE-2024-56620.md create mode 100644 2024/CVE-2024-56621.md create mode 100644 2024/CVE-2024-56622.md create mode 100644 2024/CVE-2024-56623.md create mode 100644 2024/CVE-2024-56624.md create mode 100644 2024/CVE-2024-56625.md create mode 100644 2024/CVE-2024-56626.md create mode 100644 2024/CVE-2024-56627.md create mode 100644 2024/CVE-2024-56628.md create mode 100644 2024/CVE-2024-56629.md create mode 100644 2024/CVE-2024-56630.md create mode 100644 2024/CVE-2024-56631.md create mode 100644 2024/CVE-2024-56632.md create mode 100644 2024/CVE-2024-56633.md create mode 100644 2024/CVE-2024-56634.md create mode 100644 2024/CVE-2024-56635.md create mode 100644 2024/CVE-2024-56636.md create mode 100644 2024/CVE-2024-56637.md create mode 100644 2024/CVE-2024-56638.md create mode 100644 2024/CVE-2024-56639.md create mode 100644 2024/CVE-2024-56640.md create mode 100644 2024/CVE-2024-56641.md create mode 100644 2024/CVE-2024-56642.md create mode 100644 2024/CVE-2024-56643.md create mode 100644 2024/CVE-2024-56644.md create mode 100644 2024/CVE-2024-56645.md create mode 100644 2024/CVE-2024-56646.md create mode 100644 2024/CVE-2024-56647.md create mode 100644 2024/CVE-2024-56648.md create mode 100644 2024/CVE-2024-56649.md create mode 100644 2024/CVE-2024-56650.md create mode 100644 2024/CVE-2024-56651.md create mode 100644 2024/CVE-2024-56652.md create mode 100644 2024/CVE-2024-56653.md create mode 100644 2024/CVE-2024-56654.md create mode 100644 2024/CVE-2024-56655.md create mode 100644 2024/CVE-2024-56656.md create mode 100644 2024/CVE-2024-56657.md create mode 100644 2024/CVE-2024-56658.md create mode 100644 2024/CVE-2024-56659.md create mode 100644 2024/CVE-2024-56660.md create mode 100644 2024/CVE-2024-56661.md create mode 100644 2024/CVE-2024-56662.md create mode 100644 2024/CVE-2024-56663.md create mode 100644 2024/CVE-2024-56664.md create mode 100644 2024/CVE-2024-56665.md create mode 100644 2024/CVE-2024-56666.md create mode 100644 2024/CVE-2024-56667.md create mode 100644 2024/CVE-2024-56668.md create mode 100644 2024/CVE-2024-56669.md create mode 100644 2024/CVE-2024-56670.md create mode 100644 2024/CVE-2024-56671.md create mode 100644 2024/CVE-2024-56672.md create mode 100644 2024/CVE-2024-56673.md create mode 100644 2024/CVE-2024-56674.md create mode 100644 2024/CVE-2024-56675.md create mode 100644 2024/CVE-2024-56676.md create mode 100644 2024/CVE-2024-56677.md create mode 100644 2024/CVE-2024-56678.md create mode 100644 2024/CVE-2024-56679.md create mode 100644 2024/CVE-2024-56680.md create mode 100644 2024/CVE-2024-56681.md create mode 100644 2024/CVE-2024-56682.md create mode 100644 2024/CVE-2024-56683.md create mode 100644 2024/CVE-2024-56684.md create mode 100644 2024/CVE-2024-56685.md create mode 100644 2024/CVE-2024-56686.md create mode 100644 2024/CVE-2024-56687.md create mode 100644 2024/CVE-2024-56688.md create mode 100644 2024/CVE-2024-56689.md create mode 100644 2024/CVE-2024-56690.md create mode 100644 2024/CVE-2024-56691.md create mode 100644 2024/CVE-2024-56692.md create mode 100644 2024/CVE-2024-56693.md create mode 100644 2024/CVE-2024-56694.md create mode 100644 2024/CVE-2024-56695.md create mode 100644 2024/CVE-2024-56696.md create mode 100644 2024/CVE-2024-56697.md create mode 100644 2024/CVE-2024-56698.md create mode 100644 2024/CVE-2024-56699.md create mode 100644 2024/CVE-2024-56700.md create mode 100644 2024/CVE-2024-56701.md create mode 100644 2024/CVE-2024-56702.md create mode 100644 2024/CVE-2024-56703.md create mode 100644 2024/CVE-2024-56704.md create mode 100644 2024/CVE-2024-56705.md create mode 100644 2024/CVE-2024-56706.md create mode 100644 2024/CVE-2024-56707.md create mode 100644 2024/CVE-2024-56708.md create mode 100644 2024/CVE-2024-56709.md create mode 100644 2024/CVE-2024-56710.md create mode 100644 2024/CVE-2024-56711.md create mode 100644 2024/CVE-2024-56712.md create mode 100644 2024/CVE-2024-56713.md create mode 100644 2024/CVE-2024-56714.md create mode 100644 2024/CVE-2024-56715.md create mode 100644 2024/CVE-2024-56716.md create mode 100644 2024/CVE-2024-56717.md create mode 100644 2024/CVE-2024-56718.md create mode 100644 2024/CVE-2024-56719.md create mode 100644 2024/CVE-2024-56720.md create mode 100644 2024/CVE-2024-56721.md create mode 100644 2024/CVE-2024-56722.md create mode 100644 2024/CVE-2024-56723.md create mode 100644 2024/CVE-2024-56724.md create mode 100644 2024/CVE-2024-56725.md create mode 100644 2024/CVE-2024-56726.md create mode 100644 2024/CVE-2024-56727.md create mode 100644 2024/CVE-2024-56728.md create mode 100644 2024/CVE-2024-56729.md create mode 100644 2024/CVE-2024-56730.md create mode 100644 2024/CVE-2024-56741.md create mode 100644 2024/CVE-2024-56744.md create mode 100644 2024/CVE-2024-56751.md create mode 100644 2024/CVE-2024-56753.md create mode 100644 2024/CVE-2024-56754.md create mode 100644 2024/CVE-2024-56755.md create mode 100644 2024/CVE-2024-56756.md create mode 100644 2024/CVE-2024-56758.md create mode 100644 2024/CVE-2024-56759.md create mode 100644 2024/CVE-2024-56760.md create mode 100644 2024/CVE-2024-56761.md create mode 100644 2024/CVE-2024-56763.md create mode 100644 2024/CVE-2024-56764.md create mode 100644 2024/CVE-2024-56767.md create mode 100644 2024/CVE-2024-56769.md create mode 100644 2024/CVE-2024-56770.md create mode 100644 2024/CVE-2024-56775.md create mode 100644 2024/CVE-2024-56784.md create mode 100644 2024/CVE-2024-56801.md create mode 100644 2024/CVE-2024-5681.md create mode 100644 2024/CVE-2024-56827.md create mode 100644 2024/CVE-2024-56829.md create mode 100644 2024/CVE-2024-56882.md create mode 100644 2024/CVE-2024-56883.md create mode 100644 2024/CVE-2024-56889.md create mode 100644 2024/CVE-2024-5689.md create mode 100644 2024/CVE-2024-56897.md create mode 100644 2024/CVE-2024-56898.md create mode 100644 2024/CVE-2024-5690.md create mode 100644 2024/CVE-2024-56901.md create mode 100644 2024/CVE-2024-56902.md create mode 100644 2024/CVE-2024-56903.md create mode 100644 2024/CVE-2024-5692.md create mode 100644 2024/CVE-2024-56924.md create mode 100644 2024/CVE-2024-5693.md create mode 100644 2024/CVE-2024-56990.md create mode 100644 2024/CVE-2024-56997.md create mode 100644 2024/CVE-2024-56998.md create mode 100644 2024/CVE-2024-57000.md create mode 100644 2024/CVE-2024-57026.md create mode 100644 2024/CVE-2024-57030.md create mode 100644 2024/CVE-2024-57031.md create mode 100644 2024/CVE-2024-57032.md create mode 100644 2024/CVE-2024-57033.md create mode 100644 2024/CVE-2024-57034.md create mode 100644 2024/CVE-2024-57035.md create mode 100644 2024/CVE-2024-57040.md create mode 100644 2024/CVE-2024-5705.md create mode 100644 2024/CVE-2024-5706.md create mode 100644 2024/CVE-2024-57061.md create mode 100644 2024/CVE-2024-57062.md create mode 100644 2024/CVE-2024-5716.md create mode 100644 2024/CVE-2024-57169.md create mode 100644 2024/CVE-2024-5717.md create mode 100644 2024/CVE-2024-57170.md create mode 100644 2024/CVE-2024-57174.md create mode 100644 2024/CVE-2024-57175.md create mode 100644 2024/CVE-2024-5718.md create mode 100644 2024/CVE-2024-5719.md create mode 100644 2024/CVE-2024-5720.md create mode 100644 2024/CVE-2024-5721.md create mode 100644 2024/CVE-2024-5722.md create mode 100644 2024/CVE-2024-57237.md create mode 100644 2024/CVE-2024-57238.md create mode 100644 2024/CVE-2024-57241.md create mode 100644 2024/CVE-2024-57273.md create mode 100644 2024/CVE-2024-57276.md create mode 100644 2024/CVE-2024-57277.md create mode 100644 2024/CVE-2024-57357.md create mode 100644 2024/CVE-2024-57360.md create mode 100644 2024/CVE-2024-57373.md create mode 100644 2024/CVE-2024-57376.md create mode 100644 2024/CVE-2024-57378.md create mode 100644 2024/CVE-2024-57394.md create mode 100644 2024/CVE-2024-57395.md create mode 100644 2024/CVE-2024-57401.md create mode 100644 2024/CVE-2024-5742.md create mode 100644 2024/CVE-2024-57427.md create mode 100644 2024/CVE-2024-57428.md create mode 100644 2024/CVE-2024-57429.md create mode 100644 2024/CVE-2024-57430.md create mode 100644 2024/CVE-2024-57440.md create mode 100644 2024/CVE-2024-57450.md create mode 100644 2024/CVE-2024-57451.md create mode 100644 2024/CVE-2024-57452.md create mode 100644 2024/CVE-2024-57487.md create mode 100644 2024/CVE-2024-57488.md create mode 100644 2024/CVE-2024-57492.md create mode 100644 2024/CVE-2024-57493.md create mode 100644 2024/CVE-2024-57514.md create mode 100644 2024/CVE-2024-57522.md create mode 100644 2024/CVE-2024-57523.md create mode 100644 2024/CVE-2024-57546.md create mode 100644 2024/CVE-2024-57547.md create mode 100644 2024/CVE-2024-57548.md create mode 100644 2024/CVE-2024-57549.md create mode 100644 2024/CVE-2024-5757.md create mode 100644 2024/CVE-2024-57587.md create mode 100644 2024/CVE-2024-57601.md create mode 100644 2024/CVE-2024-57602.md create mode 100644 2024/CVE-2024-57603.md create mode 100644 2024/CVE-2024-57604.md create mode 100644 2024/CVE-2024-57605.md create mode 100644 2024/CVE-2024-57608.md create mode 100644 2024/CVE-2024-57609.md create mode 100644 2024/CVE-2024-57610.md create mode 100644 2024/CVE-2024-5764.md create mode 100644 2024/CVE-2024-57698.md create mode 100644 2024/CVE-2024-57699.md create mode 100644 2024/CVE-2024-57703.md create mode 100644 2024/CVE-2024-57725.md create mode 100644 2024/CVE-2024-57726.md create mode 100644 2024/CVE-2024-57727.md create mode 100644 2024/CVE-2024-57728.md create mode 100644 2024/CVE-2024-57757.md create mode 100644 2024/CVE-2024-57761.md create mode 100644 2024/CVE-2024-57764.md create mode 100644 2024/CVE-2024-57766.md create mode 100644 2024/CVE-2024-57770.md create mode 100644 2024/CVE-2024-57773.md create mode 100644 2024/CVE-2024-57774.md create mode 100644 2024/CVE-2024-57778.md create mode 100644 2024/CVE-2024-57784.md create mode 100644 2024/CVE-2024-57785.md create mode 100644 2024/CVE-2024-57790.md create mode 100644 2024/CVE-2024-57791.md create mode 100644 2024/CVE-2024-57801.md create mode 100644 2024/CVE-2024-57802.md create mode 100644 2024/CVE-2024-57804.md create mode 100644 2024/CVE-2024-57822.md create mode 100644 2024/CVE-2024-57823.md create mode 100644 2024/CVE-2024-57841.md create mode 100644 2024/CVE-2024-57876.md create mode 100644 2024/CVE-2024-57879.md create mode 100644 2024/CVE-2024-57882.md create mode 100644 2024/CVE-2024-57883.md create mode 100644 2024/CVE-2024-57884.md create mode 100644 2024/CVE-2024-57885.md create mode 100644 2024/CVE-2024-57887.md create mode 100644 2024/CVE-2024-57888.md create mode 100644 2024/CVE-2024-57889.md create mode 100644 2024/CVE-2024-57890.md create mode 100644 2024/CVE-2024-57892.md create mode 100644 2024/CVE-2024-57893.md create mode 100644 2024/CVE-2024-57895.md create mode 100644 2024/CVE-2024-57896.md create mode 100644 2024/CVE-2024-57897.md create mode 100644 2024/CVE-2024-57898.md create mode 100644 2024/CVE-2024-57899.md create mode 100644 2024/CVE-2024-57900.md create mode 100644 2024/CVE-2024-57901.md create mode 100644 2024/CVE-2024-57902.md create mode 100644 2024/CVE-2024-57903.md create mode 100644 2024/CVE-2024-57904.md create mode 100644 2024/CVE-2024-57906.md create mode 100644 2024/CVE-2024-57907.md create mode 100644 2024/CVE-2024-57908.md create mode 100644 2024/CVE-2024-57910.md create mode 100644 2024/CVE-2024-57911.md create mode 100644 2024/CVE-2024-57912.md create mode 100644 2024/CVE-2024-57913.md create mode 100644 2024/CVE-2024-57917.md create mode 100644 2024/CVE-2024-5792.md create mode 100644 2024/CVE-2024-57924.md create mode 100644 2024/CVE-2024-57925.md create mode 100644 2024/CVE-2024-57926.md create mode 100644 2024/CVE-2024-57929.md create mode 100644 2024/CVE-2024-5793.md create mode 100644 2024/CVE-2024-57931.md create mode 100644 2024/CVE-2024-57932.md create mode 100644 2024/CVE-2024-57933.md create mode 100644 2024/CVE-2024-57938.md create mode 100644 2024/CVE-2024-57939.md create mode 100644 2024/CVE-2024-57940.md create mode 100644 2024/CVE-2024-57945.md create mode 100644 2024/CVE-2024-57946.md create mode 100644 2024/CVE-2024-57963.md create mode 100644 2024/CVE-2024-57964.md create mode 100644 2024/CVE-2024-57965.md create mode 100644 2024/CVE-2024-57968.md create mode 100644 2024/CVE-2024-57972.md create mode 100644 2024/CVE-2024-5799.md create mode 100644 2024/CVE-2024-5803.md create mode 100644 2024/CVE-2024-58087.md create mode 100644 2024/CVE-2024-58101.md create mode 100644 2024/CVE-2024-58103.md create mode 100644 2024/CVE-2024-58136.md create mode 100644 2024/CVE-2024-58237.md create mode 100644 2024/CVE-2024-58251.md create mode 100644 2024/CVE-2024-5827.md create mode 100644 2024/CVE-2024-5830.md create mode 100644 2024/CVE-2024-5834.md create mode 100644 2024/CVE-2024-5835.md create mode 100644 2024/CVE-2024-5836.md create mode 100644 2024/CVE-2024-5837.md create mode 100644 2024/CVE-2024-5838.md create mode 100644 2024/CVE-2024-5909.md create mode 100644 2024/CVE-2024-5910.md create mode 100644 2024/CVE-2024-5921.md create mode 100644 2024/CVE-2024-5967.md create mode 100644 2024/CVE-2024-5968.md create mode 100644 2024/CVE-2024-6017.md create mode 100644 2024/CVE-2024-6018.md create mode 100644 2024/CVE-2024-6019.md create mode 100644 2024/CVE-2024-6020.md create mode 100644 2024/CVE-2024-6047.md create mode 100644 2024/CVE-2024-6049.md create mode 100644 2024/CVE-2024-6055.md create mode 100644 2024/CVE-2024-6057.md create mode 100644 2024/CVE-2024-6091.md create mode 100644 2024/CVE-2024-6101.md create mode 100644 2024/CVE-2024-6104.md create mode 100644 2024/CVE-2024-6119.md create mode 100644 2024/CVE-2024-6132.md create mode 100644 2024/CVE-2024-6159.md create mode 100644 2024/CVE-2024-6232.md create mode 100644 2024/CVE-2024-6235.md create mode 100644 2024/CVE-2024-6239.md create mode 100644 2024/CVE-2024-6257.md create mode 100644 2024/CVE-2024-6259.md create mode 100644 2024/CVE-2024-6274.md create mode 100644 2024/CVE-2024-6291.md create mode 100644 2024/CVE-2024-6327.md create mode 100644 2024/CVE-2024-6335.md create mode 100644 2024/CVE-2024-6342.md create mode 100644 2024/CVE-2024-6343.md create mode 100644 2024/CVE-2024-6345.md create mode 100644 2024/CVE-2024-6354.md create mode 100644 2024/CVE-2024-6393.md create mode 100644 2024/CVE-2024-6411.md create mode 100644 2024/CVE-2024-6462.md create mode 100644 2024/CVE-2024-6473.md create mode 100644 2024/CVE-2024-6478.md create mode 100644 2024/CVE-2024-6486.md create mode 100644 2024/CVE-2024-6492.md create mode 100644 2024/CVE-2024-6493.md create mode 100644 2024/CVE-2024-6512.md create mode 100644 2024/CVE-2024-6517.md create mode 100644 2024/CVE-2024-6539.md create mode 100644 2024/CVE-2024-6577.md create mode 100644 2024/CVE-2024-6584.md create mode 100644 2024/CVE-2024-6592.md create mode 100644 2024/CVE-2024-6593.md create mode 100644 2024/CVE-2024-6594.md create mode 100644 2024/CVE-2024-6600.md create mode 100644 2024/CVE-2024-6602.md create mode 100644 2024/CVE-2024-6605.md create mode 100644 2024/CVE-2024-6606.md create mode 100644 2024/CVE-2024-6607.md create mode 100644 2024/CVE-2024-6611.md create mode 100644 2024/CVE-2024-6612.md create mode 100644 2024/CVE-2024-6613.md create mode 100644 2024/CVE-2024-6614.md create mode 100644 2024/CVE-2024-6617.md create mode 100644 2024/CVE-2024-6620.md create mode 100644 2024/CVE-2024-6624.md create mode 100644 2024/CVE-2024-6648.md create mode 100644 2024/CVE-2024-6655.md create mode 100644 2024/CVE-2024-6665.md create mode 100644 2024/CVE-2024-6667.md create mode 100644 2024/CVE-2024-6668.md create mode 100644 2024/CVE-2024-6690.md create mode 100644 2024/CVE-2024-6693.md create mode 100644 2024/CVE-2024-6696.md create mode 100644 2024/CVE-2024-6697.md create mode 100644 2024/CVE-2024-6704.md create mode 100644 2024/CVE-2024-6708.md create mode 100644 2024/CVE-2024-6711.md create mode 100644 2024/CVE-2024-6712.md create mode 100644 2024/CVE-2024-6713.md create mode 100644 2024/CVE-2024-6718.md create mode 100644 2024/CVE-2024-6719.md create mode 100644 2024/CVE-2024-6722.md create mode 100644 2024/CVE-2024-6723.md create mode 100644 2024/CVE-2024-6726.md create mode 100644 2024/CVE-2024-6727.md create mode 100644 2024/CVE-2024-6730.md create mode 100644 2024/CVE-2024-6736.md create mode 100644 2024/CVE-2024-6748.md create mode 100644 2024/CVE-2024-6763.md create mode 100644 2024/CVE-2024-6769.md create mode 100644 2024/CVE-2024-6772.md create mode 100644 2024/CVE-2024-6774.md create mode 100644 2024/CVE-2024-6775.md create mode 100644 2024/CVE-2024-6776.md create mode 100644 2024/CVE-2024-6777.md create mode 100644 2024/CVE-2024-6778.md create mode 100644 2024/CVE-2024-6792.md create mode 100644 2024/CVE-2024-6797.md create mode 100644 2024/CVE-2024-6798.md create mode 100644 2024/CVE-2024-6809.md create mode 100644 2024/CVE-2024-6842.md create mode 100644 2024/CVE-2024-6845.md create mode 100644 2024/CVE-2024-6846.md create mode 100644 2024/CVE-2024-6850.md create mode 100644 2024/CVE-2024-6852.md create mode 100644 2024/CVE-2024-6853.md create mode 100644 2024/CVE-2024-6855.md create mode 100644 2024/CVE-2024-6856.md create mode 100644 2024/CVE-2024-6857.md create mode 100644 2024/CVE-2024-6859.md create mode 100644 2024/CVE-2024-6860.md create mode 100644 2024/CVE-2024-6873.md create mode 100644 2024/CVE-2024-6886.md create mode 100644 2024/CVE-2024-6887.md create mode 100644 2024/CVE-2024-6888.md create mode 100644 2024/CVE-2024-6889.md create mode 100644 2024/CVE-2024-6894.md create mode 100644 2024/CVE-2024-6910.md create mode 100644 2024/CVE-2024-6914.md create mode 100644 2024/CVE-2024-6924.md create mode 100644 2024/CVE-2024-6925.md create mode 100644 2024/CVE-2024-6926.md create mode 100644 2024/CVE-2024-6928.md create mode 100644 2024/CVE-2024-6931.md create mode 100644 2024/CVE-2024-6944.md create mode 100644 2024/CVE-2024-6978.md create mode 100644 2024/CVE-2024-6986.md create mode 100644 2024/CVE-2024-6989.md create mode 100644 2024/CVE-2024-6994.md create mode 100644 2024/CVE-2024-6995.md create mode 100644 2024/CVE-2024-7004.md create mode 100644 2024/CVE-2024-7014.md create mode 100644 2024/CVE-2024-7018.md create mode 100644 2024/CVE-2024-7019.md create mode 100644 2024/CVE-2024-7020.md create mode 100644 2024/CVE-2024-7022.md create mode 100644 2024/CVE-2024-7023.md create mode 100644 2024/CVE-2024-7024.md create mode 100644 2024/CVE-2024-7052.md create mode 100644 2024/CVE-2024-7056.md create mode 100644 2024/CVE-2024-7059.md create mode 100644 2024/CVE-2024-7124.md create mode 100644 2024/CVE-2024-7129.md create mode 100644 2024/CVE-2024-7133.md create mode 100644 2024/CVE-2024-7135.md create mode 100644 2024/CVE-2024-7141.md create mode 100644 2024/CVE-2024-7254.md create mode 100644 2024/CVE-2024-7256.md create mode 100644 2024/CVE-2024-7264.md create mode 100644 2024/CVE-2024-7315.md create mode 100644 2024/CVE-2024-7329.md create mode 100644 2024/CVE-2024-7330.md create mode 100644 2024/CVE-2024-7344.md create mode 100644 2024/CVE-2024-7354.md create mode 100644 2024/CVE-2024-7387.md create mode 100644 2024/CVE-2024-7389.md create mode 100644 2024/CVE-2024-7399.md create mode 100644 2024/CVE-2024-7401.md create mode 100644 2024/CVE-2024-7421.md create mode 100644 2024/CVE-2024-7456.md create mode 100644 2024/CVE-2024-7479.md create mode 100644 2024/CVE-2024-7481.md create mode 100644 2024/CVE-2024-7495.md create mode 100644 2024/CVE-2024-7514.md create mode 100644 2024/CVE-2024-7519.md create mode 100644 2024/CVE-2024-7556.md create mode 100644 2024/CVE-2024-7558.md create mode 100644 2024/CVE-2024-7569.md create mode 100644 2024/CVE-2024-7591.md create mode 100644 2024/CVE-2024-7595.md create mode 100644 2024/CVE-2024-7596.md create mode 100644 2024/CVE-2024-7598.md create mode 100644 2024/CVE-2024-7600.md create mode 100644 2024/CVE-2024-7601.md create mode 100644 2024/CVE-2024-7602.md create mode 100644 2024/CVE-2024-7603.md create mode 100644 2024/CVE-2024-7604.md create mode 100644 2024/CVE-2024-7627.md create mode 100644 2024/CVE-2024-7640.md create mode 100644 2024/CVE-2024-7652.md create mode 100644 2024/CVE-2024-7687.md create mode 100644 2024/CVE-2024-7688.md create mode 100644 2024/CVE-2024-7689.md create mode 100644 2024/CVE-2024-7690.md create mode 100644 2024/CVE-2024-7691.md create mode 100644 2024/CVE-2024-7692.md create mode 100644 2024/CVE-2024-7701.md create mode 100644 2024/CVE-2024-7713.md create mode 100644 2024/CVE-2024-7714.md create mode 100644 2024/CVE-2024-7716.md create mode 100644 2024/CVE-2024-7726.md create mode 100644 2024/CVE-2024-7758.md create mode 100644 2024/CVE-2024-7759.md create mode 100644 2024/CVE-2024-7761.md create mode 100644 2024/CVE-2024-7762.md create mode 100644 2024/CVE-2024-7766.md create mode 100644 2024/CVE-2024-7769.md create mode 100644 2024/CVE-2024-7772.md create mode 100644 2024/CVE-2024-7786.md create mode 100644 2024/CVE-2024-7806.md create mode 100644 2024/CVE-2024-7816.md create mode 100644 2024/CVE-2024-7817.md create mode 100644 2024/CVE-2024-7818.md create mode 100644 2024/CVE-2024-7820.md create mode 100644 2024/CVE-2024-7821.md create mode 100644 2024/CVE-2024-7822.md create mode 100644 2024/CVE-2024-7846.md create mode 100644 2024/CVE-2024-7859.md create mode 100644 2024/CVE-2024-7860.md create mode 100644 2024/CVE-2024-7861.md create mode 100644 2024/CVE-2024-7862.md create mode 100644 2024/CVE-2024-7863.md create mode 100644 2024/CVE-2024-7864.md create mode 100644 2024/CVE-2024-7869.md create mode 100644 2024/CVE-2024-7876.md create mode 100644 2024/CVE-2024-7877.md create mode 100644 2024/CVE-2024-7878.md create mode 100644 2024/CVE-2024-7879.md create mode 100644 2024/CVE-2024-7883.md create mode 100644 2024/CVE-2024-7885.md create mode 100644 2024/CVE-2024-7890.md create mode 100644 2024/CVE-2024-7891.md create mode 100644 2024/CVE-2024-7892.md create mode 100644 2024/CVE-2024-7916.md create mode 100644 2024/CVE-2024-7918.md create mode 100644 2024/CVE-2024-7955.md create mode 100644 2024/CVE-2024-7962.md create mode 100644 2024/CVE-2024-7982.md create mode 100644 2024/CVE-2024-7984.md create mode 100644 2024/CVE-2024-7985.md create mode 100644 2024/CVE-2024-8009.md create mode 100644 2024/CVE-2024-8027.md create mode 100644 2024/CVE-2024-8029.md create mode 100644 2024/CVE-2024-8031.md create mode 100644 2024/CVE-2024-8032.md create mode 100644 2024/CVE-2024-8043.md create mode 100644 2024/CVE-2024-8044.md create mode 100644 2024/CVE-2024-8047.md create mode 100644 2024/CVE-2024-8050.md create mode 100644 2024/CVE-2024-8051.md create mode 100644 2024/CVE-2024-8052.md create mode 100644 2024/CVE-2024-8054.md create mode 100644 2024/CVE-2024-8056.md create mode 100644 2024/CVE-2024-8067.md create mode 100644 2024/CVE-2024-8068.md create mode 100644 2024/CVE-2024-8069.md create mode 100644 2024/CVE-2024-8082.md create mode 100644 2024/CVE-2024-8085.md create mode 100644 2024/CVE-2024-8090.md create mode 100644 2024/CVE-2024-8091.md create mode 100644 2024/CVE-2024-8092.md create mode 100644 2024/CVE-2024-8093.md create mode 100644 2024/CVE-2024-8094.md create mode 100644 2024/CVE-2024-8095.md create mode 100644 2024/CVE-2024-8096.md create mode 100644 2024/CVE-2024-8107.md create mode 100644 2024/CVE-2024-8118.md create mode 100644 2024/CVE-2024-8124.md create mode 100644 2024/CVE-2024-8157.md create mode 100644 2024/CVE-2024-8159.md create mode 100644 2024/CVE-2024-8176.md create mode 100644 2024/CVE-2024-8187.md create mode 100644 2024/CVE-2024-8190.md create mode 100644 2024/CVE-2024-8208.md create mode 100644 2024/CVE-2024-8209.md create mode 100644 2024/CVE-2024-8216.md create mode 100644 2024/CVE-2024-8217.md create mode 100644 2024/CVE-2024-8224.md create mode 100644 2024/CVE-2024-8225.md create mode 100644 2024/CVE-2024-8226.md create mode 100644 2024/CVE-2024-8227.md create mode 100644 2024/CVE-2024-8228.md create mode 100644 2024/CVE-2024-8229.md create mode 100644 2024/CVE-2024-8230.md create mode 100644 2024/CVE-2024-8231.md create mode 100644 2024/CVE-2024-8232.md create mode 100644 2024/CVE-2024-8239.md create mode 100644 2024/CVE-2024-8243.md create mode 100644 2024/CVE-2024-8245.md create mode 100644 2024/CVE-2024-8275.md create mode 100644 2024/CVE-2024-8277.md create mode 100644 2024/CVE-2024-8283.md create mode 100644 2024/CVE-2024-8284.md create mode 100644 2024/CVE-2024-8286.md create mode 100644 2024/CVE-2024-8289.md create mode 100644 2024/CVE-2024-8309.md create mode 100644 2024/CVE-2024-8349.md create mode 100644 2024/CVE-2024-8350.md create mode 100644 2024/CVE-2024-8353.md create mode 100644 2024/CVE-2024-8362.md create mode 100644 2024/CVE-2024-8372.md create mode 100644 2024/CVE-2024-8373.md create mode 100644 2024/CVE-2024-8378.md create mode 100644 2024/CVE-2024-8379.md create mode 100644 2024/CVE-2024-8381.md create mode 100644 2024/CVE-2024-8383.md create mode 100644 2024/CVE-2024-8385.md create mode 100644 2024/CVE-2024-8386.md create mode 100644 2024/CVE-2024-8397.md create mode 100644 2024/CVE-2024-8398.md create mode 100644 2024/CVE-2024-8399.md create mode 100644 2024/CVE-2024-8404.md create mode 100644 2024/CVE-2024-8417.md create mode 100644 2024/CVE-2024-8418.md create mode 100644 2024/CVE-2024-8425.md create mode 100644 2024/CVE-2024-8426.md create mode 100644 2024/CVE-2024-8444.md create mode 100644 2024/CVE-2024-8451.md create mode 100644 2024/CVE-2024-8484.md create mode 100644 2024/CVE-2024-8492.md create mode 100644 2024/CVE-2024-8493.md create mode 100644 2024/CVE-2024-8503.md create mode 100644 2024/CVE-2024-8504.md create mode 100644 2024/CVE-2024-8517.md create mode 100644 2024/CVE-2024-8522.md create mode 100644 2024/CVE-2024-8529.md create mode 100644 2024/CVE-2024-8534.md create mode 100644 2024/CVE-2024-8536.md create mode 100644 2024/CVE-2024-8542.md create mode 100644 2024/CVE-2024-8554.md create mode 100644 2024/CVE-2024-8555.md create mode 100644 2024/CVE-2024-8565.md create mode 100644 2024/CVE-2024-8574.md create mode 100644 2024/CVE-2024-8576.md create mode 100644 2024/CVE-2024-8577.md create mode 100644 2024/CVE-2024-8578.md create mode 100644 2024/CVE-2024-8579.md create mode 100644 2024/CVE-2024-8580.md create mode 100644 2024/CVE-2024-8602.md create mode 100644 2024/CVE-2024-8617.md create mode 100644 2024/CVE-2024-8618.md create mode 100644 2024/CVE-2024-8619.md create mode 100644 2024/CVE-2024-8620.md create mode 100644 2024/CVE-2024-8625.md create mode 100644 2024/CVE-2024-8636.md create mode 100644 2024/CVE-2024-8637.md create mode 100644 2024/CVE-2024-8638.md create mode 100644 2024/CVE-2024-8670.md create mode 100644 2024/CVE-2024-8672.md create mode 100644 2024/CVE-2024-8673.md create mode 100644 2024/CVE-2024-8679.md create mode 100644 2024/CVE-2024-8682.md create mode 100644 2024/CVE-2024-8695.md create mode 100644 2024/CVE-2024-8696.md create mode 100644 2024/CVE-2024-8698.md create mode 100644 2024/CVE-2024-8699.md create mode 100644 2024/CVE-2024-8700.md create mode 100644 2024/CVE-2024-8701.md create mode 100644 2024/CVE-2024-8702.md create mode 100644 2024/CVE-2024-8703.md create mode 100644 2024/CVE-2024-8705.md create mode 100644 2024/CVE-2024-8707.md create mode 100644 2024/CVE-2024-8743.md create mode 100644 2024/CVE-2024-8749.md create mode 100644 2024/CVE-2024-8750.md create mode 100644 2024/CVE-2024-8751.md create mode 100644 2024/CVE-2024-8752.md create mode 100644 2024/CVE-2024-8758.md create mode 100644 2024/CVE-2024-8759.md create mode 100644 2024/CVE-2024-8773.md create mode 100644 2024/CVE-2024-8774.md create mode 100644 2024/CVE-2024-8781.md create mode 100644 2024/CVE-2024-8803.md create mode 100644 2024/CVE-2024-8804.md create mode 100644 2024/CVE-2024-8851.md create mode 100644 2024/CVE-2024-8854.md create mode 100644 2024/CVE-2024-8855.md create mode 100644 2024/CVE-2024-8856.md create mode 100644 2024/CVE-2024-8857.md create mode 100644 2024/CVE-2024-8867.md create mode 100644 2024/CVE-2024-8876.md create mode 100644 2024/CVE-2024-8877.md create mode 100644 2024/CVE-2024-8878.md create mode 100644 2024/CVE-2024-8883.md create mode 100644 2024/CVE-2024-8885.md create mode 100644 2024/CVE-2024-8888.md create mode 100644 2024/CVE-2024-8897.md create mode 100644 2024/CVE-2024-8902.md create mode 100644 2024/CVE-2024-8903.md create mode 100644 2024/CVE-2024-8904.md create mode 100644 2024/CVE-2024-8905.md create mode 100644 2024/CVE-2024-8907.md create mode 100644 2024/CVE-2024-8908.md create mode 100644 2024/CVE-2024-8909.md create mode 100644 2024/CVE-2024-8926.md create mode 100644 2024/CVE-2024-8945.md create mode 100644 2024/CVE-2024-8949.md create mode 100644 2024/CVE-2024-8951.md create mode 100644 2024/CVE-2024-8956.md create mode 100644 2024/CVE-2024-8957.md create mode 100644 2024/CVE-2024-8963.md create mode 100644 2024/CVE-2024-8966.md create mode 100644 2024/CVE-2024-8968.md create mode 100644 2024/CVE-2024-8983.md create mode 100644 2024/CVE-2024-9001.md create mode 100644 2024/CVE-2024-9006.md create mode 100644 2024/CVE-2024-9007.md create mode 100644 2024/CVE-2024-9009.md create mode 100644 2024/CVE-2024-9011.md create mode 100644 2024/CVE-2024-9014.md create mode 100644 2024/CVE-2024-9020.md create mode 100644 2024/CVE-2024-9021.md create mode 100644 2024/CVE-2024-9022.md create mode 100644 2024/CVE-2024-9026.md create mode 100644 2024/CVE-2024-9033.md create mode 100644 2024/CVE-2024-9034.md create mode 100644 2024/CVE-2024-9036.md create mode 100644 2024/CVE-2024-9037.md create mode 100644 2024/CVE-2024-9039.md create mode 100644 2024/CVE-2024-9041.md create mode 100644 2024/CVE-2024-9042.md create mode 100644 2024/CVE-2024-9047.md create mode 100644 2024/CVE-2024-9050.md create mode 100644 2024/CVE-2024-9052.md create mode 100644 2024/CVE-2024-9061.md create mode 100644 2024/CVE-2024-9077.md create mode 100644 2024/CVE-2024-9078.md create mode 100644 2024/CVE-2024-9079.md create mode 100644 2024/CVE-2024-9080.md create mode 100644 2024/CVE-2024-9084.md create mode 100644 2024/CVE-2024-9085.md create mode 100644 2024/CVE-2024-9086.md create mode 100644 2024/CVE-2024-9087.md create mode 100644 2024/CVE-2024-9091.md create mode 100644 2024/CVE-2024-9094.md create mode 100644 2024/CVE-2024-9101.md create mode 100644 2024/CVE-2024-9102.md create mode 100644 2024/CVE-2024-9106.md create mode 100644 2024/CVE-2024-9112.md create mode 100644 2024/CVE-2024-9113.md create mode 100644 2024/CVE-2024-9114.md create mode 100644 2024/CVE-2024-9122.md create mode 100644 2024/CVE-2024-9129.md create mode 100644 2024/CVE-2024-9130.md create mode 100644 2024/CVE-2024-9143.md create mode 100644 2024/CVE-2024-9145.md create mode 100644 2024/CVE-2024-9148.md create mode 100644 2024/CVE-2024-9154.md create mode 100644 2024/CVE-2024-9156.md create mode 100644 2024/CVE-2024-9157.md create mode 100644 2024/CVE-2024-9160.md create mode 100644 2024/CVE-2024-9162.md create mode 100644 2024/CVE-2024-9164.md create mode 100644 2024/CVE-2024-9166.md create mode 100644 2024/CVE-2024-9182.md create mode 100644 2024/CVE-2024-9186.md create mode 100644 2024/CVE-2024-9191.md create mode 100644 2024/CVE-2024-9203.md create mode 100644 2024/CVE-2024-9224.md create mode 100644 2024/CVE-2024-9227.md create mode 100644 2024/CVE-2024-9230.md create mode 100644 2024/CVE-2024-9233.md create mode 100644 2024/CVE-2024-9234.md create mode 100644 2024/CVE-2024-9236.md create mode 100644 2024/CVE-2024-9238.md create mode 100644 2024/CVE-2024-9257.md create mode 100644 2024/CVE-2024-9264.md create mode 100644 2024/CVE-2024-9266.md create mode 100644 2024/CVE-2024-9275.md create mode 100644 2024/CVE-2024-9278.md create mode 100644 2024/CVE-2024-9281.md create mode 100644 2024/CVE-2024-9282.md create mode 100644 2024/CVE-2024-9284.md create mode 100644 2024/CVE-2024-9287.md create mode 100644 2024/CVE-2024-9290.md create mode 100644 2024/CVE-2024-9294.md create mode 100644 2024/CVE-2024-9295.md create mode 100644 2024/CVE-2024-9296.md create mode 100644 2024/CVE-2024-9297.md create mode 100644 2024/CVE-2024-9298.md create mode 100644 2024/CVE-2024-9299.md create mode 100644 2024/CVE-2024-9300.md create mode 100644 2024/CVE-2024-9316.md create mode 100644 2024/CVE-2024-9318.md create mode 100644 2024/CVE-2024-9321.md create mode 100644 2024/CVE-2024-9326.md create mode 100644 2024/CVE-2024-9327.md create mode 100644 2024/CVE-2024-9328.md create mode 100644 2024/CVE-2024-9329.md create mode 100644 2024/CVE-2024-9348.md create mode 100644 2024/CVE-2024-9355.md create mode 100644 2024/CVE-2024-9359.md create mode 100644 2024/CVE-2024-9360.md create mode 100644 2024/CVE-2024-9374.md create mode 100644 2024/CVE-2024-9379.md create mode 100644 2024/CVE-2024-9390.md create mode 100644 2024/CVE-2024-9391.md create mode 100644 2024/CVE-2024-9396.md create mode 100644 2024/CVE-2024-9397.md create mode 100644 2024/CVE-2024-9398.md create mode 100644 2024/CVE-2024-9399.md create mode 100644 2024/CVE-2024-9422.md create mode 100644 2024/CVE-2024-9423.md create mode 100644 2024/CVE-2024-9428.md create mode 100644 2024/CVE-2024-9429.md create mode 100644 2024/CVE-2024-9440.md create mode 100644 2024/CVE-2024-9441.md create mode 100644 2024/CVE-2024-9450.md create mode 100644 2024/CVE-2024-9458.md create mode 100644 2024/CVE-2024-9463.md create mode 100644 2024/CVE-2024-9464.md create mode 100644 2024/CVE-2024-9465.md create mode 100644 2024/CVE-2024-9466.md create mode 100644 2024/CVE-2024-9473.md create mode 100644 2024/CVE-2024-9474.md create mode 100644 2024/CVE-2024-9476.md create mode 100644 2024/CVE-2024-9478.md create mode 100644 2024/CVE-2024-9479.md create mode 100644 2024/CVE-2024-9481.md create mode 100644 2024/CVE-2024-9482.md create mode 100644 2024/CVE-2024-9483.md create mode 100644 2024/CVE-2024-9484.md create mode 100644 2024/CVE-2024-9487.md create mode 100644 2024/CVE-2024-9488.md create mode 100644 2024/CVE-2024-9490.md create mode 100644 2024/CVE-2024-9491.md create mode 100644 2024/CVE-2024-9492.md create mode 100644 2024/CVE-2024-9493.md create mode 100644 2024/CVE-2024-9494.md create mode 100644 2024/CVE-2024-9495.md create mode 100644 2024/CVE-2024-9496.md create mode 100644 2024/CVE-2024-9497.md create mode 100644 2024/CVE-2024-9498.md create mode 100644 2024/CVE-2024-9499.md create mode 100644 2024/CVE-2024-9504.md create mode 100644 2024/CVE-2024-9506.md create mode 100644 2024/CVE-2024-9513.md create mode 100644 2024/CVE-2024-9514.md create mode 100644 2024/CVE-2024-9515.md create mode 100644 2024/CVE-2024-9524.md create mode 100644 2024/CVE-2024-9529.md create mode 100644 2024/CVE-2024-9532.md create mode 100644 2024/CVE-2024-9533.md create mode 100644 2024/CVE-2024-9534.md create mode 100644 2024/CVE-2024-9535.md create mode 100644 2024/CVE-2024-9537.md create mode 100644 2024/CVE-2024-9539.md create mode 100644 2024/CVE-2024-9549.md create mode 100644 2024/CVE-2024-9550.md create mode 100644 2024/CVE-2024-9551.md create mode 100644 2024/CVE-2024-9552.md create mode 100644 2024/CVE-2024-9553.md create mode 100644 2024/CVE-2024-9555.md create mode 100644 2024/CVE-2024-9556.md create mode 100644 2024/CVE-2024-9557.md create mode 100644 2024/CVE-2024-9558.md create mode 100644 2024/CVE-2024-9559.md create mode 100644 2024/CVE-2024-9561.md create mode 100644 2024/CVE-2024-9562.md create mode 100644 2024/CVE-2024-9563.md create mode 100644 2024/CVE-2024-9564.md create mode 100644 2024/CVE-2024-9565.md create mode 100644 2024/CVE-2024-9566.md create mode 100644 2024/CVE-2024-9567.md create mode 100644 2024/CVE-2024-9568.md create mode 100644 2024/CVE-2024-9569.md create mode 100644 2024/CVE-2024-9570.md create mode 100644 2024/CVE-2024-9593.md create mode 100644 2024/CVE-2024-9599.md create mode 100644 2024/CVE-2024-9600.md create mode 100644 2024/CVE-2024-9602.md create mode 100644 2024/CVE-2024-9603.md create mode 100644 2024/CVE-2024-9634.md create mode 100644 2024/CVE-2024-9638.md create mode 100644 2024/CVE-2024-9641.md create mode 100644 2024/CVE-2024-9643.md create mode 100644 2024/CVE-2024-9645.md create mode 100644 2024/CVE-2024-9651.md create mode 100644 2024/CVE-2024-9662.md create mode 100644 2024/CVE-2024-9663.md create mode 100644 2024/CVE-2024-9677.md create mode 100644 2024/CVE-2024-9680.md create mode 100644 2024/CVE-2024-9681.md create mode 100644 2024/CVE-2024-9689.md create mode 100644 2024/CVE-2024-9698.md create mode 100644 2024/CVE-2024-9707.md create mode 100644 2024/CVE-2024-9709.md create mode 100644 2024/CVE-2024-9711.md create mode 100644 2024/CVE-2024-9756.md create mode 100644 2024/CVE-2024-9765.md create mode 100644 2024/CVE-2024-9768.md create mode 100644 2024/CVE-2024-9769.md create mode 100644 2024/CVE-2024-9770.md create mode 100644 2024/CVE-2024-9771.md create mode 100644 2024/CVE-2024-9781.md create mode 100644 2024/CVE-2024-9782.md create mode 100644 2024/CVE-2024-9783.md create mode 100644 2024/CVE-2024-9784.md create mode 100644 2024/CVE-2024-9785.md create mode 100644 2024/CVE-2024-9786.md create mode 100644 2024/CVE-2024-9788.md create mode 100644 2024/CVE-2024-9789.md create mode 100644 2024/CVE-2024-9790.md create mode 100644 2024/CVE-2024-9793.md create mode 100644 2024/CVE-2024-9794.md create mode 100644 2024/CVE-2024-9796.md create mode 100644 2024/CVE-2024-9797.md create mode 100644 2024/CVE-2024-9803.md create mode 100644 2024/CVE-2024-9804.md create mode 100644 2024/CVE-2024-9805.md create mode 100644 2024/CVE-2024-9811.md create mode 100644 2024/CVE-2024-9812.md create mode 100644 2024/CVE-2024-9813.md create mode 100644 2024/CVE-2024-9814.md create mode 100644 2024/CVE-2024-9815.md create mode 100644 2024/CVE-2024-9816.md create mode 100644 2024/CVE-2024-9818.md create mode 100644 2024/CVE-2024-9821.md create mode 100644 2024/CVE-2024-9822.md create mode 100644 2024/CVE-2024-9828.md create mode 100644 2024/CVE-2024-9831.md create mode 100644 2024/CVE-2024-9835.md create mode 100644 2024/CVE-2024-9836.md create mode 100644 2024/CVE-2024-9838.md create mode 100644 2024/CVE-2024-9855.md create mode 100644 2024/CVE-2024-9856.md create mode 100644 2024/CVE-2024-9859.md create mode 100644 2024/CVE-2024-9874.md create mode 100644 2024/CVE-2024-9875.md create mode 100644 2024/CVE-2024-9876.md create mode 100644 2024/CVE-2024-9878.md create mode 100644 2024/CVE-2024-9879.md create mode 100644 2024/CVE-2024-9881.md create mode 100644 2024/CVE-2024-9882.md create mode 100644 2024/CVE-2024-9883.md create mode 100644 2024/CVE-2024-9890.md create mode 100644 2024/CVE-2024-9894.md create mode 100644 2024/CVE-2024-9903.md create mode 100644 2024/CVE-2024-9904.md create mode 100644 2024/CVE-2024-9905.md create mode 100644 2024/CVE-2024-9906.md create mode 100644 2024/CVE-2024-9908.md create mode 100644 2024/CVE-2024-9909.md create mode 100644 2024/CVE-2024-9910.md create mode 100644 2024/CVE-2024-9911.md create mode 100644 2024/CVE-2024-9912.md create mode 100644 2024/CVE-2024-9913.md create mode 100644 2024/CVE-2024-9914.md create mode 100644 2024/CVE-2024-9915.md create mode 100644 2024/CVE-2024-9916.md create mode 100644 2024/CVE-2024-9917.md create mode 100644 2024/CVE-2024-9918.md create mode 100644 2024/CVE-2024-9926.md create mode 100644 2024/CVE-2024-9932.md create mode 100644 2024/CVE-2024-9933.md create mode 100644 2024/CVE-2024-9934.md create mode 100644 2024/CVE-2024-9935.md create mode 100644 2024/CVE-2024-9944.md create mode 100644 2024/CVE-2024-9950.md create mode 100644 2024/CVE-2024-9952.md create mode 100644 2024/CVE-2024-9954.md create mode 100644 2024/CVE-2024-9956.md create mode 100644 2024/CVE-2024-9958.md create mode 100644 2024/CVE-2024-9962.md create mode 100644 2024/CVE-2024-9963.md create mode 100644 2024/CVE-2024-9965.md create mode 100644 2024/CVE-2024-9966.md create mode 100644 2024/CVE-2024-9973.md create mode 100644 2024/CVE-2024-9974.md create mode 100644 2024/CVE-2024-9976.md create mode 100644 2024/CVE-2024-9986.md create mode 100644 2024/CVE-2024-9989.md diff --git a/2024/CVE-2024-0001.md b/2024/CVE-2024-0001.md new file mode 100644 index 0000000000..e9b02859ce --- /dev/null +++ b/2024/CVE-2024-0001.md @@ -0,0 +1,34 @@ +### [CVE-2024-0001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0001) +![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%3D%206.3.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1188%20Insecure%20Default%20Initialization%20of%20Resource&color=brighgreen) + +### Description + +A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ADA-XiaoYao/ADA-XiaoYao-ADA-ZeroDay-Framework-CLI +- https://github.com/GerriaLeSure/cybersecurity-risk-assessment-platform +- https://github.com/Harrywang12/lockdown +- https://github.com/Mahdi-Assadi/Text_Clustering +- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework +- https://github.com/RobloxSecurityResearcher/RobloxVulnerabilityCVE-2024-0001 +- https://github.com/SV-ZeroOne/cyber-ai-info +- https://github.com/Victorkib/vulnscope +- https://github.com/allensuvorov/vuln-scan-query +- https://github.com/arshiyaazizi/Unique-Vulnerability-Identification-API- +- https://github.com/bendrorr/vulnerability-management +- https://github.com/jiupta/CVE-2024-0001-EXP +- https://github.com/mauvehed/kevvy +- https://github.com/miketigerblue/chroma-curator +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pgdn-network/pgdn-cve +- https://github.com/shashwat12304/cyber-graph-viz +- https://github.com/zefparis/zero-click-benji + diff --git a/2024/CVE-2024-0002.md b/2024/CVE-2024-0002.md new file mode 100644 index 0000000000..b5e9c4c5ce --- /dev/null +++ b/2024/CVE-2024-0002.md @@ -0,0 +1,19 @@ +### [CVE-2024-0002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0002) +![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.3.17%3C%3D%205.3.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework +- https://github.com/Victorkib/vulnscope +- https://github.com/zefparis/zero-click-benji + diff --git a/2024/CVE-2024-0003.md b/2024/CVE-2024-0003.md new file mode 100644 index 0000000000..4ea6486dcb --- /dev/null +++ b/2024/CVE-2024-0003.md @@ -0,0 +1,19 @@ +### [CVE-2024-0003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0003) +![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.3.17%3C%3D%205.3.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework +- https://github.com/Victorkib/vulnscope +- https://github.com/zefparis/zero-click-benji + diff --git a/2024/CVE-2024-0004.md b/2024/CVE-2024-0004.md new file mode 100644 index 0000000000..d0ecbf3447 --- /dev/null +++ b/2024/CVE-2024-0004.md @@ -0,0 +1,18 @@ +### [CVE-2024-0004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0004) +![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.0.0%3C%3D%205.0.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework +- https://github.com/zefparis/zero-click-benji + diff --git a/2024/CVE-2024-0005.md b/2024/CVE-2024-0005.md new file mode 100644 index 0000000000..8a70d333cb --- /dev/null +++ b/2024/CVE-2024-0005.md @@ -0,0 +1,20 @@ +### [CVE-2024-0005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0005) +![](https://img.shields.io/static/v1?label=Product&message=FlashArray&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FlashBlade&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%3D%203.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=5.0.0%3C%3D%205.0.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ProjectZeroDays/AI-Driven-Zero-Click-Exploit-Deployment-Framework +- https://github.com/zefparis/zero-click-benji + diff --git a/2024/CVE-2024-0010.md b/2024/CVE-2024-0010.md index c05ad79e84..c16829e4f6 100644 --- a/2024/CVE-2024-0010.md +++ b/2024/CVE-2024-0010.md @@ -15,5 +15,6 @@ A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal No PoCs from references. #### Github +- https://github.com/Manisha-03/XSS_Vulnerability - https://github.com/afine-com/research diff --git a/2024/CVE-2024-0012.md b/2024/CVE-2024-0012.md new file mode 100644 index 0000000000..9a26c85353 --- /dev/null +++ b/2024/CVE-2024-0012.md @@ -0,0 +1,42 @@ +### [CVE-2024-0012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0012) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20NGFW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PAN-OS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Prisma%20Access&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.Cloud NGFW and Prisma Access are not impacted by this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xjessie21/CVE-2024-0012 +- https://github.com/Mattb709/HELLCAT-Practical-Initial-Access-Guide-for-Red-Teams +- https://github.com/Ostorlab/KEV +- https://github.com/Regent8SH/PanOsExploitMultitool +- https://github.com/Sachinart/CVE-2024-0012-POC +- https://github.com/TalatumLabs/CVE-2024-0012_CVE-2024-9474_PoC +- https://github.com/Threekiii/CVE +- https://github.com/XiaomingX/awesome-cve-exp-poc +- https://github.com/XiaomingX/cve-2024-0012-poc +- https://github.com/aratane/CVE-2024-9474 +- https://github.com/crosswk/paloalto-cve-parser +- https://github.com/dcollaoa/cve-2024-0012-gui-poc +- https://github.com/greaselovely/CVE-2024-0012 +- https://github.com/iSee857/CVE-2024-0012-poc +- https://github.com/k4nfr3/CVE-2024-9474 +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/packetinside/CISA_BOT +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/punitdarji/Paloalto-CVE-2024-0012 +- https://github.com/rxerium/stars +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012 +- https://github.com/zentrybox/worker-orchestator +- https://github.com/zero16sec/panos-security-advisor + diff --git a/2024/CVE-2024-0023.md b/2024/CVE-2024-0023.md index 693060fcf9..6cb1eb9c3e 100644 --- a/2024/CVE-2024-0023.md +++ b/2024/CVE-2024-0023.md @@ -13,5 +13,6 @@ In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bo - https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268 #### Github +- https://github.com/AbrarKhan/G3_Frameworks_av_CVE-2024-0023 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0030.md b/2024/CVE-2024-0030.md index 684b917a75..5923c7d9c8 100644 --- a/2024/CVE-2024-0030.md +++ b/2024/CVE-2024-0030.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/uthrasri/system_bt_CVE-2024-0030 diff --git a/2024/CVE-2024-0039.md b/2024/CVE-2024-0039.md index cd3cf2da8f..cb7f82b05f 100644 --- a/2024/CVE-2024-0039.md +++ b/2024/CVE-2024-0039.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/41yn14/CVE-2024-0039-Exploit +- https://github.com/MssGmz99/fix-02-failure-CVE-2024-31319-CVE-2024-0039 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0040.md b/2024/CVE-2024-0040.md index 4f47794283..3254feb861 100644 --- a/2024/CVE-2024-0040.md +++ b/2024/CVE-2024-0040.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/uthrasri/frameworks_av_CVE-2024-0040 diff --git a/2024/CVE-2024-0044.md b/2024/CVE-2024-0044.md index 14e30a7866..bf5a83d7f2 100644 --- a/2024/CVE-2024-0044.md +++ b/2024/CVE-2024-0044.md @@ -1,6 +1,6 @@ ### [CVE-2024-0044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0044) ![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) ### Description @@ -14,10 +14,30 @@ In createSessionInternal of PackageInstallerService.java, there is a possible ru - https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html #### Github +- https://github.com/007CRIPTOGRAFIA/c-CVE-2024-0044 - https://github.com/0xMarcio/cve +- https://github.com/0xbinder/CVE-2024-0044 +- https://github.com/Andromeda254/cve +- https://github.com/Ankitkushwaha90/trysanityapp +- https://github.com/BlackTom900131/awesome-game-security +- https://github.com/Dit-Developers/CVE-2024-0044- - https://github.com/GhostTroops/TOP +- https://github.com/JackBlack818/Evil-Droid +- https://github.com/Kai2er/CVE-2024-0044-EXP +- https://github.com/MrW0l05zyn/cve-2024-0044 +- https://github.com/Re13orn/CVE-2024-0044-EXP +- https://github.com/a-roshbaik/cve_2024_0044 +- https://github.com/canyie/CVE-2024-0044 +- https://github.com/canyie/canyie +- https://github.com/fboaventura/awesome-starts +- https://github.com/gmh5225/awesome-game-security +- https://github.com/hunter24x24/cve_2024_0044 +- https://github.com/l1ackernishan/CVE-2024-0044 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/pl4int3xt/cve_2024_0044 - https://github.com/scs-labrat/android_autorooter +- https://github.com/sridhar-sec/EvilDroid - https://github.com/tanjiti/sec_profile +- https://github.com/trevor0106/game-security +- https://github.com/xdavidhu/awesome-google-vrp-writeups diff --git a/2024/CVE-2024-0054.md b/2024/CVE-2024-0054.md index ff3d84d9a1..e6816461c1 100644 --- a/2024/CVE-2024-0054.md +++ b/2024/CVE-2024-0054.md @@ -1,7 +1,7 @@ ### [CVE-2024-0054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0054) ![](https://img.shields.io/static/v1?label=Product&message=AXIS%20OS&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20AXIS%20OS%206.50%20-%2011.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-155%3A%20Improper%20Neutralization%20of%20Wildcards%20or%20Matching%20Symbols&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0055.md b/2024/CVE-2024-0055.md index ffd7f5c5e4..dc2e5ef601 100644 --- a/2024/CVE-2024-0055.md +++ b/2024/CVE-2024-0055.md @@ -1,7 +1,7 @@ ### [CVE-2024-0055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0055) ![](https://img.shields.io/static/v1?label=Product&message=AXIS%20OS&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20AXIS%20OS%2010.12%20-%2011.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-155%3A%20Improper%20Neutralization%20of%20Wildcards%20or%20Matching%20Symbols&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0056.md b/2024/CVE-2024-0056.md index 6e154ec1a2..89b5654361 100644 --- a/2024/CVE-2024-0056.md +++ b/2024/CVE-2024-0056.md @@ -44,6 +44,7 @@ Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Fe No PoCs from references. #### Github +- https://github.com/EDemerzel/NuGetInspector - https://github.com/NaInSec/CVE-LIST - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0057.md b/2024/CVE-2024-0057.md index e6fcb74055..5a0e063aa4 100644 --- a/2024/CVE-2024-0057.md +++ b/2024/CVE-2024-0057.md @@ -55,4 +55,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-0132.md b/2024/CVE-2024-0132.md new file mode 100644 index 0000000000..534e0f3236 --- /dev/null +++ b/2024/CVE-2024-0132.md @@ -0,0 +1,26 @@ +### [CVE-2024-0132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0132) +![](https://img.shields.io/static/v1?label=Product&message=Container%20Toolkit&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=GPU%20Operator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%2024.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%20v1.16.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen) + +### Description + +NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EGI-Federation/SVG-advisories +- https://github.com/ctrsploit/ctrsploit +- https://github.com/lgturatti/techdrops +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/r0binak/CVE-2024-0132 +- https://github.com/ssst0n3/docker_archive +- https://github.com/ssst0n3/poc-cve-2024-0132 +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-0135.md b/2024/CVE-2024-0135.md new file mode 100644 index 0000000000..ad1bca0049 --- /dev/null +++ b/2024/CVE-2024-0135.md @@ -0,0 +1,19 @@ +### [CVE-2024-0135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0135) +![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20Container%20Toolkit&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20GPU%20Operator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%2024.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20up%20to%20and%20including%20v1.17.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-653&color=brighgreen) + +### Description + +NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EGI-Federation/SVG-advisories + diff --git a/2024/CVE-2024-0195.md b/2024/CVE-2024-0195.md index d091266bcd..9868944cd0 100644 --- a/2024/CVE-2024-0195.md +++ b/2024/CVE-2024-0195.md @@ -13,10 +13,31 @@ A vulnerability, which was classified as critical, was found in spider-flow 0.4. No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/Cappricio-Securities/CVE-2024-0195 +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Marco-zcl/POC +- https://github.com/Michael-Meade/Links-Repository - https://github.com/Tropinene/Yscanner +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/gh-ost00/CVE-2024-0195-SpiderFlow +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-0200.md b/2024/CVE-2024-0200.md new file mode 100644 index 0000000000..3e195fdcb5 --- /dev/null +++ b/2024/CVE-2024-0200.md @@ -0,0 +1,19 @@ +### [CVE-2024-0200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0200) +![](https://img.shields.io/static/v1?label=Product&message=Enterprise%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-470%20Use%20of%20Externally-Controlled%20Input%20to%20Select%20Classes%20or%20Code%20('Unsafe%20Reflection')&color=brighgreen) + +### Description + +An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-0204.md b/2024/CVE-2024-0204.md index 252517e2c9..b182bec4aa 100644 --- a/2024/CVE-2024-0204.md +++ b/2024/CVE-2024-0204.md @@ -14,15 +14,31 @@ Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauth - http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html #### Github +- https://github.com/Acurtos01/PPS-Unidad2Actividad1-AdrianCurtoSanchez +- https://github.com/Clealg01/PPS-Unidad2Actividad1-Cristian +- https://github.com/EfstratiosLontzetidis/blogs_advisories_reports_papers - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Ospalus/PPS-Unidad2-Actividad1 - https://github.com/Ostorlab/KEV +- https://github.com/SergioMP04/PPS-Unidad2Actividad1-SergioMorato - https://github.com/Threekiii/CVE - https://github.com/adminlove520/CVE-2024-0204 - https://github.com/cbeek-r7/CVE-2024-0204 - https://github.com/gobysec/Goby - https://github.com/horizon3ai/CVE-2024-0204 +- https://github.com/ibrahmsql/CVE-2024-0204 +- https://github.com/ibrahmsql/CyberSecurity101-Roadmap +- https://github.com/jmtatop01/PPS-Unidad2Actividad1-JulioManuel - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/m-cetin/CVE-2024-0204 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/toxyl/lscve +- https://github.com/vjp-albertoVG/PPS-Unidad2Actividad1-albertoVG +- https://github.com/vjp-angelPB/PPS-Unidad2Actividad1-Angel +- https://github.com/vjp-davidLC/vjp-davidLC-PPS-Unidad2Actividad1-David +- https://github.com/vjp-ignacioBM/PPS-Unidad2Actividad1-Ignacio +- https://github.com/vjp-mansurSY/PPS-Unidad2Actividad1-MansurSY +- https://github.com/vjp-pabloGG/PPS-Unidad2Actividad1-PabloGilGalapero +- https://github.com/vjp-raulAP/PPS-Unidad2Actividad1-Raul_Albalat_Perez diff --git a/2024/CVE-2024-0208.md b/2024/CVE-2024-0208.md index 4fcebb9a9e..791c85d790 100644 --- a/2024/CVE-2024-0208.md +++ b/2024/CVE-2024-0208.md @@ -1,7 +1,7 @@ ### [CVE-2024-0208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0208) ![](https://img.shields.io/static/v1?label=Product&message=Wireshark&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=4.2.0%3C%204.2.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-230%3A%20Improper%20Handling%20of%20Missing%20Values&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0220.md b/2024/CVE-2024-0220.md index d8597f9bd7..9d09410809 100644 --- a/2024/CVE-2024-0220.md +++ b/2024/CVE-2024-0220.md @@ -3,9 +3,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=Technology%20Guarding&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.4.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=4.0%3C%204.6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1240%3A%20Use%20of%20a%20Cryptographic%20Primitive%20with%20a%20Risky%20Implementation&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-319%20Cleartext%20Transmission%20of%20Sensitive%20Information&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-326%20Inadequate%20Encryption%20Strength&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0229.md b/2024/CVE-2024-0229.md index f58e4f009e..989de8d80a 100644 --- a/2024/CVE-2024-0229.md +++ b/2024/CVE-2024-0229.md @@ -14,7 +14,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Access%20of%20Memory%20Location%20After%20End%20of%20Buffer&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0230.md b/2024/CVE-2024-0230.md index 9b7911dd10..fd7d507670 100644 --- a/2024/CVE-2024-0230.md +++ b/2024/CVE-2024-0230.md @@ -13,10 +13,15 @@ A session management issue was addressed with improved checks. This issue is fix No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/CerberusMrX/Advanced-Bluetooth-Penetration-Testing-Tool - https://github.com/H4lo/awesome-IoT-security-article +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/gato001k1/helt - https://github.com/keldnorman/cve-2024-0230-blue - https://github.com/marcnewlin/hi_my_name_is_keyboard - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/shirin-ehtiram/hi_my_name_is_keyboard +- https://github.com/xG3nesis/RustyInjector diff --git a/2024/CVE-2024-0235.md b/2024/CVE-2024-0235.md index 32fe66957f..10f84182fe 100644 --- a/2024/CVE-2024-0235.md +++ b/2024/CVE-2024-0235.md @@ -14,6 +14,7 @@ The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 #### Github - https://github.com/Cappricio-Securities/CVE-2024-0235 +- https://github.com/Nxploited/CVE-2024-0235-PoC - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0241.md b/2024/CVE-2024-0241.md new file mode 100644 index 0000000000..3cc4feac46 --- /dev/null +++ b/2024/CVE-2024-0241.md @@ -0,0 +1,17 @@ +### [CVE-2024-0241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0241) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase + diff --git a/2024/CVE-2024-0247.md b/2024/CVE-2024-0247.md index 0b3dea601a..40589f5411 100644 --- a/2024/CVE-2024-0247.md +++ b/2024/CVE-2024-0247.md @@ -10,7 +10,7 @@ A vulnerability classified as critical was found in CodeAstro Online Food Orderi ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?id.249778 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0249.md b/2024/CVE-2024-0249.md new file mode 100644 index 0000000000..08df782c7c --- /dev/null +++ b/2024/CVE-2024-0249.md @@ -0,0 +1,17 @@ +### [CVE-2024-0249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0249) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Schedule%20Posts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e7ee3e73-1086-421f-b586-d415a45a6c8e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0253.md b/2024/CVE-2024-0253.md index a495746847..8e5c54ec76 100644 --- a/2024/CVE-2024-0253.md +++ b/2024/CVE-2024-0253.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/minhgalaxy/CVE diff --git a/2024/CVE-2024-0261.md b/2024/CVE-2024-0261.md index b28683a861..6dad8f2d4e 100644 --- a/2024/CVE-2024-0261.md +++ b/2024/CVE-2024-0261.md @@ -15,5 +15,6 @@ A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problema - https://www.youtube.com/watch?v=q-CVJfYdd-g #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0263.md b/2024/CVE-2024-0263.md index 81d1b7f221..b811ec216f 100644 --- a/2024/CVE-2024-0263.md +++ b/2024/CVE-2024-0263.md @@ -14,5 +14,6 @@ A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified - https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0269.md b/2024/CVE-2024-0269.md index 221f06ceef..1e2edb800b 100644 --- a/2024/CVE-2024-0269.md +++ b/2024/CVE-2024-0269.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/minhgalaxy/CVE diff --git a/2024/CVE-2024-0305.md b/2024/CVE-2024-0305.md index 449dc7f4af..86586e47ff 100644 --- a/2024/CVE-2024-0305.md +++ b/2024/CVE-2024-0305.md @@ -13,13 +13,30 @@ A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC - https://github.com/20142995/pocsuite3 +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Marco-zcl/POC - https://github.com/Tropinene/Yscanner +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/dddinmx/POC-Pocsuite3 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/jidle123/cve-2024-0305exp +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-0311.md b/2024/CVE-2024-0311.md index 1ec9162ba6..71cc092252 100644 --- a/2024/CVE-2024-0311.md +++ b/2024/CVE-2024-0311.md @@ -13,5 +13,6 @@ A malicious insider can bypass the existing policy of Skyhigh Client Proxy witho - https://kcm.trellix.com/corporate/index?page=content&id=SB10418 #### Github -No PoCs found on GitHub currently. +- https://github.com/calligraf0/CVE-2024-0311 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0323.md b/2024/CVE-2024-0323.md index 1faef59338..c475243e69 100644 --- a/2024/CVE-2024-0323.md +++ b/2024/CVE-2024-0323.md @@ -1,7 +1,7 @@ ### [CVE-2024-0323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0323) ![](https://img.shields.io/static/v1?label=Product&message=Automation%20Runtime&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=14.0%3C%2014.93%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-327%20Use%20of%20a%20Broken%20or%20Risky%20Cryptographic%20Algorithm&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1240%3A%20Use%20of%20a%20Cryptographic%20Primitive%20with%20a%20Risky%20Implementation&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0324.md b/2024/CVE-2024-0324.md new file mode 100644 index 0000000000..6c551568cb --- /dev/null +++ b/2024/CVE-2024-0324.md @@ -0,0 +1,18 @@ +### [CVE-2024-0324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0324) +![](https://img.shields.io/static/v1?label=Product&message=User%20Profile%20Builder%20%E2%80%93%20Beautiful%20User%20Registration%20Forms%2C%20User%20Profiles%20%26%20User%20Role%20Editor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.10.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kodaichodai/CVE-2024-0324 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-0352.md b/2024/CVE-2024-0352.md index 091a2910f8..06a436962d 100644 --- a/2024/CVE-2024-0352.md +++ b/2024/CVE-2024-0352.md @@ -13,6 +13,7 @@ A vulnerability classified as critical was found in Likeshop up to 2.5.7.2021031 No PoCs from references. #### Github +- https://github.com/Cappricio-Securities/CVE-2024-0352 - https://github.com/Tropinene/Yscanner - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-0360.md b/2024/CVE-2024-0360.md new file mode 100644 index 0000000000..0191e273f0 --- /dev/null +++ b/2024/CVE-2024-0360.md @@ -0,0 +1,17 @@ +### [CVE-2024-0360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0360) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KadinFisher/CVE_LLM_Testing + diff --git a/2024/CVE-2024-0365.md b/2024/CVE-2024-0365.md index 94f39c51d0..3e55b6ed3b 100644 --- a/2024/CVE-2024-0365.md +++ b/2024/CVE-2024-0365.md @@ -14,4 +14,5 @@ The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanit #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/xbz0n/xbz0n diff --git a/2024/CVE-2024-0368.md b/2024/CVE-2024-0368.md new file mode 100644 index 0000000000..cd27fe8d09 --- /dev/null +++ b/2024/CVE-2024-0368.md @@ -0,0 +1,18 @@ +### [CVE-2024-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0368) +![](https://img.shields.io/static/v1?label=Product&message=Hustle%20%E2%80%93%20Email%20Marketing%2C%20Lead%20Generation%2C%20Optins%2C%20Popups&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.8.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen) + +### Description + +The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII. + +### POC + +#### Reference +- https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api +- https://developers.hubspot.com/docs/api/webhooks#scopes + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0379.md b/2024/CVE-2024-0379.md new file mode 100644 index 0000000000..91329c9661 --- /dev/null +++ b/2024/CVE-2024-0379.md @@ -0,0 +1,18 @@ +### [CVE-2024-0379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0379) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Twitter%20Feeds%20%E2%80%93%20A%20Tweets%20Widget%20or%20X%20Feed%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site's twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kodaichodai/CVE-2024-0379 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-0399.md b/2024/CVE-2024-0399.md index 4d056bc5a8..b7d1d898bf 100644 --- a/2024/CVE-2024-0399.md +++ b/2024/CVE-2024-0399.md @@ -15,4 +15,5 @@ The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xbz0n/CVE-2024-0399 +- https://github.com/xbz0n/xbz0n diff --git a/2024/CVE-2024-0402.md b/2024/CVE-2024-0402.md index 0fc5dca8fa..8c3bce1617 100644 --- a/2024/CVE-2024-0402.md +++ b/2024/CVE-2024-0402.md @@ -15,6 +15,8 @@ No PoCs from references. #### Github - https://github.com/0xfschott/CVE-search - https://github.com/ch4nui/CVE-2024-0402-RCE +- https://github.com/doyensec/malicious-devfile-registry - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-0405.md b/2024/CVE-2024-0405.md new file mode 100644 index 0000000000..d7447d2d07 --- /dev/null +++ b/2024/CVE-2024-0405.md @@ -0,0 +1,17 @@ +### [CVE-2024-0405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0405) +![](https://img.shields.io/static/v1?label=Product&message=Burst%20Statistics%20%E2%80%93%20Privacy-Friendly%20Analytics%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.5.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xbz0n/xbz0n + diff --git a/2024/CVE-2024-0406.md b/2024/CVE-2024-0406.md index 43d41506a9..f624849267 100644 --- a/2024/CVE-2024-0406.md +++ b/2024/CVE-2024-0406.md @@ -1,7 +1,7 @@ ### [CVE-2024-0406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0406) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%203&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.18&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) @@ -16,4 +16,8 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/veissa/Desires +- https://github.com/walidpyh/CVE-2024-0406-POC diff --git a/2024/CVE-2024-0418.md b/2024/CVE-2024-0418.md index cfd4891a22..bc62186ca7 100644 --- a/2024/CVE-2024-0418.md +++ b/2024/CVE-2024-0418.md @@ -13,5 +13,6 @@ A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to - https://cxsecurity.com/issue/WLB-2024010023 #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0419.md b/2024/CVE-2024-0419.md index fb07b9b9b4..d238942cbd 100644 --- a/2024/CVE-2024-0419.md +++ b/2024/CVE-2024-0419.md @@ -14,5 +14,5 @@ A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problem - https://www.youtube.com/watch?v=6dAWGH0-6TY #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0443.md b/2024/CVE-2024-0443.md new file mode 100644 index 0000000000..921ca6e995 --- /dev/null +++ b/2024/CVE-2024-0443.md @@ -0,0 +1,21 @@ +### [CVE-2024-0443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0443) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Transmission%20of%20Private%20Resources%20into%20a%20New%20Sphere%20('Resource%20Leak')&color=brighgreen) + +### Description + +A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores + diff --git a/2024/CVE-2024-0446.md b/2024/CVE-2024-0446.md index c135aa1d8a..a6ea13772e 100644 --- a/2024/CVE-2024-0446.md +++ b/2024/CVE-2024-0446.md @@ -1,11 +1,19 @@ ### [CVE-2024-0446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0446) -![](https://img.shields.io/static/v1?label=Product&message=Autodesk%20applications&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) ### Description -A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-0448.md b/2024/CVE-2024-0448.md new file mode 100644 index 0000000000..48e5778c6a --- /dev/null +++ b/2024/CVE-2024-0448.md @@ -0,0 +1,17 @@ +### [CVE-2024-0448](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0448) +![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Addons%20by%20Livemesh&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CyberSecAI/cve_dedup + diff --git a/2024/CVE-2024-0456.md b/2024/CVE-2024-0456.md index ee4bfb0a9f..6336cf508f 100644 --- a/2024/CVE-2024-0456.md +++ b/2024/CVE-2024-0456.md @@ -1,7 +1,7 @@ ### [CVE-2024-0456](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0456) ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=14.0%3C%2016.6.6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%3A%20Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-425%3A%20Direct%20Request%20('Forced%20Browsing')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0507.md b/2024/CVE-2024-0507.md new file mode 100644 index 0000000000..216a8cf734 --- /dev/null +++ b/2024/CVE-2024-0507.md @@ -0,0 +1,19 @@ +### [CVE-2024-0507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0507) +![](https://img.shields.io/static/v1?label=Product&message=Enterprise%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.8.0%3C%3D%203.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/convisolabs/CVE-2024-0507_CVE-2024-0200-github +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-0509.md b/2024/CVE-2024-0509.md new file mode 100644 index 0000000000..eeaba0d786 --- /dev/null +++ b/2024/CVE-2024-0509.md @@ -0,0 +1,18 @@ +### [CVE-2024-0509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0509) +![](https://img.shields.io/static/v1?label=Product&message=WP%20404%20Auto%20Redirect%20to%20Similar%20Post&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kodaichodai/CVE-2024-0509 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-0517.md b/2024/CVE-2024-0517.md index a0b0335a13..fb6ce13467 100644 --- a/2024/CVE-2024-0517.md +++ b/2024/CVE-2024-0517.md @@ -13,9 +13,18 @@ Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a rem No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/Uniguri/CVE-1day - https://github.com/Uniguri/CVE-nday +- https://github.com/bachkhoasoft/awesome-list-ks +- https://github.com/gmh5225/vulnjs +- https://github.com/mwlik/v8-resources - https://github.com/ret2eax/exploits - https://github.com/rycbar77/V8Exploits - https://github.com/sploitem/v8-writeups +- https://github.com/sploitem/v8pwn +- https://github.com/wh1ant/vulnjs +- https://github.com/worthdoingbadly/chrome-118-tools +- https://github.com/xv0nfers/V8-sbx-bypass-collection diff --git a/2024/CVE-2024-0519.md b/2024/CVE-2024-0519.md index a0c14fa3c7..fdddc04ac5 100644 --- a/2024/CVE-2024-0519.md +++ b/2024/CVE-2024-0519.md @@ -13,9 +13,12 @@ Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allow No PoCs from references. #### Github +- https://github.com/DEORE1001/Task-3 - https://github.com/JohnHormond/CVE-2024-0519-Chrome-exploit - https://github.com/Ostorlab/KEV - https://github.com/Oxdestiny/CVE-2024-0519-Chrome-exploit - https://github.com/Threekiii/CVE +- https://github.com/gmh5225/vulnjs - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-0520.md b/2024/CVE-2024-0520.md new file mode 100644 index 0000000000..670869bb7c --- /dev/null +++ b/2024/CVE-2024-0520.md @@ -0,0 +1,18 @@ +### [CVE-2024-0520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0520) +![](https://img.shields.io/static/v1?label=Product&message=mlflow%2Fmlflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%20Relative%20Path%20Traversal&color=brighgreen) + +### Description + +A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chan-068/CVE-2024-0520_try +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-0522.md b/2024/CVE-2024-0522.md index cbeb9ed726..778d811d10 100644 --- a/2024/CVE-2024-0522.md +++ b/2024/CVE-2024-0522.md @@ -13,5 +13,6 @@ A vulnerability was found in Allegro RomPager 4.01. It has been classified as pr No PoCs from references. #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0532.md b/2024/CVE-2024-0532.md index a74149f8e9..42f90daa36 100644 --- a/2024/CVE-2024-0532.md +++ b/2024/CVE-2024-0532.md @@ -1,11 +1,12 @@ ### [CVE-2024-0532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0532) ![](https://img.shields.io/static/v1?label=Product&message=A15&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%2015.13.07.13%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) ### Description -A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. +A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. ### POC diff --git a/2024/CVE-2024-0535.md b/2024/CVE-2024-0535.md new file mode 100644 index 0000000000..9052e2e58a --- /dev/null +++ b/2024/CVE-2024-0535.md @@ -0,0 +1,17 @@ +### [CVE-2024-0535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0535) +![](https://img.shields.io/static/v1?label=Product&message=PA6&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.1.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/attilaszia/linux-iot-cves + diff --git a/2024/CVE-2024-0546.md b/2024/CVE-2024-0546.md index 4e2f9c4ae3..abdc08d515 100644 --- a/2024/CVE-2024-0546.md +++ b/2024/CVE-2024-0546.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as problematic, has been found in EasyFTP - https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0547.md b/2024/CVE-2024-0547.md index d11c84f2f7..44d26d2730 100644 --- a/2024/CVE-2024-0547.md +++ b/2024/CVE-2024-0547.md @@ -13,5 +13,5 @@ A vulnerability has been found in Ability FTP Server 2.34 and classified as prob - https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0548.md b/2024/CVE-2024-0548.md index a750ab0e4c..a060ffb3d4 100644 --- a/2024/CVE-2024-0548.md +++ b/2024/CVE-2024-0548.md @@ -13,5 +13,5 @@ A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problema - https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0564.md b/2024/CVE-2024-0564.md index 7106d0d2c5..b24c3ae345 100644 --- a/2024/CVE-2024-0564.md +++ b/2024/CVE-2024-0564.md @@ -4,7 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20Discrepancy&color=brighgreen) ### Description @@ -13,7 +13,7 @@ A flaw was found in the Linux kernel's memory deduplication mechanism. The max p ### POC #### Reference -No PoCs from references. +- https://wisa.or.kr/accepted #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0566.md b/2024/CVE-2024-0566.md index 5b089b8f7f..d948ded7ba 100644 --- a/2024/CVE-2024-0566.md +++ b/2024/CVE-2024-0566.md @@ -16,4 +16,5 @@ The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xbz0n/CVE-2024-0566 +- https://github.com/xbz0n/xbz0n diff --git a/2024/CVE-2024-0582.md b/2024/CVE-2024-0582.md index 777bd7bf8b..b42b85b1fa 100644 --- a/2024/CVE-2024-0582.md +++ b/2024/CVE-2024-0582.md @@ -17,17 +17,33 @@ No PoCs from references. #### Github - https://github.com/0ptyx/cve-2024-0582 +- https://github.com/0xAtharv/kernel-POCs +- https://github.com/0xor0ne/awesome-list - https://github.com/0xsyr0/OSCP +- https://github.com/101010zyl/CVE-2024-0582-dataonly +- https://github.com/AMatheusFeitosaM/OSCP-Cheat +- https://github.com/Faizan-Khanx/OSCP - https://github.com/Forsaken0129/CVE-2024-0582 - https://github.com/Forsaken0129/UltimateLinuxPrivilage - https://github.com/FoxyProxys/CVE-2024-0582 - https://github.com/GhostTroops/TOP +- https://github.com/PsychoH4x0r/Unknown1337-Auto-Root- +- https://github.com/ReflectedThanatos/OSCP-cheatsheet +- https://github.com/SantoriuHen/NotesHck +- https://github.com/VishuGahlyan/OSCP - https://github.com/aneasystone/github-trending +- https://github.com/arttnba3/D3CTF2025_d3kshrm - https://github.com/exfilt/CheatSheet +- https://github.com/fazilbaig1/oscp - https://github.com/fireinrain/github-trending +- https://github.com/geniuszly/CVE-2024-0582 - https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending +- https://github.com/kuzeyardabulut/CVE-2024-0582 +- https://github.com/mowenroot/Kernel - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/pwnmonk/io_uring-n-day - https://github.com/xairy/linux-kernel-exploitation - https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582 diff --git a/2024/CVE-2024-0588.md b/2024/CVE-2024-0588.md new file mode 100644 index 0000000000..0a0b8b2db4 --- /dev/null +++ b/2024/CVE-2024-0588.md @@ -0,0 +1,18 @@ +### [CVE-2024-0588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0588) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Memberships%20Pro%20%E2%80%93%20Content%20Restriction%2C%20User%20Registration%2C%20%26%20Paid%20Subscriptions&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.12.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kodaichodai/CVE-2024-0588 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-0589.md b/2024/CVE-2024-0589.md index 2ce369789a..7da59da25f 100644 --- a/2024/CVE-2024-0589.md +++ b/2024/CVE-2024-0589.md @@ -10,7 +10,7 @@ Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolution ### POC #### Reference -No PoCs from references. +- https://devolutions.net/security/advisories/DEVO-2024-0001/ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0590.md b/2024/CVE-2024-0590.md new file mode 100644 index 0000000000..eb83f82d0e --- /dev/null +++ b/2024/CVE-2024-0590.md @@ -0,0 +1,18 @@ +### [CVE-2024-0590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0590) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Clarity&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%200.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kodaichodai/CVE-2024-0590 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-0605.md b/2024/CVE-2024-0605.md new file mode 100644 index 0000000000..f7dec9e860 --- /dev/null +++ b/2024/CVE-2024-0605.md @@ -0,0 +1,17 @@ +### [CVE-2024-0605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0605) +![](https://img.shields.io/static/v1?label=Product&message=Focus%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=JavaScript%20URI%20running%20on%20top%20origin%20sites&color=brighgreen) + +### Description + +Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0606.md b/2024/CVE-2024-0606.md new file mode 100644 index 0000000000..463e9c1d30 --- /dev/null +++ b/2024/CVE-2024-0606.md @@ -0,0 +1,17 @@ +### [CVE-2024-0606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0606) +![](https://img.shields.io/static/v1?label=Product&message=Focus%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=UXSS%20attack%20with%20window.open()&color=brighgreen) + +### Description + +An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1855030 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0623.md b/2024/CVE-2024-0623.md index 0b92248f77..39a469edae 100644 --- a/2024/CVE-2024-0623.md +++ b/2024/CVE-2024-0623.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/kodaichodai/CVE-2024-0623 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0624.md b/2024/CVE-2024-0624.md index 808a4e7a55..3cecd91dfe 100644 --- a/2024/CVE-2024-0624.md +++ b/2024/CVE-2024-0624.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/kodaichodai/CVE-2024-0624 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0646.md b/2024/CVE-2024-0646.md index aee7c544a2..54cb0da1ff 100644 --- a/2024/CVE-2024-0646.md +++ b/2024/CVE-2024-0646.md @@ -16,7 +16,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Virtualization%204%20for%20Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brighgreen) ### Description @@ -30,4 +30,5 @@ An out-of-bounds memory write flaw was found in the Linux kernel’s Transport L #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ndouglas-cloudsmith/exploit-check diff --git a/2024/CVE-2024-0654.md b/2024/CVE-2024-0654.md index 0c7d4d6f86..be93c01c96 100644 --- a/2024/CVE-2024-0654.md +++ b/2024/CVE-2024-0654.md @@ -13,6 +13,7 @@ A vulnerability, which was classified as problematic, was found in DeepFaceLab p No PoCs from references. #### Github +- https://github.com/TrustAI-laboratory/TrustAI-laboratory - https://github.com/bayuncao/bayuncao - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0683.md b/2024/CVE-2024-0683.md new file mode 100644 index 0000000000..cfb2864f50 --- /dev/null +++ b/2024/CVE-2024-0683.md @@ -0,0 +1,18 @@ +### [CVE-2024-0683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0683) +![](https://img.shields.io/static/v1?label=Product&message=Bulgarisation%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.0.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/3474458191/CVE-2024-0683 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-0692.md b/2024/CVE-2024-0692.md index ab2b46fc1a..7dfcbe90d4 100644 --- a/2024/CVE-2024-0692.md +++ b/2024/CVE-2024-0692.md @@ -13,6 +13,7 @@ The SolarWinds Security Event Manager was susceptible to Remote Code Execution V No PoCs from references. #### Github +- https://github.com/1diot9/MyJavaSecStudy - https://github.com/Ostorlab/KEV - https://github.com/f0ur0four/Insecure-Deserialization diff --git a/2024/CVE-2024-0693.md b/2024/CVE-2024-0693.md index 31acad8e14..0895496fc5 100644 --- a/2024/CVE-2024-0693.md +++ b/2024/CVE-2024-0693.md @@ -15,5 +15,5 @@ A vulnerability classified as problematic was found in EFS Easy File Sharing FTP - https://www.youtube.com/watch?v=Rcl6VWg_bPY #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0695.md b/2024/CVE-2024-0695.md index d9e34b8d92..64f6056b64 100644 --- a/2024/CVE-2024-0695.md +++ b/2024/CVE-2024-0695.md @@ -16,5 +16,5 @@ A vulnerability, which was classified as problematic, has been found in EFS Easy - https://www.youtube.com/watch?v=nGyS2Rp5aEo #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0708.md b/2024/CVE-2024-0708.md new file mode 100644 index 0000000000..61838e58eb --- /dev/null +++ b/2024/CVE-2024-0708.md @@ -0,0 +1,17 @@ +### [CVE-2024-0708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0708) +![](https://img.shields.io/static/v1?label=Product&message=Landing%20Page%20Cat%20%E2%80%93%20Coming%20Soon%20Page%2C%20Maintenance%20Page%20%26%20Squeeze%20Pages&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-0723.md b/2024/CVE-2024-0723.md index c158d6465a..3f70b26ee8 100644 --- a/2024/CVE-2024-0723.md +++ b/2024/CVE-2024-0723.md @@ -13,5 +13,5 @@ A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified a - https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0725.md b/2024/CVE-2024-0725.md index 5d2b615531..099ee5740e 100644 --- a/2024/CVE-2024-0725.md +++ b/2024/CVE-2024-0725.md @@ -13,5 +13,5 @@ A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as pro - https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0727.md b/2024/CVE-2024-0727.md index 1192a32ce7..6d11693cbb 100644 --- a/2024/CVE-2024-0727.md +++ b/2024/CVE-2024-0727.md @@ -1,7 +1,7 @@ ### [CVE-2024-0727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727) ![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=3.2.0%3C%203.2.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen) ### Description @@ -14,8 +14,12 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/akaganeite/CVE4PP - https://github.com/chnzzh/OpenSSL-CVE-lib - https://github.com/denoslab/ensf400-lab10-ssc - https://github.com/fokypoky/places-list +- https://github.com/jtgorny/cve-scanning +- https://github.com/mmbazm/secure_license_server +- https://github.com/runlilong/tigergraph_openssl - https://github.com/seal-community/patches diff --git a/2024/CVE-2024-0731.md b/2024/CVE-2024-0731.md index 7fac31f942..bbe769e70a 100644 --- a/2024/CVE-2024-0731.md +++ b/2024/CVE-2024-0731.md @@ -13,5 +13,5 @@ A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as probl - https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0732.md b/2024/CVE-2024-0732.md index 29f82338d2..6092a17924 100644 --- a/2024/CVE-2024-0732.md +++ b/2024/CVE-2024-0732.md @@ -13,5 +13,5 @@ A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problemati - https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0736.md b/2024/CVE-2024-0736.md index b795c68579..ca9ae08b21 100644 --- a/2024/CVE-2024-0736.md +++ b/2024/CVE-2024-0736.md @@ -13,5 +13,5 @@ A vulnerability classified as problematic has been found in EFS Easy File Sharin - https://0day.today/exploit/39249 #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0737.md b/2024/CVE-2024-0737.md index 8c0606381f..001fcd8317 100644 --- a/2024/CVE-2024-0737.md +++ b/2024/CVE-2024-0737.md @@ -13,5 +13,6 @@ A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Ser - https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0741.md b/2024/CVE-2024-0741.md index 290f34e446..04b622cb21 100644 --- a/2024/CVE-2024-0741.md +++ b/2024/CVE-2024-0741.md @@ -16,6 +16,7 @@ An out of bounds write in ANGLE could have allowed an attacker to corrupt memory - https://bugzilla.mozilla.org/show_bug.cgi?id=1864587 #### Github +- https://github.com/HyHy100/Firefox-ANGLE-CVE-2024-0741 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0744.md b/2024/CVE-2024-0744.md index ec07b94a60..bcae548d67 100644 --- a/2024/CVE-2024-0744.md +++ b/2024/CVE-2024-0744.md @@ -13,6 +13,8 @@ In some circumstances, JIT compiled code could have dereferenced a wild pointer No PoCs from references. #### Github +- https://github.com/5211-yx/javascript_fuzzer +- https://github.com/TimerIzaya/izayailli - https://github.com/googleprojectzero/fuzzilli - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2024/CVE-2024-0748.md b/2024/CVE-2024-0748.md new file mode 100644 index 0000000000..0a12da567b --- /dev/null +++ b/2024/CVE-2024-0748.md @@ -0,0 +1,17 @@ +### [CVE-2024-0748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0748) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Compromised%20content%20process%20could%20modify%20document%20URI&color=brighgreen) + +### Description + +A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1783504 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0760.md b/2024/CVE-2024-0760.md new file mode 100644 index 0000000000..d717fd97a3 --- /dev/null +++ b/2024/CVE-2024-0760.md @@ -0,0 +1,19 @@ +### [CVE-2024-0760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0760) +![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=9.18.1%3C%3D%209.18.27%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-0760 +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-0762.md b/2024/CVE-2024-0762.md new file mode 100644 index 0000000000..3bfde8ad83 --- /dev/null +++ b/2024/CVE-2024-0762.md @@ -0,0 +1,35 @@ +### [CVE-2024-0762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0762) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Alder%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Coffee%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Comet%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Ice%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Jasper%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Kaby%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Meteor%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Raptor%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SecureCore%E2%84%A2%20for%20Intel%20Tiger%20Lake&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4.0.1.1%3C%204.0.1.998%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.1.0.1%3C%204.1.0.562%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.2.0.1%3C%204.2.0.323%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.2.1.1%3C%204.2.1.287%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.3.0.1%3C%204.3.0.236%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.3.1.1%3C%204.3.1.184%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.4.0.1%3C%204.4.0.269%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.5.0.1%3C%204.5.0.218%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.5.1.1%3C%204.5.1.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platformsThis issue affects:Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/abandon1337/CVE-2024-0762 +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tadash10/Detect-CVE-2024-0762 + diff --git a/2024/CVE-2024-0763.md b/2024/CVE-2024-0763.md index e536eaebab..250bc8fcfb 100644 --- a/2024/CVE-2024-0763.md +++ b/2024/CVE-2024-0763.md @@ -13,5 +13,5 @@ Any user can delete an arbitrary folder (recursively) on a remote server due to - https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5 #### Github -No PoCs found on GitHub currently. +- https://github.com/raltheo/raltheo diff --git a/2024/CVE-2024-0769.md b/2024/CVE-2024-0769.md index 7073b00ad4..dbe2f0f8dd 100644 --- a/2024/CVE-2024-0769.md +++ b/2024/CVE-2024-0769.md @@ -15,4 +15,5 @@ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/packetinside/CISA_BOT diff --git a/2024/CVE-2024-0771.md b/2024/CVE-2024-0771.md new file mode 100644 index 0000000000..a21de083c0 --- /dev/null +++ b/2024/CVE-2024-0771.md @@ -0,0 +1,17 @@ +### [CVE-2024-0771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0771) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Key%20Explorer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption&color=brighgreen) + +### Description + +A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-0772.md b/2024/CVE-2024-0772.md index 754abcf29e..55365fa5d8 100644 --- a/2024/CVE-2024-0772.md +++ b/2024/CVE-2024-0772.md @@ -13,5 +13,6 @@ A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as probl - https://youtu.be/WIeWeuXbkiY #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0774.md b/2024/CVE-2024-0774.md index 76e46c7a36..3be0af2357 100644 --- a/2024/CVE-2024-0774.md +++ b/2024/CVE-2024-0774.md @@ -13,5 +13,6 @@ A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been de No PoCs from references. #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0783.md b/2024/CVE-2024-0783.md index 05f4439ac4..ae71ad60e3 100644 --- a/2024/CVE-2024-0783.md +++ b/2024/CVE-2024-0783.md @@ -16,4 +16,5 @@ A vulnerability was found in Project Worlds Online Admission System 1.0 and clas #### Github - https://github.com/keru6k/Online-Admission-System-RCE-PoC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pwnpwnpur1n/Online-Admission-System-RCE-PoC diff --git a/2024/CVE-2024-0795.md b/2024/CVE-2024-0795.md index bc42dc0d9c..d4b1471ed7 100644 --- a/2024/CVE-2024-0795.md +++ b/2024/CVE-2024-0795.md @@ -13,5 +13,5 @@ If an attacked was given access to an instance with the admin or manager role th - https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec #### Github -No PoCs found on GitHub currently. +- https://github.com/raltheo/raltheo diff --git a/2024/CVE-2024-0815.md b/2024/CVE-2024-0815.md index 5c59dd16bb..7493179e66 100644 --- a/2024/CVE-2024-0815.md +++ b/2024/CVE-2024-0815.md @@ -14,4 +14,5 @@ Command injection in paddle.utils.download._wget_download (bypass filter) in pad #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/kagesensei/SimpleSpacy diff --git a/2024/CVE-2024-0834.md b/2024/CVE-2024-0834.md new file mode 100644 index 0000000000..7d9aa1f882 --- /dev/null +++ b/2024/CVE-2024-0834.md @@ -0,0 +1,17 @@ +### [CVE-2024-0834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0834) +![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Addon%20Elements&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.12.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CyberSecAI/cve_dedup + diff --git a/2024/CVE-2024-0841.md b/2024/CVE-2024-0841.md index 306b172964..b1ef08b007 100644 --- a/2024/CVE-2024-0841.md +++ b/2024/CVE-2024-0841.md @@ -4,7 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0847.md b/2024/CVE-2024-0847.md new file mode 100644 index 0000000000..b323995c63 --- /dev/null +++ b/2024/CVE-2024-0847.md @@ -0,0 +1,17 @@ +### [CVE-2024-0847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0847) +![](https://img.shields.io/static/v1?label=Product&message=5280%20Bootstrap%20Modal%20Contact%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-0848.md b/2024/CVE-2024-0848.md new file mode 100644 index 0000000000..3024761ba3 --- /dev/null +++ b/2024/CVE-2024-0848.md @@ -0,0 +1,17 @@ +### [CVE-2024-0848](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0848) +![](https://img.shields.io/static/v1?label=Product&message=AA%20Cash%20Calculator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-0849.md b/2024/CVE-2024-0849.md index fcbe974fbb..24b2af14ef 100644 --- a/2024/CVE-2024-0849.md +++ b/2024/CVE-2024-0849.md @@ -1,11 +1,11 @@ ### [CVE-2024-0849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0849) ![](https://img.shields.io/static/v1?label=Product&message=Leanote&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%202.7.0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%3A%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) ### Description -Leanote version 2.7.0 allows obtaining arbitrary local files. This is possiblebecause the application is vulnerable to LFR. +Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. ### POC diff --git a/2024/CVE-2024-0852.md b/2024/CVE-2024-0852.md new file mode 100644 index 0000000000..67914be3ee --- /dev/null +++ b/2024/CVE-2024-0852.md @@ -0,0 +1,17 @@ +### [CVE-2024-0852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0852) +![](https://img.shields.io/static/v1?label=Product&message=coreActivity%3A%20Activity%20Logging%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/743c4d79-e1d5-4fb0-a17d-296df2c54e8a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0854.md b/2024/CVE-2024-0854.md index 6ce18d3997..2dbab18421 100644 --- a/2024/CVE-2024-0854.md +++ b/2024/CVE-2024-0854.md @@ -1,11 +1,11 @@ ### [CVE-2024-0854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0854) ![](https://img.shields.io/static/v1?label=Product&message=DiskStation%20Manager%20(DSM)&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) ### Description -URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. +URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. ### POC @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/neko-hat/neko-hat diff --git a/2024/CVE-2024-0859.md b/2024/CVE-2024-0859.md new file mode 100644 index 0000000000..b93e7a2c50 --- /dev/null +++ b/2024/CVE-2024-0859.md @@ -0,0 +1,17 @@ +### [CVE-2024-0859](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0859) +![](https://img.shields.io/static/v1?label=Product&message=Affiliates%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.34%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-0861.md b/2024/CVE-2024-0861.md index 69fc0ec2e5..5d0fe08f7b 100644 --- a/2024/CVE-2024-0861.md +++ b/2024/CVE-2024-0861.md @@ -1,7 +1,7 @@ ### [CVE-2024-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0861) ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=16.9%3C%2016.9.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%3A%20Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-425%3A%20Direct%20Request%20('Forced%20Browsing')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0864.md b/2024/CVE-2024-0864.md index 4bb56db5f3..5544dbd8bb 100644 --- a/2024/CVE-2024-0864.md +++ b/2024/CVE-2024-0864.md @@ -1,11 +1,11 @@ ### [CVE-2024-0864](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0864) ![](https://img.shields.io/static/v1?label=Product&message=Laragon&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20*%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) ### Description -Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. +Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. ### POC @@ -13,5 +13,6 @@ Enabling Simple Ajax Uploader plugin included in Laragon open-source software al No PoCs from references. #### Github +- https://github.com/etxahun/euvdb-mcp-server - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0874.md b/2024/CVE-2024-0874.md index beb2fcaf80..146ade5346 100644 --- a/2024/CVE-2024-0874.md +++ b/2024/CVE-2024-0874.md @@ -1,6 +1,8 @@ ### [CVE-2024-0874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0874) ![](https://img.shields.io/static/v1?label=Product&message=Logging%20Subsystem%20for%20Red%20Hat%20OpenShift&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Management%20for%20Kubernetes%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) diff --git a/2024/CVE-2024-0885.md b/2024/CVE-2024-0885.md index 26c439d7c0..09335e3fc5 100644 --- a/2024/CVE-2024-0885.md +++ b/2024/CVE-2024-0885.md @@ -13,5 +13,5 @@ A vulnerability classified as problematic has been found in SpyCamLizard 1.230. - https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0886.md b/2024/CVE-2024-0886.md index ab2619a998..ca7952fd81 100644 --- a/2024/CVE-2024-0886.md +++ b/2024/CVE-2024-0886.md @@ -13,5 +13,5 @@ A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Con - https://fitoxs.com/vuldb/09-exploit-perl.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0887.md b/2024/CVE-2024-0887.md index 3528e11a9d..65e570a93c 100644 --- a/2024/CVE-2024-0887.md +++ b/2024/CVE-2024-0887.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as problematic, has been found in Mafiatic - https://fitoxs.com/vuldb/18-exploit-perl.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0888.md b/2024/CVE-2024-0888.md new file mode 100644 index 0000000000..a59517bd9f --- /dev/null +++ b/2024/CVE-2024-0888.md @@ -0,0 +1,17 @@ +### [CVE-2024-0888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0888) +![](https://img.shields.io/static/v1?label=Product&message=BORGChat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0%20Build%20438%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-404%20Denial%20of%20Service&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252039. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-0889.md b/2024/CVE-2024-0889.md index e8db9e877b..67889e1b30 100644 --- a/2024/CVE-2024-0889.md +++ b/2024/CVE-2024-0889.md @@ -13,5 +13,5 @@ A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as p - https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-0901.md b/2024/CVE-2024-0901.md index 7c14527e47..9e93decc93 100644 --- a/2024/CVE-2024-0901.md +++ b/2024/CVE-2024-0901.md @@ -14,7 +14,9 @@ No PoCs from references. #### Github - https://github.com/byan-2/wolfssl +- https://github.com/byan682/wolfssl - https://github.com/lego-pirates/wolfssl +- https://github.com/qursa-uc3m/wolfssl-liboqs - https://github.com/wolfSSL/Arduino-wolfSSL - https://github.com/wolfSSL/wolfssl diff --git a/2024/CVE-2024-0920.md b/2024/CVE-2024-0920.md index 47bad446a0..a4bc819445 100644 --- a/2024/CVE-2024-0920.md +++ b/2024/CVE-2024-0920.md @@ -13,5 +13,6 @@ A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared a No PoCs from references. #### Github +- https://github.com/attilaszia/linux-iot-cves - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0932.md b/2024/CVE-2024-0932.md index e95027aeae..4104a9f416 100644 --- a/2024/CVE-2024-0932.md +++ b/2024/CVE-2024-0932.md @@ -13,5 +13,6 @@ A vulnerability, which was classified as critical, has been found in Tenda AC10U - https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md #### Github +- https://github.com/attilaszia/linux-iot-cves - https://github.com/yaoyue123/iot diff --git a/2024/CVE-2024-0936.md b/2024/CVE-2024-0936.md index d6210960f3..eb80987db0 100644 --- a/2024/CVE-2024-0936.md +++ b/2024/CVE-2024-0936.md @@ -14,5 +14,6 @@ A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI - https://github.com/bayuncao/vul-cve-5/blob/main/poc.py #### Github +- https://github.com/TrustAI-laboratory/TrustAI-laboratory - https://github.com/bayuncao/bayuncao diff --git a/2024/CVE-2024-0937.md b/2024/CVE-2024-0937.md index 9512d3c3d2..1921610634 100644 --- a/2024/CVE-2024-0937.md +++ b/2024/CVE-2024-0937.md @@ -14,5 +14,6 @@ A vulnerability, which was classified as critical, has been found in van_der_Sch - https://vuldb.com/?id.252182 #### Github +- https://github.com/TrustAI-laboratory/TrustAI-laboratory - https://github.com/bayuncao/bayuncao diff --git a/2024/CVE-2024-0970.md b/2024/CVE-2024-0970.md new file mode 100644 index 0000000000..e186a2338f --- /dev/null +++ b/2024/CVE-2024-0970.md @@ -0,0 +1,17 @@ +### [CVE-2024-0970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0970) +![](https://img.shields.io/static/v1?label=Product&message=User%20Activity%20Tracking%20and%20Log&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-290%20Authentication%20Bypass%20by%20Spoofing&color=brighgreen) + +### Description + +This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7df6877c-6640-41be-aacb-20c7da61e4db/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0985.md b/2024/CVE-2024-0985.md index f308693d1c..57f5d45b23 100644 --- a/2024/CVE-2024-0985.md +++ b/2024/CVE-2024-0985.md @@ -14,5 +14,7 @@ Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allo #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/lekctut/sdb-hw-13-01 - https://github.com/marklogic/marklogic-kubernetes +- https://github.com/pedr0alencar/vlab-metasploitable2 diff --git a/2024/CVE-2024-10004.md b/2024/CVE-2024-10004.md new file mode 100644 index 0000000000..8c0d19370c --- /dev/null +++ b/2024/CVE-2024-10004.md @@ -0,0 +1,17 @@ +### [CVE-2024-10004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10004) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20131.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Opening%20external%20link%20to%20HTTP%20website%20could%20show%20an%20HTTPS%20padlock%20icon%20incorrectly&color=brighgreen) + +### Description + +Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1904885 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10009.md b/2024/CVE-2024-10009.md new file mode 100644 index 0000000000..1d17acdd05 --- /dev/null +++ b/2024/CVE-2024-10009.md @@ -0,0 +1,17 @@ +### [CVE-2024-10009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10009) +![](https://img.shields.io/static/v1?label=Product&message=Melapress%20File%20Monitor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c2b1f9f4-d5f3-4975-afd1-50eaf193e2ab/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1001.md b/2024/CVE-2024-1001.md index 958d16b75d..a2468e680b 100644 --- a/2024/CVE-2024-1001.md +++ b/2024/CVE-2024-1001.md @@ -13,5 +13,5 @@ A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u. - https://vuldb.com/?id.252270 #### Github -No PoCs found on GitHub currently. +- https://github.com/chriszubiaga/cvedetails-scraper diff --git a/2024/CVE-2024-10010.md b/2024/CVE-2024-10010.md new file mode 100644 index 0000000000..5fa65403a9 --- /dev/null +++ b/2024/CVE-2024-10010.md @@ -0,0 +1,17 @@ +### [CVE-2024-10010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10010) +![](https://img.shields.io/static/v1?label=Product&message=LearnPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.2.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8a258d33-a354-4cbb-bfcb-31b7f1b1a036/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10019.md b/2024/CVE-2024-10019.md new file mode 100644 index 0000000000..de2b46f675 --- /dev/null +++ b/2024/CVE-2024-10019.md @@ -0,0 +1,17 @@ +### [CVE-2024-10019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10019) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%20Relative%20Path%20Traversal&color=brighgreen) + +### Description + +A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the `app_name` parameter, enabling an attacker to upload a malicious `server.py` file and execute arbitrary code by exploiting the path traversal vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CyberSecAI/cwe_agent_assign_reports_2025 + diff --git a/2024/CVE-2024-1002.md b/2024/CVE-2024-1002.md new file mode 100644 index 0000000000..9c2f8df971 --- /dev/null +++ b/2024/CVE-2024-1002.md @@ -0,0 +1,18 @@ +### [CVE-2024-1002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1002) +![](https://img.shields.io/static/v1?label=Product&message=N200RE&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6139_B20201216%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ohpapy/Android-CVE +- https://github.com/chriszubiaga/cvedetails-scraper + diff --git a/2024/CVE-2024-10021.md b/2024/CVE-2024-10021.md new file mode 100644 index 0000000000..482e4b85e3 --- /dev/null +++ b/2024/CVE-2024-10021.md @@ -0,0 +1,17 @@ +### [CVE-2024-10021](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10021) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/439f2af836c2c7d6075ba9de2e1169da + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10022.md b/2024/CVE-2024-10022.md new file mode 100644 index 0000000000..c9c66d2daf --- /dev/null +++ b/2024/CVE-2024-10022.md @@ -0,0 +1,17 @@ +### [CVE-2024-10022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10022) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/2bd0a94e480906a60ce83b8a4ec26957 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10023.md b/2024/CVE-2024-10023.md new file mode 100644 index 0000000000..6e8b447d93 --- /dev/null +++ b/2024/CVE-2024-10023.md @@ -0,0 +1,17 @@ +### [CVE-2024-10023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10023) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/01a35a20a4e20e937d384b677c000921 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10024.md b/2024/CVE-2024-10024.md new file mode 100644 index 0000000000..b20d0673c7 --- /dev/null +++ b/2024/CVE-2024-10024.md @@ -0,0 +1,17 @@ +### [CVE-2024-10024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10024) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/b0083f7f12dee245c2fbe7102e31d9a4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10025.md b/2024/CVE-2024-10025.md new file mode 100644 index 0000000000..9eac00587c --- /dev/null +++ b/2024/CVE-2024-10025.md @@ -0,0 +1,19 @@ +### [CVE-2024-10025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10025) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20CLV6xx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20Lector6xx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20RFx6xx&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20all%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen) + +### Description + +A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10027.md b/2024/CVE-2024-10027.md new file mode 100644 index 0000000000..35df2f2cbf --- /dev/null +++ b/2024/CVE-2024-10027.md @@ -0,0 +1,17 @@ +### [CVE-2024-10027](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10027) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Booking%20Calendar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2010.6.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a94c7b64-720a-47f1-a74a-691c3a9ed3a1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10041.md b/2024/CVE-2024-10041.md new file mode 100644 index 0000000000..ac2fab91b6 --- /dev/null +++ b/2024/CVE-2024-10041.md @@ -0,0 +1,23 @@ +### [CVE-2024-10041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10041) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.4%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insecure%20Storage%20of%20Sensitive%20Information&color=brighgreen) + +### Description + +A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Dariani223/DevOpsFinal +- https://github.com/Myash-New/05-virt-04-docker-in-practice +- https://github.com/Telooss/TP-WIK-DPS-TP02 +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-10054.md b/2024/CVE-2024-10054.md new file mode 100644 index 0000000000..d99909d3e4 --- /dev/null +++ b/2024/CVE-2024-10054.md @@ -0,0 +1,17 @@ +### [CVE-2024-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10054) +![](https://img.shields.io/static/v1?label=Product&message=Happyforms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.26.2%3C%201.26.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5a9fd64b-3207-4acb-92ff-1cca08c41ac9/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10073.md b/2024/CVE-2024-10073.md new file mode 100644 index 0000000000..11f69c0e43 --- /dev/null +++ b/2024/CVE-2024-10073.md @@ -0,0 +1,17 @@ +### [CVE-2024-10073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10073) +![](https://img.shields.io/static/v1?label=Product&message=flair&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10076.md b/2024/CVE-2024-10076.md new file mode 100644 index 0000000000..5ced0438dc --- /dev/null +++ b/2024/CVE-2024-10076.md @@ -0,0 +1,19 @@ +### [CVE-2024-10076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10076) +![](https://img.shields.io/static/v1?label=Product&message=Jetpack%20Boost&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Jetpack&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2013.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.4.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10087.md b/2024/CVE-2024-10087.md new file mode 100644 index 0000000000..0ea6c208f1 --- /dev/null +++ b/2024/CVE-2024-10087.md @@ -0,0 +1,17 @@ +### [CVE-2024-10087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10087) +![](https://img.shields.io/static/v1?label=Product&message=iKSORIS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2079.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context multiple times. This vulnerability has been patched in version 79.0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-10088.md b/2024/CVE-2024-10088.md new file mode 100644 index 0000000000..d83cbedd7d --- /dev/null +++ b/2024/CVE-2024-10088.md @@ -0,0 +1,17 @@ +### [CVE-2024-10088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10088) +![](https://img.shields.io/static/v1?label=Product&message=iKSORIS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2079.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-10089.md b/2024/CVE-2024-10089.md new file mode 100644 index 0000000000..84b7a572af --- /dev/null +++ b/2024/CVE-2024-10089.md @@ -0,0 +1,17 @@ +### [CVE-2024-10089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10089) +![](https://img.shields.io/static/v1?label=Product&message=iKSORIS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2079.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-10090.md b/2024/CVE-2024-10090.md new file mode 100644 index 0000000000..9893498adf --- /dev/null +++ b/2024/CVE-2024-10090.md @@ -0,0 +1,17 @@ +### [CVE-2024-10090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10090) +![](https://img.shields.io/static/v1?label=Product&message=iKSORIS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2079.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-10095.md b/2024/CVE-2024-10095.md new file mode 100644 index 0000000000..87856e4c1c --- /dev/null +++ b/2024/CVE-2024-10095.md @@ -0,0 +1,17 @@ +### [CVE-2024-10095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10095) +![](https://img.shields.io/static/v1?label=Product&message=Telerik%20UI%20for%20WPF&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.4.1213%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mehranrmn/Hack.NET + diff --git a/2024/CVE-2024-10098.md b/2024/CVE-2024-10098.md new file mode 100644 index 0000000000..8b0c19b64d --- /dev/null +++ b/2024/CVE-2024-10098.md @@ -0,0 +1,17 @@ +### [CVE-2024-10098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10098) +![](https://img.shields.io/static/v1?label=Product&message=ApplyOnline&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The ApplyOnline WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain + +### POC + +#### Reference +- https://wpscan.com/vulnerability/242dac1f-9a1f-4fde-b8c7-374bd451071d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10102.md b/2024/CVE-2024-10102.md new file mode 100644 index 0000000000..f7fe08e7d6 --- /dev/null +++ b/2024/CVE-2024-10102.md @@ -0,0 +1,17 @@ +### [CVE-2024-10102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10102) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%2C%20Images%2C%20Slider%20in%20Rbs%20Image%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10103.md b/2024/CVE-2024-10103.md new file mode 100644 index 0000000000..e8dc741235 --- /dev/null +++ b/2024/CVE-2024-10103.md @@ -0,0 +1,17 @@ +### [CVE-2024-10103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10103) +![](https://img.shields.io/static/v1?label=Product&message=MailPoet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor + +### POC + +#### Reference +- https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10104.md b/2024/CVE-2024-10104.md new file mode 100644 index 0000000000..89b1d1ab14 --- /dev/null +++ b/2024/CVE-2024-10104.md @@ -0,0 +1,17 @@ +### [CVE-2024-10104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10104) +![](https://img.shields.io/static/v1?label=Product&message=Jobs%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f0a9c8ae-f2cf-4322-8216-4778b0e37a48/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10105.md b/2024/CVE-2024-10105.md new file mode 100644 index 0000000000..f10bb0bf31 --- /dev/null +++ b/2024/CVE-2024-10105.md @@ -0,0 +1,17 @@ +### [CVE-2024-10105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10105) +![](https://img.shields.io/static/v1?label=Product&message=Job%20Postings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4477db12-26e9-4c6d-8b71-f3f6a0d19813/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10107.md b/2024/CVE-2024-10107.md new file mode 100644 index 0000000000..248e95cfa0 --- /dev/null +++ b/2024/CVE-2024-10107.md @@ -0,0 +1,17 @@ +### [CVE-2024-10107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10107) +![](https://img.shields.io/static/v1?label=Product&message=Giveaways%20and%20Contests%20by%20RafflePress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.12.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Giveaways and Contests by RafflePress WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10123.md b/2024/CVE-2024-10123.md new file mode 100644 index 0000000000..6b7f38c7c4 --- /dev/null +++ b/2024/CVE-2024-10123.md @@ -0,0 +1,18 @@ +### [CVE-2024-10123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10123) +![](https://img.shields.io/static/v1?label=Product&message=AC8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.03.34.06%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md + +#### Github +- https://github.com/IoTBec/Reports +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-10124.md b/2024/CVE-2024-10124.md new file mode 100644 index 0000000000..076840514d --- /dev/null +++ b/2024/CVE-2024-10124.md @@ -0,0 +1,19 @@ +### [CVE-2024-10124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10124) +![](https://img.shields.io/static/v1?label=Product&message=Vayu%20Blocks%20%E2%80%93%20Gutenberg%20Blocks%20for%20WordPress%20%26%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Research-WordPress-CVE +- https://github.com/Nxploited/CVE-2024-10124-Poc +- https://github.com/RandomRobbieBF/CVE-2024-10124 + diff --git a/2024/CVE-2024-10130.md b/2024/CVE-2024-10130.md new file mode 100644 index 0000000000..63f5a8ff1f --- /dev/null +++ b/2024/CVE-2024-10130.md @@ -0,0 +1,17 @@ +### [CVE-2024-10130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10130) +![](https://img.shields.io/static/v1?label=Product&message=AC8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.03.34.06%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/FUN_004a8838.md + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-10136.md b/2024/CVE-2024-10136.md new file mode 100644 index 0000000000..af6faa3d5e --- /dev/null +++ b/2024/CVE-2024-10136.md @@ -0,0 +1,17 @@ +### [CVE-2024-10136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10136) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/f6411aecc606b015a37382b2be828831 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10137.md b/2024/CVE-2024-10137.md new file mode 100644 index 0000000000..a1a07226b8 --- /dev/null +++ b/2024/CVE-2024-10137.md @@ -0,0 +1,17 @@ +### [CVE-2024-10137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10137) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/edd15afd508c51c95e5ce29544165320 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10138.md b/2024/CVE-2024-10138.md new file mode 100644 index 0000000000..ae2e1e80e3 --- /dev/null +++ b/2024/CVE-2024-10138.md @@ -0,0 +1,17 @@ +### [CVE-2024-10138](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10138) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/26694ace59cbc1e1f8366bef96953569 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10139.md b/2024/CVE-2024-10139.md new file mode 100644 index 0000000000..8b9294e84a --- /dev/null +++ b/2024/CVE-2024-10139.md @@ -0,0 +1,17 @@ +### [CVE-2024-10139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10139) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10140.md b/2024/CVE-2024-10140.md new file mode 100644 index 0000000000..1478f987c2 --- /dev/null +++ b/2024/CVE-2024-10140.md @@ -0,0 +1,17 @@ +### [CVE-2024-10140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10140) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/b03bc3a330374a0581e51891d6105ed2 + +#### Github +- https://github.com/holypryx/CVE-2024-10140 + diff --git a/2024/CVE-2024-10141.md b/2024/CVE-2024-10141.md new file mode 100644 index 0000000000..33502ff87f --- /dev/null +++ b/2024/CVE-2024-10141.md @@ -0,0 +1,18 @@ +### [CVE-2024-10141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10141) +![](https://img.shields.io/static/v1?label=Product&message=COCO%20Annotator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.11.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Predictable%20from%20Observable%20State&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/jsbroks/coco-annotator/issues/626 +- https://github.com/jsbroks/coco-annotator/issues/626#issue-2582440109 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10143.md b/2024/CVE-2024-10143.md new file mode 100644 index 0000000000..e1f01a2d0a --- /dev/null +++ b/2024/CVE-2024-10143.md @@ -0,0 +1,17 @@ +### [CVE-2024-10143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10143) +![](https://img.shields.io/static/v1?label=Product&message=MB%20Custom%20Post%20Types%20%26%20Custom%20Taxonomies&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b5fd7a3e-33e4-4c73-a581-881f063855b0/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10144.md b/2024/CVE-2024-10144.md new file mode 100644 index 0000000000..5186836326 --- /dev/null +++ b/2024/CVE-2024-10144.md @@ -0,0 +1,17 @@ +### [CVE-2024-10144](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10144) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%2C%20Images%2C%20Slider%20in%20Rbs%20Image%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10145.md b/2024/CVE-2024-10145.md new file mode 100644 index 0000000000..1738e43056 --- /dev/null +++ b/2024/CVE-2024-10145.md @@ -0,0 +1,17 @@ +### [CVE-2024-10145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10145) +![](https://img.shields.io/static/v1?label=Product&message=Hubbub%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.34.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b9e2381b-3ea0-48fa-bd9c-4181ddf36389/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10146.md b/2024/CVE-2024-10146.md new file mode 100644 index 0000000000..c9a1155620 --- /dev/null +++ b/2024/CVE-2024-10146.md @@ -0,0 +1,17 @@ +### [CVE-2024-10146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10146) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20File%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.1.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9ee74a0f-83ff-4c15-a114-f8f6baab8bf5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10149.md b/2024/CVE-2024-10149.md new file mode 100644 index 0000000000..be742141c6 --- /dev/null +++ b/2024/CVE-2024-10149.md @@ -0,0 +1,17 @@ +### [CVE-2024-10149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10149) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Slider%20Feed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1619dc4b-4e5e-4b82-820b-3c4e732db3ad/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10151.md b/2024/CVE-2024-10151.md new file mode 100644 index 0000000000..fc923c2bf4 --- /dev/null +++ b/2024/CVE-2024-10151.md @@ -0,0 +1,17 @@ +### [CVE-2024-10151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10151) +![](https://img.shields.io/static/v1?label=Product&message=Auto%20iFrame&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/487facf7-8880-48b3-b1b2-0d09823d3c46/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10152.md b/2024/CVE-2024-10152.md new file mode 100644 index 0000000000..b0ddce468a --- /dev/null +++ b/2024/CVE-2024-10152.md @@ -0,0 +1,17 @@ +### [CVE-2024-10152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10152) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Certain%20Time%20to%20Show%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1016.md b/2024/CVE-2024-1016.md index c1aaf63ba9..a857fc538e 100644 --- a/2024/CVE-2024-1016.md +++ b/2024/CVE-2024-1016.md @@ -13,5 +13,5 @@ A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared - https://packetstormsecurity.com/files/176675/Solar-FTP-Server-2.1.2-Denial-Of-Service.html #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-10165.md b/2024/CVE-2024-10165.md new file mode 100644 index 0000000000..59132e71ce --- /dev/null +++ b/2024/CVE-2024-10165.md @@ -0,0 +1,17 @@ +### [CVE-2024-10165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10165) +![](https://img.shields.io/static/v1?label=Product&message=Sales%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/14 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10166.md b/2024/CVE-2024-10166.md new file mode 100644 index 0000000000..02ede2bec1 --- /dev/null +++ b/2024/CVE-2024-10166.md @@ -0,0 +1,17 @@ +### [CVE-2024-10166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10166) +![](https://img.shields.io/static/v1?label=Product&message=Sales%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/15 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10167.md b/2024/CVE-2024-10167.md new file mode 100644 index 0000000000..15c05da082 --- /dev/null +++ b/2024/CVE-2024-10167.md @@ -0,0 +1,17 @@ +### [CVE-2024-10167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10167) +![](https://img.shields.io/static/v1?label=Product&message=Sales%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/16 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10169.md b/2024/CVE-2024-10169.md new file mode 100644 index 0000000000..ae3538e898 --- /dev/null +++ b/2024/CVE-2024-10169.md @@ -0,0 +1,17 @@ +### [CVE-2024-10169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10169) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/RainFo666/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1017.md b/2024/CVE-2024-1017.md index 45ea0612fb..ea127426c1 100644 --- a/2024/CVE-2024-1017.md +++ b/2024/CVE-2024-1017.md @@ -14,5 +14,5 @@ A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as probl - https://www.youtube.com/watch?v=wwHuXfYS8yQ #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-10171.md b/2024/CVE-2024-10171.md new file mode 100644 index 0000000000..51bfe0f4c2 --- /dev/null +++ b/2024/CVE-2024-10171.md @@ -0,0 +1,17 @@ +### [CVE-2024-10171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10171) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/cdl00/cve/blob/main/sql8-message-book.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10173.md b/2024/CVE-2024-10173.md new file mode 100644 index 0000000000..9280f60cad --- /dev/null +++ b/2024/CVE-2024-10173.md @@ -0,0 +1,18 @@ +### [CVE-2024-10173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10173) +![](https://img.shields.io/static/v1?label=Product&message=DDMQ&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authentication&color=brighgreen) + +### Description + +A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/didi/DDMQ/issues/37 +- https://github.com/didi/DDMQ/issues/37#issue-2577905007 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10196.md b/2024/CVE-2024-10196.md new file mode 100644 index 0000000000..73f6496e5f --- /dev/null +++ b/2024/CVE-2024-10196.md @@ -0,0 +1,17 @@ +### [CVE-2024-10196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10196) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/be616d2853a9f1820d8558fc00e97e24 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10197.md b/2024/CVE-2024-10197.md new file mode 100644 index 0000000000..bd080e2d9a --- /dev/null +++ b/2024/CVE-2024-10197.md @@ -0,0 +1,17 @@ +### [CVE-2024-10197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10197) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. + +### POC + +#### Reference +- https://gist.github.com/higordiego/bc051be4a8c6b6641578cad533742aab + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10198.md b/2024/CVE-2024-10198.md new file mode 100644 index 0000000000..6ded03be9e --- /dev/null +++ b/2024/CVE-2024-10198.md @@ -0,0 +1,17 @@ +### [CVE-2024-10198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10198) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well. + +### POC + +#### Reference +- https://gist.github.com/higordiego/93343006341d3799de0cb8912cc328ec + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10199.md b/2024/CVE-2024-10199.md new file mode 100644 index 0000000000..7e483a4eee --- /dev/null +++ b/2024/CVE-2024-10199.md @@ -0,0 +1,17 @@ +### [CVE-2024-10199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10199) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. + +### POC + +#### Reference +- https://gist.github.com/higordiego/0dae6dd4a36acd12bcc408caf1c787d9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10220.md b/2024/CVE-2024-10220.md new file mode 100644 index 0000000000..305c110689 --- /dev/null +++ b/2024/CVE-2024-10220.md @@ -0,0 +1,25 @@ +### [CVE-2024-10220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10220) +![](https://img.shields.io/static/v1?label=Product&message=kubelet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/XiaomingX/cve-2024-10220-githooks +- https://github.com/XiaomingX/weekly +- https://github.com/any2sec/cve-2024-10220 +- https://github.com/candranapits/poc-CVE-2024-10220 +- https://github.com/filipzag/CVE-2024-10220 +- https://github.com/mochizuki875/CVE-2024-10220-githooks +- https://github.com/mrk336/CVE-2024-10220-Kubernetes-gitRepo-Volume-Vulnerability +- https://github.com/orgC/CVE-2024-10220-demo +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-10224.md b/2024/CVE-2024-10224.md new file mode 100644 index 0000000000..50a630a927 --- /dev/null +++ b/2024/CVE-2024-10224.md @@ -0,0 +1,17 @@ +### [CVE-2024-10224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10224) +![](https://img.shields.io/static/v1?label=Product&message=Module%3A%3AScanDeps&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.38%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pawan-shivarkar/List-of-CVE-s- + diff --git a/2024/CVE-2024-10229.md b/2024/CVE-2024-10229.md new file mode 100644 index 0000000000..0405fa42b5 --- /dev/null +++ b/2024/CVE-2024-10229.md @@ -0,0 +1,17 @@ +### [CVE-2024-10229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10229) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=130.0.6723.69%3C%20130.0.6723.69%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inappropriate%20implementation&color=brighgreen) + +### Description + +Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/371011220 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1023.md b/2024/CVE-2024-1023.md index 7a667de895..74bea2a045 100644 --- a/2024/CVE-2024-1023.md +++ b/2024/CVE-2024-1023.md @@ -6,25 +6,25 @@ ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Runtimes&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=RHINT%20Service%20Registry%202.5.11%20GA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20AMQ%20Broker%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20AMQ%20Streams%202.7.0&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20A-MQ%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.4.1%20for%20Spring%20Boot&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot%203&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.11.Final&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Release%20of%20Memory%20after%20Effective%20Lifetime&color=brighgreen) ### Description diff --git a/2024/CVE-2024-10230.md b/2024/CVE-2024-10230.md new file mode 100644 index 0000000000..e6fd78f989 --- /dev/null +++ b/2024/CVE-2024-10230.md @@ -0,0 +1,17 @@ +### [CVE-2024-10230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10230) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=130.0.6723.69%3C%20130.0.6723.69%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/371565065 + +#### Github +- https://github.com/leesh3288/leesh3288 + diff --git a/2024/CVE-2024-10231.md b/2024/CVE-2024-10231.md new file mode 100644 index 0000000000..04495e0dfb --- /dev/null +++ b/2024/CVE-2024-10231.md @@ -0,0 +1,17 @@ +### [CVE-2024-10231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10231) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=130.0.6723.69%3C%20130.0.6723.69%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/372269618 + +#### Github +- https://github.com/leesh3288/leesh3288 + diff --git a/2024/CVE-2024-10245.md b/2024/CVE-2024-10245.md new file mode 100644 index 0000000000..daa8d1fa8d --- /dev/null +++ b/2024/CVE-2024-10245.md @@ -0,0 +1,17 @@ +### [CVE-2024-10245](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10245) +![](https://img.shields.io/static/v1?label=Product&message=Relais%202FA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-10245 + diff --git a/2024/CVE-2024-10247.md b/2024/CVE-2024-10247.md new file mode 100644 index 0000000000..4f18d94eca --- /dev/null +++ b/2024/CVE-2024-10247.md @@ -0,0 +1,17 @@ +### [CVE-2024-10247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10247) +![](https://img.shields.io/static/v1?label=Product&message=Video%20Gallery%20%E2%80%93%20YouTube%20Gallery%20and%20Vimeo%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/capture0x/My-CVE + diff --git a/2024/CVE-2024-10252.md b/2024/CVE-2024-10252.md new file mode 100644 index 0000000000..7dba343345 --- /dev/null +++ b/2024/CVE-2024-10252.md @@ -0,0 +1,17 @@ +### [CVE-2024-10252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10252) +![](https://img.shields.io/static/v1?label=Product&message=langgenius%2Fdify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.2.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code&color=brighgreen) + +### Description + +A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of the entire sandbox service and causing irreversible damage. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ox01024/ox01024 + diff --git a/2024/CVE-2024-10280.md b/2024/CVE-2024-10280.md new file mode 100644 index 0000000000..ef0e1d4e65 --- /dev/null +++ b/2024/CVE-2024-10280.md @@ -0,0 +1,26 @@ +### [CVE-2024-10280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10280) +![](https://img.shields.io/static/v1?label=Product&message=AC10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC10U&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC1206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC15&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC18&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC500&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AC9&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241022%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-10309.md b/2024/CVE-2024-10309.md new file mode 100644 index 0000000000..7274ade2fe --- /dev/null +++ b/2024/CVE-2024-10309.md @@ -0,0 +1,17 @@ +### [CVE-2024-10309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10309) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Code%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10314.md b/2024/CVE-2024-10314.md new file mode 100644 index 0000000000..a56b7206be --- /dev/null +++ b/2024/CVE-2024-10314.md @@ -0,0 +1,17 @@ +### [CVE-2024-10314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10314) +![](https://img.shields.io/static/v1?label=Product&message=Helix%20Core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%202024.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SZNFYA4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10315.md b/2024/CVE-2024-10315.md new file mode 100644 index 0000000000..7ad6465caf --- /dev/null +++ b/2024/CVE-2024-10315.md @@ -0,0 +1,17 @@ +### [CVE-2024-10315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10315) +![](https://img.shields.io/static/v1?label=Product&message=Gliffy%20Online&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%204.14.0-6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-942&color=brighgreen) + +### Description + +In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SZVJYA4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10327.md b/2024/CVE-2024-10327.md new file mode 100644 index 0000000000..373232a3b3 --- /dev/null +++ b/2024/CVE-2024-10327.md @@ -0,0 +1,17 @@ +### [CVE-2024-10327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10327) +![](https://img.shields.io/static/v1?label=Product&message=Okta%20Verify%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.25.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. The ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: * When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; * When a user is presented with a notification on the home screen and drags the notification down and selects their reply; * When an Apple Watch is used to reply directly to a notification. A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine. + +### POC + +#### Reference +- https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10344.md b/2024/CVE-2024-10344.md new file mode 100644 index 0000000000..2208979ef4 --- /dev/null +++ b/2024/CVE-2024-10344.md @@ -0,0 +1,17 @@ +### [CVE-2024-10344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10344) +![](https://img.shields.io/static/v1?label=Product&message=Helix%20Core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%202024.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SZOrYAO + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10345.md b/2024/CVE-2024-10345.md new file mode 100644 index 0000000000..28ce6f6967 --- /dev/null +++ b/2024/CVE-2024-10345.md @@ -0,0 +1,17 @@ +### [CVE-2024-10345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10345) +![](https://img.shields.io/static/v1?label=Product&message=Helix%20Core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%202024.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SZQTYA4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10348.md b/2024/CVE-2024-10348.md new file mode 100644 index 0000000000..b1959373d1 --- /dev/null +++ b/2024/CVE-2024-10348.md @@ -0,0 +1,17 @@ +### [CVE-2024-10348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10348) +![](https://img.shields.io/static/v1?label=Product&message=Best%20House%20Rental%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well. + +### POC + +#### Reference +- https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rental-management-system.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10349.md b/2024/CVE-2024-10349.md new file mode 100644 index 0000000000..8a3cc66d16 --- /dev/null +++ b/2024/CVE-2024-10349.md @@ -0,0 +1,17 @@ +### [CVE-2024-10349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10349) +![](https://img.shields.io/static/v1?label=Product&message=Best%20House%20Rental%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/house-rentalmanagement-system1.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10350.md b/2024/CVE-2024-10350.md new file mode 100644 index 0000000000..588307ee28 --- /dev/null +++ b/2024/CVE-2024-10350.md @@ -0,0 +1,17 @@ +### [CVE-2024-10350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10350) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/RTio7/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10354.md b/2024/CVE-2024-10354.md new file mode 100644 index 0000000000..314f1d89bd --- /dev/null +++ b/2024/CVE-2024-10354.md @@ -0,0 +1,17 @@ +### [CVE-2024-10354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10354) +![](https://img.shields.io/static/v1?label=Product&message=Petrol%20Pump%20Management%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/K1nakoo/CVE-2024-10354 + diff --git a/2024/CVE-2024-10355.md b/2024/CVE-2024-10355.md new file mode 100644 index 0000000000..2fa4fad431 --- /dev/null +++ b/2024/CVE-2024-10355.md @@ -0,0 +1,17 @@ +### [CVE-2024-10355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10355) +![](https://img.shields.io/static/v1?label=Product&message=Petrol%20Pump%20Management%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/K1nakoo/CVE-2024-10355 + diff --git a/2024/CVE-2024-10362.md b/2024/CVE-2024-10362.md new file mode 100644 index 0000000000..d5a8561b91 --- /dev/null +++ b/2024/CVE-2024-10362.md @@ -0,0 +1,17 @@ +### [CVE-2024-10362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10362) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Media%20Share%20Buttons%20%26%20Social%20Sharing%20Icons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/701f653b-a0c3-49b4-972e-f26c3633ad92/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10368.md b/2024/CVE-2024-10368.md new file mode 100644 index 0000000000..3a38b6c6c0 --- /dev/null +++ b/2024/CVE-2024-10368.md @@ -0,0 +1,17 @@ +### [CVE-2024-10368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10368) +![](https://img.shields.io/static/v1?label=Product&message=Sales%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Sales Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /addstock.php. The manipulation of the argument prodtype leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/17 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10369.md b/2024/CVE-2024-10369.md new file mode 100644 index 0000000000..e452daaee4 --- /dev/null +++ b/2024/CVE-2024-10369.md @@ -0,0 +1,17 @@ +### [CVE-2024-10369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10369) +![](https://img.shields.io/static/v1?label=Product&message=Sales%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/18 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10370.md b/2024/CVE-2024-10370.md new file mode 100644 index 0000000000..0e409eb983 --- /dev/null +++ b/2024/CVE-2024-10370.md @@ -0,0 +1,17 @@ +### [CVE-2024-10370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10370) +![](https://img.shields.io/static/v1?label=Product&message=Sales%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcustind.php. The manipulation of the argument refno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/19 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10372.md b/2024/CVE-2024-10372.md new file mode 100644 index 0000000000..d8b124d369 --- /dev/null +++ b/2024/CVE-2024-10372.md @@ -0,0 +1,17 @@ +### [CVE-2024-10372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10372) +![](https://img.shields.io/static/v1?label=Product&message=buzz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insecure%20Temporary%20File&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Startr4ck/CVE_lists + diff --git a/2024/CVE-2024-10395.md b/2024/CVE-2024-10395.md new file mode 100644 index 0000000000..c3d738309c --- /dev/null +++ b/2024/CVE-2024-10395.md @@ -0,0 +1,17 @@ +### [CVE-2024-10395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10395) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20Under-read&color=brighgreen) + +### Description + +No proper validation of the length of user input in http_server_get_content_type_from_extension. + +### POC + +#### Reference +- https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hfww-j92m-x8fv + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10400.md b/2024/CVE-2024-10400.md new file mode 100644 index 0000000000..dbb4e26c67 --- /dev/null +++ b/2024/CVE-2024-10400.md @@ -0,0 +1,27 @@ +### [CVE-2024-10400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10400) +![](https://img.shields.io/static/v1?label=Product&message=Tutor%20LMS%20%E2%80%93%20eLearning%20and%20online%20course%20solution&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.7.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/k0ns0l/CVE-2024-10400 +- https://github.com/l0928h/kate +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability + diff --git a/2024/CVE-2024-10408.md b/2024/CVE-2024-10408.md new file mode 100644 index 0000000000..4c72dd93cd --- /dev/null +++ b/2024/CVE-2024-10408.md @@ -0,0 +1,17 @@ +### [CVE-2024-10408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10408) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10409.md b/2024/CVE-2024-10409.md new file mode 100644 index 0000000000..f263fb1e9a --- /dev/null +++ b/2024/CVE-2024-10409.md @@ -0,0 +1,17 @@ +### [CVE-2024-10409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10409) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10410.md b/2024/CVE-2024-10410.md new file mode 100644 index 0000000000..fa89dc6c78 --- /dev/null +++ b/2024/CVE-2024-10410.md @@ -0,0 +1,17 @@ +### [CVE-2024-10410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10410) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Hotel%20Reservation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/K1nakoo/CVE-2024-10410 + diff --git a/2024/CVE-2024-10415.md b/2024/CVE-2024-10415.md new file mode 100644 index 0000000000..2fe7c2b60a --- /dev/null +++ b/2024/CVE-2024-10415.md @@ -0,0 +1,17 @@ +### [CVE-2024-10415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10415) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/2aba05ef2277d85ea4148dc42189eae0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10416.md b/2024/CVE-2024-10416.md new file mode 100644 index 0000000000..7ef2b889b8 --- /dev/null +++ b/2024/CVE-2024-10416.md @@ -0,0 +1,17 @@ +### [CVE-2024-10416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10416) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/18cf04067697c8ceb2cba68980139dcc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10417.md b/2024/CVE-2024-10417.md new file mode 100644 index 0000000000..38a25e6a84 --- /dev/null +++ b/2024/CVE-2024-10417.md @@ -0,0 +1,17 @@ +### [CVE-2024-10417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10417) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/bf0cf963ec56cfe0dcaba2956352bafd + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10418.md b/2024/CVE-2024-10418.md new file mode 100644 index 0000000000..2de1830266 --- /dev/null +++ b/2024/CVE-2024-10418.md @@ -0,0 +1,18 @@ +### [CVE-2024-10418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10418) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /file/infoAdd.php. The manipulation of the argument bg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11 +- https://vuldb.com/?submit.431782 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10419.md b/2024/CVE-2024-10419.md new file mode 100644 index 0000000000..1281a08ef6 --- /dev/null +++ b/2024/CVE-2024-10419.md @@ -0,0 +1,17 @@ +### [CVE-2024-10419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10419) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bloodrequest.php. The manipulation of the argument msg leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://gist.github.com/higordiego/62ad5208270c67834d02818d6ba44126 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10426.md b/2024/CVE-2024-10426.md new file mode 100644 index 0000000000..511c4a92e2 --- /dev/null +++ b/2024/CVE-2024-10426.md @@ -0,0 +1,17 @@ +### [CVE-2024-10426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10426) +![](https://img.shields.io/static/v1?label=Product&message=Pet%20Shop%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /animalsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "refno" to be affected. But further inspection indicates that the name of the affected parameter is "id". + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/21 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10427.md b/2024/CVE-2024-10427.md new file mode 100644 index 0000000000..97f2e51bf7 --- /dev/null +++ b/2024/CVE-2024-10427.md @@ -0,0 +1,17 @@ +### [CVE-2024-10427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10427) +![](https://img.shields.io/static/v1?label=Product&message=Pet%20Shop%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the argument t1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "refno" to be affected. But further inspection indicates that the name of the affected parameter is "t1". + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/22 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10430.md b/2024/CVE-2024-10430.md new file mode 100644 index 0000000000..40c2a46b85 --- /dev/null +++ b/2024/CVE-2024-10430.md @@ -0,0 +1,17 @@ +### [CVE-2024-10430](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10430) +![](https://img.shields.io/static/v1?label=Product&message=Pet%20Shop%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Codezips Pet Shop Management System 1.0. This issue affects some unknown processing of the file /animalsupdate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/23 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10431.md b/2024/CVE-2024-10431.md new file mode 100644 index 0000000000..1ecaa9b30a --- /dev/null +++ b/2024/CVE-2024-10431.md @@ -0,0 +1,17 @@ +### [CVE-2024-10431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10431) +![](https://img.shields.io/static/v1?label=Product&message=Pet%20Shop%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file /deletebird.php. The manipulation of the argument t1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/24 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10434.md b/2024/CVE-2024-10434.md new file mode 100644 index 0000000000..06757edb92 --- /dev/null +++ b/2024/CVE-2024-10434.md @@ -0,0 +1,17 @@ +### [CVE-2024-10434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10434) +![](https://img.shields.io/static/v1?label=Product&message=AC1206&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241027%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://vuldb.com/?id.281985 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10435.md b/2024/CVE-2024-10435.md new file mode 100644 index 0000000000..6d4841aa70 --- /dev/null +++ b/2024/CVE-2024-10435.md @@ -0,0 +1,17 @@ +### [CVE-2024-10435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10435) +![](https://img.shields.io/static/v1?label=Product&message=Super-Jacoco&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/didi/super-jacoco/issues/48 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10441.md b/2024/CVE-2024-10441.md new file mode 100644 index 0000000000..44e1a6138b --- /dev/null +++ b/2024/CVE-2024-10441.md @@ -0,0 +1,19 @@ +### [CVE-2024-10441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10441) +![](https://img.shields.io/static/v1?label=Product&message=BeeStation%20Manager%20(BSM)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DiskStation%20Manager%20(DSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hazzzein/CVE-2024-10441 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-10442.md b/2024/CVE-2024-10442.md new file mode 100644 index 0000000000..df83099208 --- /dev/null +++ b/2024/CVE-2024-10442.md @@ -0,0 +1,18 @@ +### [CVE-2024-10442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10442) +![](https://img.shields.io/static/v1?label=Product&message=Replication%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Unified%20Controller%20(DSMUC)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Off-by-one%20Error&color=brighgreen) + +### Description + +Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ret2/Pwn2Own-Ireland2024-DiskStation + diff --git a/2024/CVE-2024-10443.md b/2024/CVE-2024-10443.md new file mode 100644 index 0000000000..341559b6d9 --- /dev/null +++ b/2024/CVE-2024-10443.md @@ -0,0 +1,18 @@ +### [CVE-2024-10443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10443) +![](https://img.shields.io/static/v1?label=Product&message=BeePhotos&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Synology%20Photos&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gaetangr/synaudit + diff --git a/2024/CVE-2024-10448.md b/2024/CVE-2024-10448.md new file mode 100644 index 0000000000..7631cc9feb --- /dev/null +++ b/2024/CVE-2024-10448.md @@ -0,0 +1,18 @@ +### [CVE-2024-10448](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10448) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. + +### POC + +#### Reference +- https://github.com/bevennyamande/bloodbank_delete_csrf_attack + +#### Github +- https://github.com/bevennyamande/CVE-2024-10448 +- https://github.com/bevennyamande/bevennyamande.github.io + diff --git a/2024/CVE-2024-10449.md b/2024/CVE-2024-10449.md new file mode 100644 index 0000000000..a0ec6be829 --- /dev/null +++ b/2024/CVE-2024-10449.md @@ -0,0 +1,17 @@ +### [CVE-2024-10449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10449) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Appointment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/25 + +#### Github +- https://github.com/g-u-i-d/CVE-2024-10449-patch + diff --git a/2024/CVE-2024-10450.md b/2024/CVE-2024-10450.md new file mode 100644 index 0000000000..67ce6f1477 --- /dev/null +++ b/2024/CVE-2024-10450.md @@ -0,0 +1,17 @@ +### [CVE-2024-10450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10450) +![](https://img.shields.io/static/v1?label=Product&message=Kortex%20Lite%20Advocate%20Office%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /kortex_lite/control/edit_profile.php of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/Advocate-office-management-system.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10455.md b/2024/CVE-2024-10455.md new file mode 100644 index 0000000000..09a604dfc0 --- /dev/null +++ b/2024/CVE-2024-10455.md @@ -0,0 +1,17 @@ +### [CVE-2024-10455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10455) +![](https://img.shields.io/static/v1?label=Product&message=%C2%B5D3TN&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.14.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-617%3A%20Reachable%20Assertion&color=brighgreen) + +### Description + +Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/StephanHav/StephanHav + diff --git a/2024/CVE-2024-10460.md b/2024/CVE-2024-10460.md new file mode 100644 index 0000000000..eaba0ec3d4 --- /dev/null +++ b/2024/CVE-2024-10460.md @@ -0,0 +1,20 @@ +### [CVE-2024-10460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10460) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20132%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Confusing%20display%20of%20origin%20for%20external%20protocol%20handler%20prompt&color=brighgreen) + +### Description + +The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1912537 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10461.md b/2024/CVE-2024-10461.md new file mode 100644 index 0000000000..d25c719668 --- /dev/null +++ b/2024/CVE-2024-10461.md @@ -0,0 +1,20 @@ +### [CVE-2024-10461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10461) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20132%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=XSS%20due%20to%20Content-Disposition%20being%20ignored%20in%20multipart%2Fx-mixed-replace%20response&color=brighgreen) + +### Description + +In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1914521 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10462.md b/2024/CVE-2024-10462.md new file mode 100644 index 0000000000..54b1f2c918 --- /dev/null +++ b/2024/CVE-2024-10462.md @@ -0,0 +1,20 @@ +### [CVE-2024-10462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10462) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20132%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Origin%20of%20permission%20prompt%20could%20be%20spoofed%20by%20long%20URL&color=brighgreen) + +### Description + +Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1920423 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10470.md b/2024/CVE-2024-10470.md new file mode 100644 index 0000000000..6546d08758 --- /dev/null +++ b/2024/CVE-2024-10470.md @@ -0,0 +1,18 @@ +### [CVE-2024-10470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10470) +![](https://img.shields.io/static/v1?label=Product&message=WPLMS%20Learning%20Management%20System%20for%20WordPress%2C%20WordPress%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.962%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xshoriful/CVE-2024-10470 +- https://github.com/RandomRobbieBF/CVE-2024-10470 + diff --git a/2024/CVE-2024-10471.md b/2024/CVE-2024-10471.md new file mode 100644 index 0000000000..1781e4a31a --- /dev/null +++ b/2024/CVE-2024-10471.md @@ -0,0 +1,17 @@ +### [CVE-2024-10471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10471) +![](https://img.shields.io/static/v1?label=Product&message=Everest%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/85d590c9-c96d-40c9-aa59-48302ba3d63c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10472.md b/2024/CVE-2024-10472.md new file mode 100644 index 0000000000..cb7ac120df --- /dev/null +++ b/2024/CVE-2024-10472.md @@ -0,0 +1,17 @@ +### [CVE-2024-10472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10472) +![](https://img.shields.io/static/v1?label=Product&message=Stylish%20Price%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.1.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d79e5c05-26d0-4223-891f-42ac9fb6ef6e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10473.md b/2024/CVE-2024-10473.md new file mode 100644 index 0000000000..56144e599e --- /dev/null +++ b/2024/CVE-2024-10473.md @@ -0,0 +1,17 @@ +### [CVE-2024-10473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10473) +![](https://img.shields.io/static/v1?label=Product&message=Logo%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10474.md b/2024/CVE-2024-10474.md new file mode 100644 index 0000000000..76e542dc3e --- /dev/null +++ b/2024/CVE-2024-10474.md @@ -0,0 +1,17 @@ +### [CVE-2024-10474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10474) +![](https://img.shields.io/static/v1?label=Product&message=Focus%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20132%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Don't%20allow%20web%20content%20to%20open%20firefox-focus%20URLs&color=brighgreen) + +### Description + +Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1863832 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10475.md b/2024/CVE-2024-10475.md new file mode 100644 index 0000000000..844ed646f8 --- /dev/null +++ b/2024/CVE-2024-10475.md @@ -0,0 +1,17 @@ +### [CVE-2024-10475](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10475) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Contact%20Form%20Builder%20%26%20Lead%20Generation%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.9.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/faca59fb-6b59-45b0-8b97-c4125d9d3cb3/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10480.md b/2024/CVE-2024-10480.md new file mode 100644 index 0000000000..e502a6a767 --- /dev/null +++ b/2024/CVE-2024-10480.md @@ -0,0 +1,17 @@ +### [CVE-2024-10480](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10480) +![](https://img.shields.io/static/v1?label=Product&message=3DPrint%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/725ac766-c849-49d6-a968-58fcc2e134c8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10482.md b/2024/CVE-2024-10482.md new file mode 100644 index 0000000000..79c900c6af --- /dev/null +++ b/2024/CVE-2024-10482.md @@ -0,0 +1,17 @@ +### [CVE-2024-10482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10482) +![](https://img.shields.io/static/v1?label=Product&message=Media%20File%20Rename%2C%20Find%20Unused%20File%2C%20Add%20Alt%20text%2C%20Caption%2C%20Desc%20For%20Image%20SEO&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/46cbd4bb-b6f3-49e8-8d79-8c378c617e7c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10483.md b/2024/CVE-2024-10483.md new file mode 100644 index 0000000000..71634dfe2c --- /dev/null +++ b/2024/CVE-2024-10483.md @@ -0,0 +1,17 @@ +### [CVE-2024-10483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10483) +![](https://img.shields.io/static/v1?label=Product&message=Simple%3APress%20Forum&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.10.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c7e3c473-09b2-473b-87d7-0a01d8f52086/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10487.md b/2024/CVE-2024-10487.md new file mode 100644 index 0000000000..84dcdd028a --- /dev/null +++ b/2024/CVE-2024-10487.md @@ -0,0 +1,17 @@ +### [CVE-2024-10487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10487) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=130.0.6723.92%3C%20130.0.6723.92%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out%20of%20bounds%20write&color=brighgreen) + +### Description + +Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) + +### POC + +#### Reference +- https://issues.chromium.org/issues/375123371 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10488.md b/2024/CVE-2024-10488.md new file mode 100644 index 0000000000..9a8b352dce --- /dev/null +++ b/2024/CVE-2024-10488.md @@ -0,0 +1,17 @@ +### [CVE-2024-10488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10488) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=130.0.6723.92%3C%20130.0.6723.92%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/374310077 + +#### Github +- https://github.com/schwinguin/SuperSecureChat + diff --git a/2024/CVE-2024-10491.md b/2024/CVE-2024-10491.md new file mode 100644 index 0000000000..aca126ce61 --- /dev/null +++ b/2024/CVE-2024-10491.md @@ -0,0 +1,17 @@ +### [CVE-2024-10491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10491) +![](https://img.shields.io/static/v1?label=Product&message=express&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.0.0-alpha1%3C%3D%203.21.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) + +### Description + +A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.This vulnerability is especially relevant for dynamic parameters. + +### POC + +#### Reference +- https://www.herodevs.com/vulnerability-directory/cve-2024-10491 + +#### Github +- https://github.com/yokozuna47/backend-diary + diff --git a/2024/CVE-2024-10493.md b/2024/CVE-2024-10493.md new file mode 100644 index 0000000000..64c9769c61 --- /dev/null +++ b/2024/CVE-2024-10493.md @@ -0,0 +1,17 @@ +### [CVE-2024-10493](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10493) +![](https://img.shields.io/static/v1?label=Product&message=Element%20Pack%20Elementor%20Addons%20(Header%20Footer%2C%20Template%20Library%2C%20Dynamic%20Grid%20%26%20Carousel%2C%20Remote%20Arrows)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.10.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2e7f7196-054b-4cfd-9219-c60bb8275e8d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10499.md b/2024/CVE-2024-10499.md new file mode 100644 index 0000000000..7bdec98b1c --- /dev/null +++ b/2024/CVE-2024-10499.md @@ -0,0 +1,17 @@ +### [CVE-2024-10499](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10499) +![](https://img.shields.io/static/v1?label=Product&message=AI%20Engine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8606a93a-f61d-40df-a67e-0ac75eeadee8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10504.md b/2024/CVE-2024-10504.md new file mode 100644 index 0000000000..ee0eef18c7 --- /dev/null +++ b/2024/CVE-2024-10504.md @@ -0,0 +1,17 @@ +### [CVE-2024-10504](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10504) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%2C%20Survey%2C%20Quiz%20%26%20Popup%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9a22df11-0e24-4248-a8f3-da8f23ccb313/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10506.md b/2024/CVE-2024-10506.md new file mode 100644 index 0000000000..a20b3b1e2d --- /dev/null +++ b/2024/CVE-2024-10506.md @@ -0,0 +1,17 @@ +### [CVE-2024-10506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10506) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. This affects an unknown part of the file /admin/blood/update/B-.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/xxx-www/cve/blob/main/sql8.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10507.md b/2024/CVE-2024-10507.md new file mode 100644 index 0000000000..5a605afc33 --- /dev/null +++ b/2024/CVE-2024-10507.md @@ -0,0 +1,17 @@ +### [CVE-2024-10507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10507) +![](https://img.shields.io/static/v1?label=Product&message=Free%20Exam%20Hall%20Seating%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/26 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10508.md b/2024/CVE-2024-10508.md new file mode 100644 index 0000000000..291e97b1be --- /dev/null +++ b/2024/CVE-2024-10508.md @@ -0,0 +1,18 @@ +### [CVE-2024-10508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10508) +![](https://img.shields.io/static/v1?label=Product&message=RegistrationMagic%20%E2%80%93%20User%20Registration%20Plugin%20with%20Custom%20Registration%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%206.0.2.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-230%20Improper%20Handling%20of%20Missing%20Values&color=brighgreen) + +### Description + +The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jenderal92/CVE-2024-10508 +- https://github.com/ubaydev/CVE-2024-10508 + diff --git a/2024/CVE-2024-10509.md b/2024/CVE-2024-10509.md new file mode 100644 index 0000000000..b3586684d1 --- /dev/null +++ b/2024/CVE-2024-10509.md @@ -0,0 +1,17 @@ +### [CVE-2024-10509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10509) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Institute%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/27 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10510.md b/2024/CVE-2024-10510.md new file mode 100644 index 0000000000..9599315180 --- /dev/null +++ b/2024/CVE-2024-10510.md @@ -0,0 +1,17 @@ +### [CVE-2024-10510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10510) +![](https://img.shields.io/static/v1?label=Product&message=adBuddy%2B%20(AdBlocker%20Detection)%20by%20NetfunkDesign&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ca499752-b516-42e7-8c2f-18e4428a92c7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10511.md b/2024/CVE-2024-10511.md new file mode 100644 index 0000000000..0121980b49 --- /dev/null +++ b/2024/CVE-2024-10511.md @@ -0,0 +1,17 @@ +### [CVE-2024-10511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10511) +![](https://img.shields.io/static/v1?label=Product&message=PowerChute%20Serial%20Shutdown&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Versions%20v1.2.0.301%20and%20prior%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interfacewhen someone on the local network repeatedly requests the /accessdenied URL. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/revengsmK/CVE-2024-10511 + diff --git a/2024/CVE-2024-10515.md b/2024/CVE-2024-10515.md new file mode 100644 index 0000000000..493f184777 --- /dev/null +++ b/2024/CVE-2024-10515.md @@ -0,0 +1,17 @@ +### [CVE-2024-10515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10515) +![](https://img.shields.io/static/v1?label=Product&message=SEO%20Plugin%20by%20Squirrly%20SEO&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2012.3.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor + +### POC + +#### Reference +- https://wpscan.com/vulnerability/367aad17-fbb5-48eb-8829-5d3513098d02/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10516.md b/2024/CVE-2024-10516.md new file mode 100644 index 0000000000..e07b12f353 --- /dev/null +++ b/2024/CVE-2024-10516.md @@ -0,0 +1,17 @@ +### [CVE-2024-10516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10516) +![](https://img.shields.io/static/v1?label=Product&message=Swift%20Performance%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.3.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-10516 + diff --git a/2024/CVE-2024-10517.md b/2024/CVE-2024-10517.md new file mode 100644 index 0000000000..9928d62b1f --- /dev/null +++ b/2024/CVE-2024-10517.md @@ -0,0 +1,17 @@ +### [CVE-2024-10517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10517) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Membership%20Plugin%2C%20Ecommerce%2C%20User%20Registration%20Form%2C%20Login%20Form%2C%20User%20Profile%20%26%20Restrict%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.15.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f7c3a990-458e-4e15-b427-0b37de120740/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10518.md b/2024/CVE-2024-10518.md new file mode 100644 index 0000000000..53d1d8f155 --- /dev/null +++ b/2024/CVE-2024-10518.md @@ -0,0 +1,17 @@ +### [CVE-2024-10518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10518) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Membership%20Plugin%2C%20Ecommerce%2C%20User%20Registration%20Form%2C%20Login%20Form%2C%20User%20Profile%20%26%20Restrict%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.15.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a1e5ad16-6240-4920-888a-36fbac22cc71/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10524.md b/2024/CVE-2024-10524.md new file mode 100644 index 0000000000..c3541526de --- /dev/null +++ b/2024/CVE-2024-10524.md @@ -0,0 +1,17 @@ +### [CVE-2024-10524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10524) +![](https://img.shields.io/static/v1?label=Product&message=wget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.25.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-10542.md b/2024/CVE-2024-10542.md new file mode 100644 index 0000000000..304b57612c --- /dev/null +++ b/2024/CVE-2024-10542.md @@ -0,0 +1,18 @@ +### [CVE-2024-10542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10542) +![](https://img.shields.io/static/v1?label=Product&message=Spam%20protection%2C%20Anti-Spam%2C%20FireWall%20by%20CleanTalk&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%206.43.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/ubaydev/CVE-2024-10542 + diff --git a/2024/CVE-2024-10545.md b/2024/CVE-2024-10545.md new file mode 100644 index 0000000000..cff2752444 --- /dev/null +++ b/2024/CVE-2024-10545.md @@ -0,0 +1,17 @@ +### [CVE-2024-10545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10545) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%2C%20Sliders%2C%20Proofing%20and%20Themes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.59.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e969e5f8-17cb-489b-988d-cae31719da36/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10546.md b/2024/CVE-2024-10546.md new file mode 100644 index 0000000000..ddece9adfc --- /dev/null +++ b/2024/CVE-2024-10546.md @@ -0,0 +1,17 @@ +### [CVE-2024-10546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10546) +![](https://img.shields.io/static/v1?label=Product&message=Teaching%20%E5%9C%A8%E7%BA%BF%E6%95%99%E5%AD%A6%E5%B9%B3%E5%8F%B0&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/dfde9afc-8d64-4022-a6ca-3c1a323c5e66 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10551.md b/2024/CVE-2024-10551.md new file mode 100644 index 0000000000..9c4eba2185 --- /dev/null +++ b/2024/CVE-2024-10551.md @@ -0,0 +1,17 @@ +### [CVE-2024-10551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10551) +![](https://img.shields.io/static/v1?label=Product&message=Sticky%20Social%20Icons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/cd1aea4a-e5a6-4f87-805d-459b293bbf28/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10554.md b/2024/CVE-2024-10554.md new file mode 100644 index 0000000000..40e7541a78 --- /dev/null +++ b/2024/CVE-2024-10554.md @@ -0,0 +1,17 @@ +### [CVE-2024-10554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10554) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20WP-Advanced-Search&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7c15b082-caa5-4cf2-9986-2eb519dcb7c5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10555.md b/2024/CVE-2024-10555.md new file mode 100644 index 0000000000..bb18166c37 --- /dev/null +++ b/2024/CVE-2024-10555.md @@ -0,0 +1,17 @@ +### [CVE-2024-10555](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10555) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Button%20Plugin%20MaxButtons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%209.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fcc97635-e939-4cb4-9851-6f6ac4f6ad47/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10556.md b/2024/CVE-2024-10556.md new file mode 100644 index 0000000000..55b6334276 --- /dev/null +++ b/2024/CVE-2024-10556.md @@ -0,0 +1,17 @@ +### [CVE-2024-10556](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10556) +![](https://img.shields.io/static/v1?label=Product&message=Pet%20Shop%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/28 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10557.md b/2024/CVE-2024-10557.md new file mode 100644 index 0000000000..7b6bbd0f44 --- /dev/null +++ b/2024/CVE-2024-10557.md @@ -0,0 +1,18 @@ +### [CVE-2024-10557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10557) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/bevennyamande/bloodbank_profile_update_csrf + +#### Github +- https://github.com/bevennyamande/CVE-2024-10557 +- https://github.com/bevennyamande/bevennyamande.github.io + diff --git a/2024/CVE-2024-10558.md b/2024/CVE-2024-10558.md new file mode 100644 index 0000000000..d79558d8e0 --- /dev/null +++ b/2024/CVE-2024-10558.md @@ -0,0 +1,17 @@ +### [CVE-2024-10558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10558) +![](https://img.shields.io/static/v1?label=Product&message=Form%20Maker%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.15.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7028db78-2870-48d5-b06b-480ac8be3655/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10560.md b/2024/CVE-2024-10560.md new file mode 100644 index 0000000000..5f4073e212 --- /dev/null +++ b/2024/CVE-2024-10560.md @@ -0,0 +1,17 @@ +### [CVE-2024-10560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10560) +![](https://img.shields.io/static/v1?label=Product&message=Form%20Maker%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.15.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/80298c89-544d-4894-a837-253f5f26cf42/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10561.md b/2024/CVE-2024-10561.md new file mode 100644 index 0000000000..d3808ffaca --- /dev/null +++ b/2024/CVE-2024-10561.md @@ -0,0 +1,17 @@ +### [CVE-2024-10561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10561) +![](https://img.shields.io/static/v1?label=Product&message=Pet%20Shop%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/29 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10562.md b/2024/CVE-2024-10562.md new file mode 100644 index 0000000000..125d0114c8 --- /dev/null +++ b/2024/CVE-2024-10562.md @@ -0,0 +1,17 @@ +### [CVE-2024-10562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10562) +![](https://img.shields.io/static/v1?label=Product&message=Form%20Maker%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.15.31%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/317f6cb7-774f-4381-a855-858c051aa1d5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10563.md b/2024/CVE-2024-10563.md new file mode 100644 index 0000000000..800cbe45ee --- /dev/null +++ b/2024/CVE-2024-10563.md @@ -0,0 +1,17 @@ +### [CVE-2024-10563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10563) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Cart%20Count%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/08ed69f6-9c9b-4548-9dbb-05b602530ef7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10565.md b/2024/CVE-2024-10565.md new file mode 100644 index 0000000000..f505325dc8 --- /dev/null +++ b/2024/CVE-2024-10565.md @@ -0,0 +1,17 @@ +### [CVE-2024-10565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10565) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10566.md b/2024/CVE-2024-10566.md new file mode 100644 index 0000000000..6b0c6ef811 --- /dev/null +++ b/2024/CVE-2024-10566.md @@ -0,0 +1,17 @@ +### [CVE-2024-10566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10566) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a98a7f11-4c01-4b91-8adc-465beefa310a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10568.md b/2024/CVE-2024-10568.md new file mode 100644 index 0000000000..3def8a07b0 --- /dev/null +++ b/2024/CVE-2024-10568.md @@ -0,0 +1,17 @@ +### [CVE-2024-10568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10568) +![](https://img.shields.io/static/v1?label=Product&message=Ajax%20Search%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.12.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1676aef0-be5d-4335-933d-dc0d54416fd4/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10571.md b/2024/CVE-2024-10571.md new file mode 100644 index 0000000000..009c92af0d --- /dev/null +++ b/2024/CVE-2024-10571.md @@ -0,0 +1,17 @@ +### [CVE-2024-10571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10571) +![](https://img.shields.io/static/v1?label=Product&message=Chartify%20%E2%80%93%20WordPress%20Chart%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen) + +### Description + +The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-10571 + diff --git a/2024/CVE-2024-10573.md b/2024/CVE-2024-10573.md new file mode 100644 index 0000000000..ae71689cec --- /dev/null +++ b/2024/CVE-2024-10573.md @@ -0,0 +1,19 @@ +### [CVE-2024-10573](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10573) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brighgreen) + +### Description + +An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. + +### POC + +#### Reference +- https://mpg123.org/cgi-bin/news.cgi#2024-10-26 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10578.md b/2024/CVE-2024-10578.md new file mode 100644 index 0000000000..a64e5b4d5c --- /dev/null +++ b/2024/CVE-2024-10578.md @@ -0,0 +1,18 @@ +### [CVE-2024-10578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10578) +![](https://img.shields.io/static/v1?label=Product&message=Pubnews&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-10578 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-10586.md b/2024/CVE-2024-10586.md new file mode 100644 index 0000000000..9469ac3d66 --- /dev/null +++ b/2024/CVE-2024-10586.md @@ -0,0 +1,18 @@ +### [CVE-2024-10586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10586) +![](https://img.shields.io/static/v1?label=Product&message=Debug%20Tool&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-10586-Poc +- https://github.com/RandomRobbieBF/CVE-2024-10586 + diff --git a/2024/CVE-2024-10596.md b/2024/CVE-2024-10596.md new file mode 100644 index 0000000000..c254509527 --- /dev/null +++ b/2024/CVE-2024-10596.md @@ -0,0 +1,17 @@ +### [CVE-2024-10596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10596) +![](https://img.shields.io/static/v1?label=Product&message=CDG&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://vuldb.com/?id.282608 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10600.md b/2024/CVE-2024-10600.md new file mode 100644 index 0000000000..6a30c183b9 --- /dev/null +++ b/2024/CVE-2024-10600.md @@ -0,0 +1,27 @@ +### [CVE-2024-10600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10600) +![](https://img.shields.io/static/v1?label=Product&message=OA%202017&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 + diff --git a/2024/CVE-2024-10605.md b/2024/CVE-2024-10605.md new file mode 100644 index 0000000000..2f47d2bb9a --- /dev/null +++ b/2024/CVE-2024-10605.md @@ -0,0 +1,18 @@ +### [CVE-2024-10605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10605) +![](https://img.shields.io/static/v1?label=Product&message=Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /file/request.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/bevennyamande/receiver_request_sample_csrf + +#### Github +- https://github.com/bevennyamande/CVE-2024-10605 +- https://github.com/bevennyamande/bevennyamande.github.io + diff --git a/2024/CVE-2024-10607.md b/2024/CVE-2024-10607.md new file mode 100644 index 0000000000..8e64566851 --- /dev/null +++ b/2024/CVE-2024-10607.md @@ -0,0 +1,17 @@ +### [CVE-2024-10607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10607) +![](https://img.shields.io/static/v1?label=Product&message=Courier%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/yanhuoshanjin/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10608.md b/2024/CVE-2024-10608.md new file mode 100644 index 0000000000..dc2b8c8863 --- /dev/null +++ b/2024/CVE-2024-10608.md @@ -0,0 +1,17 @@ +### [CVE-2024-10608](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10608) +![](https://img.shields.io/static/v1?label=Product&message=Courier%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/AXUyaku/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10609.md b/2024/CVE-2024-10609.md new file mode 100644 index 0000000000..1bb89c927b --- /dev/null +++ b/2024/CVE-2024-10609.md @@ -0,0 +1,17 @@ +### [CVE-2024-10609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10609) +![](https://img.shields.io/static/v1?label=Product&message=Tailoring%20Management%20System%20Project&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Lanxiy7th/lx_CVE_report-/issues/17 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1062.md b/2024/CVE-2024-1062.md index 0e2c3431f7..b2130da759 100644 --- a/2024/CVE-2024-1062.md +++ b/2024/CVE-2024-1062.md @@ -1,7 +1,9 @@ ### [CVE-2024-1062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1062) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.5%20E4S%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.7%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.8%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2012.2%20EUS%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-10628.md b/2024/CVE-2024-10628.md new file mode 100644 index 0000000000..48a507cc93 --- /dev/null +++ b/2024/CVE-2024-10628.md @@ -0,0 +1,21 @@ +### [CVE-2024-10628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10628) +![](https://img.shields.io/static/v1?label=Product&message=Quiz%20Maker%20Agency&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Quiz%20Maker%20Business&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Quiz%20Maker%20Developer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=20.0.0%3C%3D%2021.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=30.0.0%3C%3D%2031.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.0.0%3C%3D%208.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: The three variations of this software (Business, Developer, and Agency) share the same plugin slug, so you may get an alert even if you are running the latest version of any of the pieces of software. In these cases it is safe to dismiss the notice once you've confirmed your site is on a patched version of the applicable software. + +### POC + +#### Reference +- https://abrahack.com/posts/quiz-maker-sqli/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10629.md b/2024/CVE-2024-10629.md new file mode 100644 index 0000000000..e03b11b183 --- /dev/null +++ b/2024/CVE-2024-10629.md @@ -0,0 +1,19 @@ +### [CVE-2024-10629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10629) +![](https://img.shields.io/static/v1?label=Product&message=GPX%20Viewer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-10629 +- https://github.com/RandomRobbieBF/CVE-2024-10629 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-10631.md b/2024/CVE-2024-10631.md new file mode 100644 index 0000000000..1df872961d --- /dev/null +++ b/2024/CVE-2024-10631.md @@ -0,0 +1,17 @@ +### [CVE-2024-10631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10631) +![](https://img.shields.io/static/v1?label=Product&message=Countdown%20Timer%20for%20WordPress%20Block%20Editor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b153fb5e-7df2-491b-b61b-6f90314c7b04/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10632.md b/2024/CVE-2024-10632.md new file mode 100644 index 0000000000..f236032ac8 --- /dev/null +++ b/2024/CVE-2024-10632.md @@ -0,0 +1,17 @@ +### [CVE-2024-10632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10632) +![](https://img.shields.io/static/v1?label=Product&message=Nokaut%20Offers%20Box&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/17afba70-f213-47f6-aea2-59288ca92549/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10634.md b/2024/CVE-2024-10634.md new file mode 100644 index 0000000000..c995a6e514 --- /dev/null +++ b/2024/CVE-2024-10634.md @@ -0,0 +1,18 @@ +### [CVE-2024-10634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10634) +![](https://img.shields.io/static/v1?label=Product&message=Nokaut%20Offers%20Box&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/97de2ca3-ee64-480b-a5b0-7549533c2936/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10637.md b/2024/CVE-2024-10637.md new file mode 100644 index 0000000000..1959c83266 --- /dev/null +++ b/2024/CVE-2024-10637.md @@ -0,0 +1,17 @@ +### [CVE-2024-10637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10637) +![](https://img.shields.io/static/v1?label=Product&message=Gutenberg%20Blocks%20with%20AI%20by%20Kadence%20WP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.54%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/df688dcc-9617-4f58-a310-891bfaea3695/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10638.md b/2024/CVE-2024-10638.md new file mode 100644 index 0000000000..7f9e378556 --- /dev/null +++ b/2024/CVE-2024-10638.md @@ -0,0 +1,17 @@ +### [CVE-2024-10638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10638) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Labels%20For%20Woocommerce%20(Sale%20Badges)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/32a7a778-2211-45b4-bdc2-528f27b7d4fe/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10639.md b/2024/CVE-2024-10639.md new file mode 100644 index 0000000000..d6a710a4a6 --- /dev/null +++ b/2024/CVE-2024-10639.md @@ -0,0 +1,17 @@ +### [CVE-2024-10639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10639) +![](https://img.shields.io/static/v1?label=Product&message=Auto%20Prune%20Posts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/efab3a36-535b-40ff-b98f-482a0e5193f1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10654.md b/2024/CVE-2024-10654.md new file mode 100644 index 0000000000..c37ef8baf8 --- /dev/null +++ b/2024/CVE-2024-10654.md @@ -0,0 +1,20 @@ +### [CVE-2024-10654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10654) +![](https://img.shields.io/static/v1?label=Product&message=LR350&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6369%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authorization%20Bypass&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) + +### Description + +A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. + +### POC + +#### Reference +- https://github.com/c0nyy/IoT_vuln/blob/main/TOTOLINK%20LR350%20Vuln.md + +#### Github +- https://github.com/c0nyy/IoT_vuln +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-1066.md b/2024/CVE-2024-1066.md index a479d06054..d0dd379c8a 100644 --- a/2024/CVE-2024-1066.md +++ b/2024/CVE-2024-1066.md @@ -1,7 +1,7 @@ ### [CVE-2024-1066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1066) ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=13.3.3%3C%2016.6.7%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) ### Description diff --git a/2024/CVE-2024-10660.md b/2024/CVE-2024-10660.md new file mode 100644 index 0000000000..21bf9f58b2 --- /dev/null +++ b/2024/CVE-2024-10660.md @@ -0,0 +1,27 @@ +### [CVE-2024-10660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10660) +![](https://img.shields.io/static/v1?label=Product&message=CDG&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function deleteHook of the file /com/esafenet/servlet/policy/HookService.java. The manipulation of the argument hookId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 + diff --git a/2024/CVE-2024-10668.md b/2024/CVE-2024-10668.md new file mode 100644 index 0000000000..b33adb7771 --- /dev/null +++ b/2024/CVE-2024-10668.md @@ -0,0 +1,17 @@ +### [CVE-2024-10668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10668) +![](https://img.shields.io/static/v1?label=Product&message=Nearby&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205d8b9156e0c339d82d3dab0849187e8819ad92c0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. Quickshare normally deletes unkown files, however an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit 5d8b9156e0c339d82d3dab0849187e8819ad92c0 or Quick Share Windows v1.0.2002.2 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SafeBreach-Labs/QuickShell + diff --git a/2024/CVE-2024-10673.md b/2024/CVE-2024-10673.md new file mode 100644 index 0000000000..ea9bc0317f --- /dev/null +++ b/2024/CVE-2024-10673.md @@ -0,0 +1,18 @@ +### [CVE-2024-10673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10673) +![](https://img.shields.io/static/v1?label=Product&message=Top%20Store&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-10673 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-10674.md b/2024/CVE-2024-10674.md new file mode 100644 index 0000000000..c501ba092f --- /dev/null +++ b/2024/CVE-2024-10674.md @@ -0,0 +1,18 @@ +### [CVE-2024-10674](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10674) +![](https://img.shields.io/static/v1?label=Product&message=Th%20Shop%20Mania&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-10674 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-10677.md b/2024/CVE-2024-10677.md new file mode 100644 index 0000000000..c7941c4964 --- /dev/null +++ b/2024/CVE-2024-10677.md @@ -0,0 +1,17 @@ +### [CVE-2024-10677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10677) +![](https://img.shields.io/static/v1?label=Product&message=BTEV&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b1bd4216-798a-4e45-a0ba-3699f0af3c7a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10678.md b/2024/CVE-2024-10678.md new file mode 100644 index 0000000000..a98e1c9e01 --- /dev/null +++ b/2024/CVE-2024-10678.md @@ -0,0 +1,17 @@ +### [CVE-2024-10678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10678) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9342c6a1-4f9a-45f3-911d-0dfee4657243/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10679.md b/2024/CVE-2024-10679.md new file mode 100644 index 0000000000..88281f3a5e --- /dev/null +++ b/2024/CVE-2024-10679.md @@ -0,0 +1,17 @@ +### [CVE-2024-10679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10679) +![](https://img.shields.io/static/v1?label=Product&message=Quiz%20and%20Survey%20Master%20(QSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%209.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/001391eb-f181-441d-b777-d9ce098ba143/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10680.md b/2024/CVE-2024-10680.md new file mode 100644 index 0000000000..a234101fb4 --- /dev/null +++ b/2024/CVE-2024-10680.md @@ -0,0 +1,17 @@ +### [CVE-2024-10680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10680) +![](https://img.shields.io/static/v1?label=Product&message=Form%20Maker%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.15.32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/240948d7-ece0-437f-b926-62937bdbd9db/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10697.md b/2024/CVE-2024-10697.md new file mode 100644 index 0000000000..644c957f1d --- /dev/null +++ b/2024/CVE-2024-10697.md @@ -0,0 +1,26 @@ +### [CVE-2024-10697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10697) +![](https://img.shields.io/static/v1?label=Product&message=AC6&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015.03.05.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) + +### Description + +A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability + diff --git a/2024/CVE-2024-10700.md b/2024/CVE-2024-10700.md new file mode 100644 index 0000000000..43ebeca34f --- /dev/null +++ b/2024/CVE-2024-10700.md @@ -0,0 +1,19 @@ +### [CVE-2024-10700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10700) +![](https://img.shields.io/static/v1?label=Product&message=University%20Event%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that a variety of other parameters is affected too. + +### POC + +#### Reference +- https://github.com/aa1928992772/CVE/blob/main/sqlInjection.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10702.md b/2024/CVE-2024-10702.md new file mode 100644 index 0000000000..6fea5d90c8 --- /dev/null +++ b/2024/CVE-2024-10702.md @@ -0,0 +1,17 @@ +### [CVE-2024-10702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10702) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Car%20Rental%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/imTedCao/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10703.md b/2024/CVE-2024-10703.md new file mode 100644 index 0000000000..c55ebe585e --- /dev/null +++ b/2024/CVE-2024-10703.md @@ -0,0 +1,17 @@ +### [CVE-2024-10703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10703) +![](https://img.shields.io/static/v1?label=Product&message=Registrations%20for%20the%20Events%20Calendar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.13.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5601ac03-09e4-4b4e-b03e-98323bd36dba/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10704.md b/2024/CVE-2024-10704.md new file mode 100644 index 0000000000..89df87468a --- /dev/null +++ b/2024/CVE-2024-10704.md @@ -0,0 +1,17 @@ +### [CVE-2024-10704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10704) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.31%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6c115117-11c0-4c9e-9988-8547c9364c01/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10706.md b/2024/CVE-2024-10706.md new file mode 100644 index 0000000000..08e4b64f00 --- /dev/null +++ b/2024/CVE-2024-10706.md @@ -0,0 +1,17 @@ +### [CVE-2024-10706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10706) +![](https://img.shields.io/static/v1?label=Product&message=Download%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3.03%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/01193420-9a4c-4961-93b6-aa2e37e36be1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10708.md b/2024/CVE-2024-10708.md new file mode 100644 index 0000000000..6e3a002b6f --- /dev/null +++ b/2024/CVE-2024-10708.md @@ -0,0 +1,17 @@ +### [CVE-2024-10708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10708) +![](https://img.shields.io/static/v1?label=Product&message=System%20Dashboard&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.8.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server + +### POC + +#### Reference +- https://wpscan.com/vulnerability/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10709.md b/2024/CVE-2024-10709.md new file mode 100644 index 0000000000..a2eed89067 --- /dev/null +++ b/2024/CVE-2024-10709.md @@ -0,0 +1,17 @@ +### [CVE-2024-10709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10709) +![](https://img.shields.io/static/v1?label=Product&message=YaDisk%20Files&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/114aeaf7-32a5-4510-a497-92cc0951b022/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1071.md b/2024/CVE-2024-1071.md index 4f59b8b0b5..a9424a7f46 100644 --- a/2024/CVE-2024-1071.md +++ b/2024/CVE-2024-1071.md @@ -13,9 +13,12 @@ The Ultimate Member – User Profile, Registration, Login, Member Directory, Con No PoCs from references. #### Github +- https://github.com/Dogu589/WordPress-Exploit-CVE-2024-1071 - https://github.com/Matrexdz/CVE-2024-1071 - https://github.com/Matrexdz/CVE-2024-1071-Docker +- https://github.com/Spid3heX/CVE-2024-1071-PoC-Script - https://github.com/Trackflaw/CVE-2024-1071-Docker - https://github.com/gbrsh/CVE-2024-1071 +- https://github.com/gh-ost00/CVE-2024-1071-SQL-Injection - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-10710.md b/2024/CVE-2024-10710.md new file mode 100644 index 0000000000..a22e2b1036 --- /dev/null +++ b/2024/CVE-2024-10710.md @@ -0,0 +1,17 @@ +### [CVE-2024-10710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10710) +![](https://img.shields.io/static/v1?label=Product&message=YaDisk%20Files&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/165ab698-c8b5-4412-a621-c5365d621fc5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10728.md b/2024/CVE-2024-10728.md new file mode 100644 index 0000000000..bef57ba64f --- /dev/null +++ b/2024/CVE-2024-10728.md @@ -0,0 +1,17 @@ +### [CVE-2024-10728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10728) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Grid%20Gutenberg%20Blocks%20and%20WordPress%20Blog%20Plugin%20%E2%80%93%20PostX&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.1.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-10728 + diff --git a/2024/CVE-2024-10733.md b/2024/CVE-2024-10733.md new file mode 100644 index 0000000000..5ee6c4a477 --- /dev/null +++ b/2024/CVE-2024-10733.md @@ -0,0 +1,17 @@ +### [CVE-2024-10733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10733) +![](https://img.shields.io/static/v1?label=Product&message=Restaurant%20Order%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/415Curry/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10737.md b/2024/CVE-2024-10737.md new file mode 100644 index 0000000000..aed131d439 --- /dev/null +++ b/2024/CVE-2024-10737.md @@ -0,0 +1,17 @@ +### [CVE-2024-10737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10737) +![](https://img.shields.io/static/v1?label=Product&message=Free%20Exam%20Hall%20Seating%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Scholar-XD/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10738.md b/2024/CVE-2024-10738.md new file mode 100644 index 0000000000..730dab2a1e --- /dev/null +++ b/2024/CVE-2024-10738.md @@ -0,0 +1,17 @@ +### [CVE-2024-10738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10738) +![](https://img.shields.io/static/v1?label=Product&message=Farm%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Nightmaremassacre/cve/issues/3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10739.md b/2024/CVE-2024-10739.md new file mode 100644 index 0000000000..bab401570c --- /dev/null +++ b/2024/CVE-2024-10739.md @@ -0,0 +1,17 @@ +### [CVE-2024-10739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10739) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "email" to be affected. But it must be assumed that parameter "admin_pswd" is affected as well. + +### POC + +#### Reference +- https://github.com/UnrealdDei/cve/blob/main/sql11.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10740.md b/2024/CVE-2024-10740.md new file mode 100644 index 0000000000..b1c0d58653 --- /dev/null +++ b/2024/CVE-2024-10740.md @@ -0,0 +1,17 @@ +### [CVE-2024-10740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10740) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in code-projects E-Health Care System up to 1.0. This affects an unknown part of the file /Admin/consulting_detail.php. The manipulation of the argument consulting_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/1270512529/cve/blob/main/sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10741.md b/2024/CVE-2024-10741.md new file mode 100644 index 0000000000..dae0fc4b7f --- /dev/null +++ b/2024/CVE-2024-10741.md @@ -0,0 +1,17 @@ +### [CVE-2024-10741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10741) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file /Users/registration.php. The manipulation of the argument f_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. + +### POC + +#### Reference +- https://github.com/maxihongtatum/cve/blob/main/sql14.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10742.md b/2024/CVE-2024-10742.md new file mode 100644 index 0000000000..a2eea3435d --- /dev/null +++ b/2024/CVE-2024-10742.md @@ -0,0 +1,17 @@ +### [CVE-2024-10742](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10742) +![](https://img.shields.io/static/v1?label=Product&message=Wazifa%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Wazifa System 1.0 and classified as critical. This issue affects some unknown processing of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/xiaokka/cve/blob/main/sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10750.md b/2024/CVE-2024-10750.md new file mode 100644 index 0000000000..790dcd6b99 --- /dev/null +++ b/2024/CVE-2024-10750.md @@ -0,0 +1,17 @@ +### [CVE-2024-10750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10750) +![](https://img.shields.io/static/v1?label=Product&message=i22&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0.3(4687)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/xiaobor123/tenda-vul-i22 + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-10751.md b/2024/CVE-2024-10751.md new file mode 100644 index 0000000000..cb7049ffed --- /dev/null +++ b/2024/CVE-2024-10751.md @@ -0,0 +1,17 @@ +### [CVE-2024-10751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10751) +![](https://img.shields.io/static/v1?label=Product&message=ISP%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file pay.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/JiangJiangCC/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10752.md b/2024/CVE-2024-10752.md new file mode 100644 index 0000000000..cda4d4e1e9 --- /dev/null +++ b/2024/CVE-2024-10752.md @@ -0,0 +1,19 @@ +### [CVE-2024-10752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10752) +![](https://img.shields.io/static/v1?label=Product&message=Pet%20Shop%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected. + +### POC + +#### Reference +- https://github.com/primaryboy/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10758.md b/2024/CVE-2024-10758.md new file mode 100644 index 0000000000..2b83601f73 --- /dev/null +++ b/2024/CVE-2024-10758.md @@ -0,0 +1,18 @@ +### [CVE-2024-10758](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10758) +![](https://img.shields.io/static/v1?label=Product&message=Content%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=News-Buzz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. + +### POC + +#### Reference +- https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10759.md b/2024/CVE-2024-10759.md new file mode 100644 index 0000000000..75b6cba9b2 --- /dev/null +++ b/2024/CVE-2024-10759.md @@ -0,0 +1,17 @@ +### [CVE-2024-10759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10759) +![](https://img.shields.io/static/v1?label=Product&message=Farm%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-pig.php. The manipulation of the argument pigno/weight/arrived/breed/remark/status leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "pigno" to be affected. But it must be assumed that other parameters are affected as well. + +### POC + +#### Reference +- https://github.com/liujiaquan1122/cve/issues/2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10760.md b/2024/CVE-2024-10760.md new file mode 100644 index 0000000000..9ee43ccf37 --- /dev/null +++ b/2024/CVE-2024-10760.md @@ -0,0 +1,17 @@ +### [CVE-2024-10760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10760) +![](https://img.shields.io/static/v1?label=Product&message=University%20Event%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/MurphyEutopia/cve/blob/main/sql15.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10764.md b/2024/CVE-2024-10764.md new file mode 100644 index 0000000000..1e25843467 --- /dev/null +++ b/2024/CVE-2024-10764.md @@ -0,0 +1,19 @@ +### [CVE-2024-10764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10764) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Institute%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/xiaobsss/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10765.md b/2024/CVE-2024-10765.md new file mode 100644 index 0000000000..ad929cc685 --- /dev/null +++ b/2024/CVE-2024-10765.md @@ -0,0 +1,19 @@ +### [CVE-2024-10765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10765) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Institute%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/hbuzs/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10766.md b/2024/CVE-2024-10766.md new file mode 100644 index 0000000000..ae05fb7c50 --- /dev/null +++ b/2024/CVE-2024-10766.md @@ -0,0 +1,19 @@ +### [CVE-2024-10766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10766) +![](https://img.shields.io/static/v1?label=Product&message=Free%20Exam%20Hall%20Seating%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names. + +### POC + +#### Reference +- https://github.com/Charlotte008/cve/issues/3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10771.md b/2024/CVE-2024-10771.md new file mode 100644 index 0000000000..b667bb7a82 --- /dev/null +++ b/2024/CVE-2024-10771.md @@ -0,0 +1,20 @@ +### [CVE-2024-10771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10771) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP61x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP62x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TiM3xx&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20%3C5.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20%3C5.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Due to missing input validation during one step of the firmware update process, the productis vulnerable to remote code execution. With network access and the user level ”Service”, an attackercan execute arbitrary system commands in the root user’s contexts. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10772.md b/2024/CVE-2024-10772.md new file mode 100644 index 0000000000..0a8d74f6a7 --- /dev/null +++ b/2024/CVE-2024-10772.md @@ -0,0 +1,18 @@ +### [CVE-2024-10772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10772) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP61x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP62x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20%3C5.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-649%20Reliance%20on%20Obfuscation%20or%20Encryption%20of%20Security-Relevant%20Inputs%20without%20Integrity%20Checking&color=brighgreen) + +### Description + +Since the firmware update is not validated, an attacker can install modified firmware on thedevice. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10773.md b/2024/CVE-2024-10773.md new file mode 100644 index 0000000000..6608265faa --- /dev/null +++ b/2024/CVE-2024-10773.md @@ -0,0 +1,20 @@ +### [CVE-2024-10773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10773) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP61x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP62x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TiM3xx&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20%3C5.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20%3C5.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-912%20Hidden%20Functionality&color=brighgreen) + +### Description + +The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gainfull access to the device. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10774.md b/2024/CVE-2024-10774.md new file mode 100644 index 0000000000..3941ee2186 --- /dev/null +++ b/2024/CVE-2024-10774.md @@ -0,0 +1,18 @@ +### [CVE-2024-10774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10774) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP61x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP62x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20%3C5.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10776.md b/2024/CVE-2024-10776.md new file mode 100644 index 0000000000..99f2df89fc --- /dev/null +++ b/2024/CVE-2024-10776.md @@ -0,0 +1,18 @@ +### [CVE-2024-10776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10776) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP61x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP62x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20%3C5.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +Lua apps can be deployed, removed, started, reloaded or stopped without authorization viaAppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and writefiles or load apps that use all features of the product available to a customer. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10781.md b/2024/CVE-2024-10781.md new file mode 100644 index 0000000000..ebd12ecb55 --- /dev/null +++ b/2024/CVE-2024-10781.md @@ -0,0 +1,18 @@ +### [CVE-2024-10781](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10781) +![](https://img.shields.io/static/v1?label=Product&message=Spam%20protection%2C%20Anti-Spam%2C%20FireWall%20by%20CleanTalk&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%206.44%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-703%20Improper%20Check%20or%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) + +### Description + +The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/ubaydev/CVE-2024-10542 + diff --git a/2024/CVE-2024-10791.md b/2024/CVE-2024-10791.md new file mode 100644 index 0000000000..b23b397e8c --- /dev/null +++ b/2024/CVE-2024-10791.md @@ -0,0 +1,19 @@ +### [CVE-2024-10791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10791) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Appointment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file and parameter names to be affected. + +### POC + +#### Reference +- https://github.com/3127434/CVE/issues/2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10792.md b/2024/CVE-2024-10792.md new file mode 100644 index 0000000000..65ec122dab --- /dev/null +++ b/2024/CVE-2024-10792.md @@ -0,0 +1,17 @@ +### [CVE-2024-10792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10792) +![](https://img.shields.io/static/v1?label=Product&message=Easiest%20Funnel%20Builder%20For%20WordPress%20%26%20WooCommerce%20by%20WPFunnels&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.5.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-10793.md b/2024/CVE-2024-10793.md new file mode 100644 index 0000000000..cf53260cb8 --- /dev/null +++ b/2024/CVE-2024-10793.md @@ -0,0 +1,19 @@ +### [CVE-2024-10793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10793) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Activity%20Log&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MAHajian/CVE-2024-10793 +- https://github.com/djayaGit/CVE-2024-10793 +- https://github.com/gh-ost00/CVE-2024-Collection + diff --git a/2024/CVE-2024-10805.md b/2024/CVE-2024-10805.md new file mode 100644 index 0000000000..e999b8fb76 --- /dev/null +++ b/2024/CVE-2024-10805.md @@ -0,0 +1,19 @@ +### [CVE-2024-10805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10805) +![](https://img.shields.io/static/v1?label=Product&message=University%20Event%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well. + +### POC + +#### Reference +- https://github.com/yhcyhc981/cve/blob/main/sql16.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10808.md b/2024/CVE-2024-10808.md new file mode 100644 index 0000000000..fa66569b83 --- /dev/null +++ b/2024/CVE-2024-10808.md @@ -0,0 +1,19 @@ +### [CVE-2024-10808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10808) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/koevas257/cve/blob/main/sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10809.md b/2024/CVE-2024-10809.md new file mode 100644 index 0000000000..bb4b13be9f --- /dev/null +++ b/2024/CVE-2024-10809.md @@ -0,0 +1,19 @@ +### [CVE-2024-10809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10809) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that the parameter "message" is affected as well. + +### POC + +#### Reference +- https://github.com/Xueweian/cve/blob/main/sql18.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10810.md b/2024/CVE-2024-10810.md new file mode 100644 index 0000000000..4a5874a8f6 --- /dev/null +++ b/2024/CVE-2024-10810.md @@ -0,0 +1,20 @@ +### [CVE-2024-10810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10810) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/wsy149433/cve/blob/main/sql19.md +- https://vuldb.com/?id.283038 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10813.md b/2024/CVE-2024-10813.md new file mode 100644 index 0000000000..68fb84d7f5 --- /dev/null +++ b/2024/CVE-2024-10813.md @@ -0,0 +1,17 @@ +### [CVE-2024-10813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10813) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Table%20for%20WooCommerce%20by%20CodeAstrology%20(wooproducttable.com)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-10815.md b/2024/CVE-2024-10815.md new file mode 100644 index 0000000000..d4b60ecf62 --- /dev/null +++ b/2024/CVE-2024-10815.md @@ -0,0 +1,17 @@ +### [CVE-2024-10815](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10815) +![](https://img.shields.io/static/v1?label=Product&message=PostLists&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers + +### POC + +#### Reference +- https://wpscan.com/vulnerability/309a445a-6261-4bd1-bac0-a78096d0c12b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10818.md b/2024/CVE-2024-10818.md new file mode 100644 index 0000000000..7a8d6d83fb --- /dev/null +++ b/2024/CVE-2024-10818.md @@ -0,0 +1,17 @@ +### [CVE-2024-10818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10818) +![](https://img.shields.io/static/v1?label=Product&message=JSFiddle%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/aafd152c-1a05-4191-a1bc-b802d801ca03/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10826.md b/2024/CVE-2024-10826.md new file mode 100644 index 0000000000..f302e56b49 --- /dev/null +++ b/2024/CVE-2024-10826.md @@ -0,0 +1,17 @@ +### [CVE-2024-10826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10826) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=130.0.6723.116%3C%20130.0.6723.116%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/370217726 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10828.md b/2024/CVE-2024-10828.md new file mode 100644 index 0000000000..4cec83790b --- /dev/null +++ b/2024/CVE-2024-10828.md @@ -0,0 +1,17 @@ +### [CVE-2024-10828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10828) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Order%20Export%20For%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.5.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Research-WordPress-CVE + diff --git a/2024/CVE-2024-10838.md b/2024/CVE-2024-10838.md new file mode 100644 index 0000000000..4f47ac4323 --- /dev/null +++ b/2024/CVE-2024-10838.md @@ -0,0 +1,17 @@ +### [CVE-2024-10838](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10838) +![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20Cyclone%20DDS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.10.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-191%20Integer%20Underflow%20(Wrap%20or%20Wraparound)&color=brighgreen) + +### Description + +An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions. + +### POC + +#### Reference +- https://github.com/eclipse-cyclonedds/cyclonedds/security/advisories/GHSA-6jj6-w25p-jc42 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10844.md b/2024/CVE-2024-10844.md new file mode 100644 index 0000000000..e10c4606d2 --- /dev/null +++ b/2024/CVE-2024-10844.md @@ -0,0 +1,19 @@ +### [CVE-2024-10844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10844) +![](https://img.shields.io/static/v1?label=Product&message=Bookstore%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file search.php. The manipulation of the argument s leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/sbm-98/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10845.md b/2024/CVE-2024-10845.md new file mode 100644 index 0000000000..b863f4eaca --- /dev/null +++ b/2024/CVE-2024-10845.md @@ -0,0 +1,19 @@ +### [CVE-2024-10845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10845) +![](https://img.shields.io/static/v1?label=Product&message=Bookstore%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/hbuzs/CVE/issues/3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10858.md b/2024/CVE-2024-10858.md new file mode 100644 index 0000000000..c5835fda78 --- /dev/null +++ b/2024/CVE-2024-10858.md @@ -0,0 +1,17 @@ +### [CVE-2024-10858](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10858) +![](https://img.shields.io/static/v1?label=Product&message=Jetpack&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=13.0%3C%2014.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/ + +#### Github +- https://github.com/iamarit/CVE-2024-10858 + diff --git a/2024/CVE-2024-1086.md b/2024/CVE-2024-1086.md index e100f884e1..79fb731c77 100644 --- a/2024/CVE-2024-1086.md +++ b/2024/CVE-2024-1086.md @@ -15,43 +15,75 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://pwning.tech/nftables/ #### Github +- https://github.com/0pts/0pts-bitpixie - https://github.com/0xMarcio/cve - https://github.com/0xsyr0/OSCP +- https://github.com/AMatheusFeitosaM/OSCP-Cheat +- https://github.com/ARGOeu-Metrics/secmon-probes +- https://github.com/AdamDanielHarris/awesome-stars - https://github.com/Alicey0719/docker-POC_CVE-2024-1086 +- https://github.com/AlvaroCaroFdez/IS-3.c.02-ACF +- https://github.com/Andromeda254/cve +- https://github.com/Anomaly-8/ZPOZAS_lab2 - https://github.com/BachoSeven/stellestelline - https://github.com/CCIEVoice2009/CVE-2024-1086 +- https://github.com/CHDevSec/RedPhaton - https://github.com/Disturbante/Linux-Pentest - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/Faizan-Khanx/OSCP - https://github.com/GhostTroops/TOP +- https://github.com/GonzaloPulido/UAC_Incidentes - https://github.com/Hiimsonkul/Hiimsonkul +- https://github.com/HugoAPortela/Criando-Agente-Deteccao-Vulnerabilidades-Arquiteturas - https://github.com/Jappie3/starred +- https://github.com/LLfam/CVE-2024-1086 +- https://github.com/Maikefee/linux-exploit-hunter +- https://github.com/Mudoleto/URL_CODER - https://github.com/Notselwyn/CVE-2024-1086 - https://github.com/Notselwyn/exploits - https://github.com/Notselwyn/notselwyn +- https://github.com/PsychoH4x0r/Unknown1337-Auto-Root- +- https://github.com/ReflectedThanatos/OSCP-cheatsheet +- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories +- https://github.com/SantoriuHen/NotesHck - https://github.com/SenukDias/OSCP_cheat - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technetium1/stars - https://github.com/TigerIsMyPet/KernelExploit +- https://github.com/VishuGahlyan/OSCP +- https://github.com/Willenst/primitive - https://github.com/YgorAlberto/ygoralberto.github.io - https://github.com/Zombie-Kaiser/Zombie-Kaiser +- https://github.com/andigandhi/bitpixie - https://github.com/aneasystone/github-trending - https://github.com/aobakwewastaken/aobakwewastaken - https://github.com/bfengj/Cloud-Security - https://github.com/brimstone/stars +- https://github.com/bsauce/bsauce - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/daphne97/daphne97 - https://github.com/exfilt/CheatSheet +- https://github.com/fazilbaig1/oscp +- https://github.com/feely666/CVE-2024-1086 - https://github.com/fireinrain/github-trending - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/garatc/bitpixie - https://github.com/giterlizzi/secdb-feeds - https://github.com/iakat/stars +- https://github.com/inikhilgitd/Basic-Vulnerability-Scan-on-Your-PC - https://github.com/jafshare/GithubTrending - https://github.com/jetblk/Flipper-Zero-JavaScript +- https://github.com/jmfgd/cve_details - https://github.com/johe123qwe/github-trending +- https://github.com/karim4353/CVE-2024-1086-Exploit +- https://github.com/karim4353/karim4353 - https://github.com/kevcooper/CVE-2024-1086-checker - https://github.com/lobo360/iptables-ubuntu +- https://github.com/lykorix/CVE-Research - https://github.com/makoto56/penetration-suite-toolkit +- https://github.com/martanne/bitpixie +- https://github.com/nisadevi11/Localroot-ALL-CVE - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/phixion/phixion - https://github.com/rootkalilocalhost/CVE-2024-1086 @@ -62,4 +94,8 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://github.com/unresolv/stars - https://github.com/wuhanstudio/awesome-stars - https://github.com/xairy/linux-kernel-exploitation +- https://github.com/xzx482/CVE-2024-1086 +- https://github.com/yigitcantunay35/les-moders +- https://github.com/zhanpengliu-tencent/medium-cve +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-10864.md b/2024/CVE-2024-10864.md new file mode 100644 index 0000000000..637cf77f97 --- /dev/null +++ b/2024/CVE-2024-10864.md @@ -0,0 +1,19 @@ +### [CVE-2024-10864](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10864) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Authentication&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.5%3C%20%3C%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DojoSecurity/DojoSecurity +- https://github.com/afine-com/research +- https://github.com/vemusx/vemusx + diff --git a/2024/CVE-2024-10865.md b/2024/CVE-2024-10865.md new file mode 100644 index 0000000000..a06ff8219f --- /dev/null +++ b/2024/CVE-2024-10865.md @@ -0,0 +1,19 @@ +### [CVE-2024-10865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10865) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Authentication&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.5%3C%20%3C%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DojoSecurity/DojoSecurity +- https://github.com/afine-com/research +- https://github.com/vemusx/vemusx + diff --git a/2024/CVE-2024-10892.md b/2024/CVE-2024-10892.md new file mode 100644 index 0000000000..fcca36ccfc --- /dev/null +++ b/2024/CVE-2024-10892.md @@ -0,0 +1,17 @@ +### [CVE-2024-10892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10892) +![](https://img.shields.io/static/v1?label=Product&message=Cost%20Calculator%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.43%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ff1f5b84-a8cf-4574-a713-53d35739c6cb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10893.md b/2024/CVE-2024-10893.md new file mode 100644 index 0000000000..d5de4dee14 --- /dev/null +++ b/2024/CVE-2024-10893.md @@ -0,0 +1,17 @@ +### [CVE-2024-10893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10893) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Booking%20Calendar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2010.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a230a552-3fda-4145-810f-58af540107db/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10896.md b/2024/CVE-2024-10896.md new file mode 100644 index 0000000000..e532e7dd69 --- /dev/null +++ b/2024/CVE-2024-10896.md @@ -0,0 +1,17 @@ +### [CVE-2024-10896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10896) +![](https://img.shields.io/static/v1?label=Product&message=Logo%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10903.md b/2024/CVE-2024-10903.md new file mode 100644 index 0000000000..6dedeedef7 --- /dev/null +++ b/2024/CVE-2024-10903.md @@ -0,0 +1,17 @@ +### [CVE-2024-10903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10903) +![](https://img.shields.io/static/v1?label=Product&message=Broken%20Link%20Checker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10905.md b/2024/CVE-2024-10905.md new file mode 100644 index 0000000000..187f9bcbb0 --- /dev/null +++ b/2024/CVE-2024-10905.md @@ -0,0 +1,17 @@ +### [CVE-2024-10905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10905) +![](https://img.shields.io/static/v1?label=Product&message=IdentityIQ&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-66%3A%20Improper%20Handling%20of%20File%20Names%20that%20Identify%20Virtual%20Resources&color=brighgreen) + +### Description + +IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-10913.md b/2024/CVE-2024-10913.md new file mode 100644 index 0000000000..8e172914f9 --- /dev/null +++ b/2024/CVE-2024-10913.md @@ -0,0 +1,17 @@ +### [CVE-2024-10913](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10913) +![](https://img.shields.io/static/v1?label=Product&message=Clone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/david-prv/vulnerable-wordpress-plugins + diff --git a/2024/CVE-2024-10914.md b/2024/CVE-2024-10914.md new file mode 100644 index 0000000000..f14867e659 --- /dev/null +++ b/2024/CVE-2024-10914.md @@ -0,0 +1,49 @@ +### [CVE-2024-10914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10914) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241028%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/Bu0uCat/D-Link-NAS-CVE-2024-10914- +- https://github.com/DMW11525708/wiki +- https://github.com/Egi08/CVE-2024-10914 +- https://github.com/K3ysTr0K3R/CVE-2024-10914-EXPLOIT +- https://github.com/K3ysTr0K3R/K3ysTr0K3R +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Ostorlab/KEV +- https://github.com/TH-SecForge/CVE-2024-10914 +- https://github.com/Tamirido30/CVE-2024-10914-Exploit +- https://github.com/ThemeHackers/CVE-2024-10914 +- https://github.com/adysec/POC +- https://github.com/dragonXZH/CVE-2024-10914 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/gh-ost00/CVE-2024-Collection +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/imnotcha0s/CVE-2024-10914 +- https://github.com/jahithoque/CVE-2024-10914-Exploit +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/redspy-sec/D-Link +- https://github.com/retuci0/cve-2024-10914-port +- https://github.com/verylazytech/CVE-2024-10914 +- https://github.com/yenyangmjaze/cve-2024-10914 + diff --git a/2024/CVE-2024-10915.md b/2024/CVE-2024-10915.md new file mode 100644 index 0000000000..9419086966 --- /dev/null +++ b/2024/CVE-2024-10915.md @@ -0,0 +1,22 @@ +### [CVE-2024-10915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10915) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241028%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/r0otk3r/CVE-2024-10915 + diff --git a/2024/CVE-2024-10919.md b/2024/CVE-2024-10919.md new file mode 100644 index 0000000000..cc2af4c90a --- /dev/null +++ b/2024/CVE-2024-10919.md @@ -0,0 +1,18 @@ +### [CVE-2024-10919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10919) +![](https://img.shields.io/static/v1?label=Product&message=Super-Jacoco&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/didi/super-jacoco/issues/49 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10924.md b/2024/CVE-2024-10924.md new file mode 100644 index 0000000000..d9a803a76b --- /dev/null +++ b/2024/CVE-2024-10924.md @@ -0,0 +1,45 @@ +### [CVE-2024-10924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10924) +![](https://img.shields.io/static/v1?label=Product&message=Really%20Simple%20Security%20%E2%80%93%20Simple%20and%20Performant%20Security%20(formerly%20Really%20Simple%20SSL)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Really%20Simple%20Security%20Pro%20multisite&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Really%20Simple%20Security%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=9.0.0%3C%3D%209.1.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/D1se0/CVE-2024-10924-Bypass-MFA-Wordpress-LAB +- https://github.com/D1se0/D1se0 +- https://github.com/Hunt3r850/CVE-2024-10924-PoC +- https://github.com/Hunt3r850/CVE-2024-10924-Wordpress-Docker +- https://github.com/Maalfer/CVE-2024-10924-PoC +- https://github.com/MaleeshaUdan/wordpress-CVE-2024-10924--exploit +- https://github.com/MattJButler/CVE-2024-10924 +- https://github.com/Nxploited/CVE-2024-10924-Exploit +- https://github.com/OliveiraaX/-CVE-2024-10924 +- https://github.com/Ostorlab/KEV +- https://github.com/RandomRobbieBF/CVE-2024-10924 +- https://github.com/Trackflaw/CVE-2024-10924-Wordpress-Docker +- https://github.com/a-s-m-asadujjaman/exploitables +- https://github.com/a1batr0ssG/VulhubExpand +- https://github.com/ademto/Emmanuel-Portfolio-React +- https://github.com/ademto/wordpress-cve-2024-10924-pentest +- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database +- https://github.com/cy3erdr4g0n/CVE-2024-10924 +- https://github.com/h8sU/wordpress-cve-2024-10924-exploit +- https://github.com/julesbsz/CVE-2024-10924 +- https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-exploit +- https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/s3rgeym/wp-vuln-scanner +- https://github.com/sariamubeen/CVE-2024-10924 +- https://github.com/sharafu-sblsec/CVE-2024-10924 +- https://github.com/z0roday/Realy-Simple-Security-Vulnerabilities-Exploit + diff --git a/2024/CVE-2024-10926.md b/2024/CVE-2024-10926.md new file mode 100644 index 0000000000..4d0da88bc6 --- /dev/null +++ b/2024/CVE-2024-10926.md @@ -0,0 +1,18 @@ +### [CVE-2024-10926](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10926) +![](https://img.shields.io/static/v1?label=Product&message=ibWebAdmin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) + +### Description + +A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://docs.google.com/document/d/1h9LlTV1FVvOSDBWc7qwU_5qcboCKd6H99Oqg3rZdBRQ/edit?usp=sharing + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10930.md b/2024/CVE-2024-10930.md new file mode 100644 index 0000000000..862b35288e --- /dev/null +++ b/2024/CVE-2024-10930.md @@ -0,0 +1,18 @@ +### [CVE-2024-10930](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10930) +![](https://img.shields.io/static/v1?label=Product&message=Block%20Load&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.00%2C%204.10-4.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%20Uncontrolled%20Search%20Path%20Element&color=brighgreen) + +### Description + +An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sahil3276/CVE-2024-10930 +- https://github.com/sahil3276/sahil3276 + diff --git a/2024/CVE-2024-10939.md b/2024/CVE-2024-10939.md new file mode 100644 index 0000000000..781d1291dd --- /dev/null +++ b/2024/CVE-2024-10939.md @@ -0,0 +1,17 @@ +### [CVE-2024-10939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10939) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fcf50077-b360-4b63-bece-9806b4bc8bea/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10941.md b/2024/CVE-2024-10941.md new file mode 100644 index 0000000000..4a88f4bd9d --- /dev/null +++ b/2024/CVE-2024-10941.md @@ -0,0 +1,17 @@ +### [CVE-2024-10941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10941) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20126%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Browser%20crash%20from%20invalid%20URI&color=brighgreen) + +### Description + +A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1880879 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10946.md b/2024/CVE-2024-10946.md new file mode 100644 index 0000000000..5431244ae2 --- /dev/null +++ b/2024/CVE-2024-10946.md @@ -0,0 +1,18 @@ +### [CVE-2024-10946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10946) +![](https://img.shields.io/static/v1?label=Product&message=Interlib%20Library%20Cluster%20Automation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file /interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=. The manipulation of the argument sql leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/cfb12573-ca11-433d-b9a0-fce47837a1f5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10947.md b/2024/CVE-2024-10947.md new file mode 100644 index 0000000000..73e6b1b3c1 --- /dev/null +++ b/2024/CVE-2024-10947.md @@ -0,0 +1,18 @@ +### [CVE-2024-10947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10947) +![](https://img.shields.io/static/v1?label=Product&message=Interlib%20Library%20Cluster%20Automation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/9dbc9639-ee9d-4328-9ed2-bc1bfbb2e741 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10958.md b/2024/CVE-2024-10958.md new file mode 100644 index 0000000000..41b3e225ee --- /dev/null +++ b/2024/CVE-2024-10958.md @@ -0,0 +1,17 @@ +### [CVE-2024-10958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10958) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Photo%20Album%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.8.08.007%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit + diff --git a/2024/CVE-2024-10963.md b/2024/CVE-2024-10963.md new file mode 100644 index 0000000000..4b13d19ff7 --- /dev/null +++ b/2024/CVE-2024-10963.md @@ -0,0 +1,25 @@ +### [CVE-2024-10963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10963) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.4%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20AI%20(RHOAI)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.17&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authentication&color=brighgreen) + +### Description + +A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EGI-Federation/SVG-advisories +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-10966.md b/2024/CVE-2024-10966.md new file mode 100644 index 0000000000..0662141f85 --- /dev/null +++ b/2024/CVE-2024-10966.md @@ -0,0 +1,18 @@ +### [CVE-2024-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10966) +![](https://img.shields.io/static/v1?label=Product&message=X18&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.1.0cu.2024_B20220329%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Dreamy-elfland/240914 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10967.md b/2024/CVE-2024-10967.md new file mode 100644 index 0000000000..4eab48d051 --- /dev/null +++ b/2024/CVE-2024-10967.md @@ -0,0 +1,18 @@ +### [CVE-2024-10967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10967) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file /Doctor/delete_user_appointment_request.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/1104533685/cve/blob/main/sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10968.md b/2024/CVE-2024-10968.md new file mode 100644 index 0000000000..2137de45ce --- /dev/null +++ b/2024/CVE-2024-10968.md @@ -0,0 +1,18 @@ +### [CVE-2024-10968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10968) +![](https://img.shields.io/static/v1?label=Product&message=Bookstore%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /contact_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/NG0324/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10969.md b/2024/CVE-2024-10969.md new file mode 100644 index 0000000000..6eab8ab936 --- /dev/null +++ b/2024/CVE-2024-10969.md @@ -0,0 +1,18 @@ +### [CVE-2024-10969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10969) +![](https://img.shields.io/static/v1?label=Product&message=Bookstore%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument unm/pwd leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/31 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1097.md b/2024/CVE-2024-1097.md new file mode 100644 index 0000000000..f53de22357 --- /dev/null +++ b/2024/CVE-2024-1097.md @@ -0,0 +1,17 @@ +### [CVE-2024-1097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1097) +![](https://img.shields.io/static/v1?label=Product&message=craigk5n%2Fwebcalendar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report, potentially leading to the theft of user accounts and cookies. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chhhd/CVE-2025-1974 + diff --git a/2024/CVE-2024-10971.md b/2024/CVE-2024-10971.md new file mode 100644 index 0000000000..b6395c8a2a --- /dev/null +++ b/2024/CVE-2024-10971.md @@ -0,0 +1,17 @@ +### [CVE-2024-10971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10971) +![](https://img.shields.io/static/v1?label=Product&message=DVLS%20(Devolutions%20Server)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0015/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10976.md b/2024/CVE-2024-10976.md new file mode 100644 index 0000000000..fc95e0b50d --- /dev/null +++ b/2024/CVE-2024-10976.md @@ -0,0 +1,19 @@ +### [CVE-2024-10976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10976) +![](https://img.shields.io/static/v1?label=Product&message=PostgreSQL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=17%3C%2017.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Preservation%20of%20Consistency%20Between%20Independent%20Representations%20of%20Shared%20State&color=brighgreen) + +### Description + +Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/lekctut/sdb-hw-13-01 +- https://github.com/pedr0alencar/vlab-metasploitable2 + diff --git a/2024/CVE-2024-10977.md b/2024/CVE-2024-10977.md new file mode 100644 index 0000000000..f1ff6c7e50 --- /dev/null +++ b/2024/CVE-2024-10977.md @@ -0,0 +1,19 @@ +### [CVE-2024-10977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10977) +![](https://img.shields.io/static/v1?label=Product&message=PostgreSQL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=17%3C%2017.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Less%20Trusted%20Source&color=brighgreen) + +### Description + +Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/lekctut/sdb-hw-13-01 +- https://github.com/pedr0alencar/vlab-metasploitable2 + diff --git a/2024/CVE-2024-10978.md b/2024/CVE-2024-10978.md new file mode 100644 index 0000000000..366e072af8 --- /dev/null +++ b/2024/CVE-2024-10978.md @@ -0,0 +1,19 @@ +### [CVE-2024-10978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10978) +![](https://img.shields.io/static/v1?label=Product&message=PostgreSQL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=17%3C%2017.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) + +### Description + +Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/lekctut/sdb-hw-13-01 +- https://github.com/pedr0alencar/vlab-metasploitable2 + diff --git a/2024/CVE-2024-10979.md b/2024/CVE-2024-10979.md new file mode 100644 index 0000000000..8d2fb7c7eb --- /dev/null +++ b/2024/CVE-2024-10979.md @@ -0,0 +1,22 @@ +### [CVE-2024-10979](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10979) +![](https://img.shields.io/static/v1?label=Product&message=PostgreSQL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=17%3C%2017.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=External%20Control%20of%20System%20or%20Configuration%20Setting&color=brighgreen) + +### Description + +Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/atsukish/pydanticai-tutrial +- https://github.com/lekctut/sdb-hw-13-01 +- https://github.com/pedr0alencar/vlab-metasploitable2 +- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024 +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-10980.md b/2024/CVE-2024-10980.md new file mode 100644 index 0000000000..d912793813 --- /dev/null +++ b/2024/CVE-2024-10980.md @@ -0,0 +1,17 @@ +### [CVE-2024-10980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10980) +![](https://img.shields.io/static/v1?label=Product&message=Element%20Pack%20Elementor%20Addons%20(Header%20Footer%2C%20Template%20Library%2C%20Dynamic%20Grid%2C%20Carousel%20and%20Remote%20Arrows)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.10.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/915daad8-d14c-4457-a3a0-aa21744f4ae0/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10987.md b/2024/CVE-2024-10987.md new file mode 100644 index 0000000000..a930c6c976 --- /dev/null +++ b/2024/CVE-2024-10987.md @@ -0,0 +1,18 @@ +### [CVE-2024-10987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10987) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects E-Health Care System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Doctor/user_appointment.php. The manipulation of the argument schedule_id/schedule_date/schedule_day/start_time/end_time/booking leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/qqqbalabala/cve/blob/main/sql20.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10989.md b/2024/CVE-2024-10989.md new file mode 100644 index 0000000000..32798af995 --- /dev/null +++ b/2024/CVE-2024-10989.md @@ -0,0 +1,18 @@ +### [CVE-2024-10989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10989) +![](https://img.shields.io/static/v1?label=Product&message=E-Health%20Care%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. This affects an unknown part of the file /Admin/detail.php. The manipulation of the argument s_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory confuses the vulnerability class of this issue. + +### POC + +#### Reference +- https://github.com/miaoyum/cve/blob/main/sql21.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10991.md b/2024/CVE-2024-10991.md new file mode 100644 index 0000000000..933566c8fe --- /dev/null +++ b/2024/CVE-2024-10991.md @@ -0,0 +1,18 @@ +### [CVE-2024-10991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10991) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Appointment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/30 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10993.md b/2024/CVE-2024-10993.md new file mode 100644 index 0000000000..f55ada895f --- /dev/null +++ b/2024/CVE-2024-10993.md @@ -0,0 +1,18 @@ +### [CVE-2024-10993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10993) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Institute%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/NG0324/CVE/issues/2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10994.md b/2024/CVE-2024-10994.md new file mode 100644 index 0000000000..5e4c1b9734 --- /dev/null +++ b/2024/CVE-2024-10994.md @@ -0,0 +1,18 @@ +### [CVE-2024-10994](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10994) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Institute%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10995.md b/2024/CVE-2024-10995.md new file mode 100644 index 0000000000..9c8aaf9d07 --- /dev/null +++ b/2024/CVE-2024-10995.md @@ -0,0 +1,18 @@ +### [CVE-2024-10995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10995) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Appointment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10996.md b/2024/CVE-2024-10996.md new file mode 100644 index 0000000000..804a8b1b5c --- /dev/null +++ b/2024/CVE-2024-10996.md @@ -0,0 +1,18 @@ +### [CVE-2024-10996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10996) +![](https://img.shields.io/static/v1?label=Product&message=Bookstore%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/process_category_edit.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/ppp-src/CVE/issues/32 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10998.md b/2024/CVE-2024-10998.md new file mode 100644 index 0000000000..08fd75308c --- /dev/null +++ b/2024/CVE-2024-10998.md @@ -0,0 +1,18 @@ +### [CVE-2024-10998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10998) +![](https://img.shields.io/static/v1?label=Product&message=Bookstore%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/process_category_add.php. The manipulation of the argument cat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/090913/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-10999.md b/2024/CVE-2024-10999.md new file mode 100644 index 0000000000..50c983e95a --- /dev/null +++ b/2024/CVE-2024-10999.md @@ -0,0 +1,18 @@ +### [CVE-2024-10999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10999) +![](https://img.shields.io/static/v1?label=Product&message=Real%20Estate%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_authenticated_rce.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11000.md b/2024/CVE-2024-11000.md new file mode 100644 index 0000000000..883a0807a2 --- /dev/null +++ b/2024/CVE-2024-11000.md @@ -0,0 +1,18 @@ +### [CVE-2024-11000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11000) +![](https://img.shields.io/static/v1?label=Product&message=Real%20Estate%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/EmilGallajov/zero-day/blob/main/codeastro_real_estate_ms_authenticated_rce.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11003.md b/2024/CVE-2024-11003.md new file mode 100644 index 0000000000..84dea80cce --- /dev/null +++ b/2024/CVE-2024-11003.md @@ -0,0 +1,18 @@ +### [CVE-2024-11003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11003) +![](https://img.shields.io/static/v1?label=Product&message=needrestart&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pawan-shivarkar/List-of-CVE-s- +- https://github.com/unknown-user-from/CVE-2024-11003-PoC + diff --git a/2024/CVE-2024-11008.md b/2024/CVE-2024-11008.md new file mode 100644 index 0000000000..9d5ac2561a --- /dev/null +++ b/2024/CVE-2024-11008.md @@ -0,0 +1,17 @@ +### [CVE-2024-11008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11008) +![](https://img.shields.io/static/v1?label=Product&message=Members%20%E2%80%93%20Membership%20%26%20User%20Role%20Editor%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-1102.md b/2024/CVE-2024-1102.md index 83cd7b8c80..0377d5bdad 100644 --- a/2024/CVE-2024-1102.md +++ b/2024/CVE-2024-1102.md @@ -1,6 +1,7 @@ ### [CVE-2024-1102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1102) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) @@ -8,10 +9,9 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208.0%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208.0%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unprotected%20Transport%20of%20Credentials&color=brighgreen) ### Description diff --git a/2024/CVE-2024-11022.md b/2024/CVE-2024-11022.md new file mode 100644 index 0000000000..1ac21712e9 --- /dev/null +++ b/2024/CVE-2024-11022.md @@ -0,0 +1,18 @@ +### [CVE-2024-11022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11022) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP61x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20InspectorP62x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20all%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-323%20Reusing%20a%20Nonce%2C%20Key%20Pair%20in%20Encryption&color=brighgreen) + +### Description + +The authentication process to the web server uses a challenge response procedure whichinludes the nonce and additional information. This challenge can be used several times for login and istherefore vulnerable for a replay attack. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11026.md b/2024/CVE-2024-11026.md new file mode 100644 index 0000000000..b277acff9c --- /dev/null +++ b/2024/CVE-2024-11026.md @@ -0,0 +1,18 @@ +### [CVE-2024-11026](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11026) +![](https://img.shields.io/static/v1?label=Product&message=Freenow%20App&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Credentials%20Management&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Hard-coded%20Password&color=brighgreen) + +### Description + +A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://vuldb.com/?id.283544 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11040.md b/2024/CVE-2024-11040.md new file mode 100644 index 0000000000..39853900be --- /dev/null +++ b/2024/CVE-2024-11040.md @@ -0,0 +1,18 @@ +### [CVE-2024-11040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11040) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-8939. Notes: All CVE users should reference CVE-2024-8939 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gothburz/CVE-2024-11040 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-11042.md b/2024/CVE-2024-11042.md new file mode 100644 index 0000000000..83d574df86 --- /dev/null +++ b/2024/CVE-2024-11042.md @@ -0,0 +1,18 @@ +### [CVE-2024-11042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11042) +![](https://img.shields.io/static/v1?label=Product&message=invoke-ai%2Finvokeai&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%205.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite databases, and configuration files. This can impact the integrity and availability of applications relying on these files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gothburz/CVE-2024-11042 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-11049.md b/2024/CVE-2024-11049.md new file mode 100644 index 0000000000..52f380c6b5 --- /dev/null +++ b/2024/CVE-2024-11049.md @@ -0,0 +1,17 @@ +### [CVE-2024-11049](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11049) +![](https://img.shields.io/static/v1?label=Product&message=ZKBio%20Time&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Direct%20Request&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11050.md b/2024/CVE-2024-11050.md new file mode 100644 index 0000000000..45e17ea5d9 --- /dev/null +++ b/2024/CVE-2024-11050.md @@ -0,0 +1,18 @@ +### [CVE-2024-11050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11050) +![](https://img.shields.io/static/v1?label=Product&message=Hotel%20Broadband%20Operation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.0.3.151204%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/ba791f6d-7f63-494f-bd73-827ed7f26e2e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11051.md b/2024/CVE-2024-11051.md new file mode 100644 index 0000000000..5d04a72ef8 --- /dev/null +++ b/2024/CVE-2024-11051.md @@ -0,0 +1,18 @@ +### [CVE-2024-11051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11051) +![](https://img.shields.io/static/v1?label=Product&message=Hotel%20Broadband%20Operation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.0.3.151204%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/ab8e6804-5c8e-442b-8a37-c6b376bcc86f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11053.md b/2024/CVE-2024-11053.md new file mode 100644 index 0000000000..3c418dc4aa --- /dev/null +++ b/2024/CVE-2024-11053.md @@ -0,0 +1,18 @@ +### [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) +![](https://img.shields.io/static/v1?label=Product&message=curl&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.11.0%3C%3D%208.11.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +When asked to both use a `.netrc` file for credentials and to follow HTTPredirects, curl could leak the password used for the first host to thefollowed-to host under certain circumstances.This flaw only manifests itself if the netrc file has an entry that matchesthe redirect target hostname but the entry either omits just the password oromits both login and password. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/x9nico/Exam_Docker + diff --git a/2024/CVE-2024-11056.md b/2024/CVE-2024-11056.md new file mode 100644 index 0000000000..4a68eb4039 --- /dev/null +++ b/2024/CVE-2024-11056.md @@ -0,0 +1,18 @@ +### [CVE-2024-11056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11056) +![](https://img.shields.io/static/v1?label=Product&message=AC10&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.03.10.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-11061.md b/2024/CVE-2024-11061.md new file mode 100644 index 0000000000..1396a19035 --- /dev/null +++ b/2024/CVE-2024-11061.md @@ -0,0 +1,18 @@ +### [CVE-2024-11061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11061) +![](https://img.shields.io/static/v1?label=Product&message=AC10&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.03.10.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-11075.md b/2024/CVE-2024-11075.md new file mode 100644 index 0000000000..8c9ccff6b3 --- /dev/null +++ b/2024/CVE-2024-11075.md @@ -0,0 +1,17 @@ +### [CVE-2024-11075](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11075) +![](https://img.shields.io/static/v1?label=Product&message=SICK%20Incoming%20Goods%20Suite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen) + +### Description + +A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system. + +### POC + +#### Reference +- https://www.first.org/cvss/calculator/3.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11079.md b/2024/CVE-2024-11079.md new file mode 100644 index 0000000000..a32cda4526 --- /dev/null +++ b/2024/CVE-2024-11079.md @@ -0,0 +1,20 @@ +### [CVE-2024-11079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11079) +![](https://img.shields.io/static/v1?label=Product&message=Ansible%20Automation%20Platform%20Execution%20Environments&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.5%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.5%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%20AI%20(RHEL%20AI)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation&color=brighgreen) + +### Description + +A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sap-linuxlab/community.sap_infrastructure + diff --git a/2024/CVE-2024-11083.md b/2024/CVE-2024-11083.md new file mode 100644 index 0000000000..fc20adc9c6 --- /dev/null +++ b/2024/CVE-2024-11083.md @@ -0,0 +1,17 @@ +### [CVE-2024-11083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11083) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Membership%20Plugin%2C%20Ecommerce%2C%20User%20Registration%20Form%2C%20Login%20Form%2C%20User%20Profile%20%26%20Restrict%20Content%20%E2%80%93%20ProfilePress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.15.18%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11084.md b/2024/CVE-2024-11084.md new file mode 100644 index 0000000000..a172b82afb --- /dev/null +++ b/2024/CVE-2024-11084.md @@ -0,0 +1,17 @@ +### [CVE-2024-11084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11084) +![](https://img.shields.io/static/v1?label=Product&message=Helix%20ALM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202025.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203%20Observable%20Discrepancy&color=brighgreen) + +### Description + +Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SeWbYAK + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11089.md b/2024/CVE-2024-11089.md new file mode 100644 index 0000000000..723632ed6e --- /dev/null +++ b/2024/CVE-2024-11089.md @@ -0,0 +1,17 @@ +### [CVE-2024-11089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11089) +![](https://img.shields.io/static/v1?label=Product&message=Anonymous%20Restricted%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11090.md b/2024/CVE-2024-11090.md new file mode 100644 index 0000000000..8d43eff8d5 --- /dev/null +++ b/2024/CVE-2024-11090.md @@ -0,0 +1,17 @@ +### [CVE-2024-11090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11090) +![](https://img.shields.io/static/v1?label=Product&message=Membership%20Plugin%20%E2%80%93%20Restrict%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11102.md b/2024/CVE-2024-11102.md new file mode 100644 index 0000000000..0b971ce0dd --- /dev/null +++ b/2024/CVE-2024-11102.md @@ -0,0 +1,18 @@ +### [CVE-2024-11102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11102) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. + +### POC + +#### Reference +- https://drive.google.com/file/d/1Omjwoh6B2xh41c3Av0_VJsoR7tascb1_/view?usp=sharing + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11106.md b/2024/CVE-2024-11106.md new file mode 100644 index 0000000000..8dab1577d0 --- /dev/null +++ b/2024/CVE-2024-11106.md @@ -0,0 +1,17 @@ +### [CVE-2024-11106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11106) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Restrict&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11107.md b/2024/CVE-2024-11107.md new file mode 100644 index 0000000000..b09286add2 --- /dev/null +++ b/2024/CVE-2024-11107.md @@ -0,0 +1,17 @@ +### [CVE-2024-11107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11107) +![](https://img.shields.io/static/v1?label=Product&message=System%20Dashboard&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.8.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a89f1117-8df3-417b-b54f-6587545833ee/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11108.md b/2024/CVE-2024-11108.md new file mode 100644 index 0000000000..683503c843 --- /dev/null +++ b/2024/CVE-2024-11108.md @@ -0,0 +1,17 @@ +### [CVE-2024-11108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11108) +![](https://img.shields.io/static/v1?label=Product&message=Serious%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7790af9d-621b-474c-b28c-c774e2a292bb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11109.md b/2024/CVE-2024-11109.md new file mode 100644 index 0000000000..87efc0e5de --- /dev/null +++ b/2024/CVE-2024-11109.md @@ -0,0 +1,17 @@ +### [CVE-2024-11109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11109) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Google%20Review%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2015.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/93619da1-a8d6-43b6-b1be-8d50ab6f29f7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1111.md b/2024/CVE-2024-1111.md new file mode 100644 index 0000000000..2b4a3b3670 --- /dev/null +++ b/2024/CVE-2024-1111.md @@ -0,0 +1,17 @@ +### [CVE-2024-1111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1111) +![](https://img.shields.io/static/v1?label=Product&message=QR%20Code%20Login%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched remotely. VDB-252470 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Indrani-19/vulnerability-scanner + diff --git a/2024/CVE-2024-11111.md b/2024/CVE-2024-11111.md new file mode 100644 index 0000000000..ba547cf920 --- /dev/null +++ b/2024/CVE-2024-11111.md @@ -0,0 +1,17 @@ +### [CVE-2024-11111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11111) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.69%3C%20131.0.6778.69%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inappropriate%20implementation&color=brighgreen) + +### Description + +Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) + +### POC + +#### Reference +- https://issues.chromium.org/issues/360520331 + +#### Github +- https://github.com/tokitaari/RedHatCveSecurityDataAnalyzer + diff --git a/2024/CVE-2024-11114.md b/2024/CVE-2024-11114.md new file mode 100644 index 0000000000..180ec016fd --- /dev/null +++ b/2024/CVE-2024-11114.md @@ -0,0 +1,17 @@ +### [CVE-2024-11114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11114) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.69%3C%20131.0.6778.69%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inappropriate%20implementation&color=brighgreen) + +### Description + +Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Petitoto/chromium-exploit-dev + diff --git a/2024/CVE-2024-11116.md b/2024/CVE-2024-11116.md new file mode 100644 index 0000000000..82fba5867c --- /dev/null +++ b/2024/CVE-2024-11116.md @@ -0,0 +1,17 @@ +### [CVE-2024-11116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11116) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.69%3C%20131.0.6778.69%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inappropriate%20implementation&color=brighgreen) + +### Description + +Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) + +### POC + +#### Reference +- https://issues.chromium.org/issues/40942531 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1112.md b/2024/CVE-2024-1112.md index 9d63eb8a04..84d5c86bf1 100644 --- a/2024/CVE-2024-1112.md +++ b/2024/CVE-2024-1112.md @@ -13,6 +13,7 @@ Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus No PoCs from references. #### Github +- https://github.com/enessakircolak/CVE-2024-1112 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-11120.md b/2024/CVE-2024-11120.md new file mode 100644 index 0000000000..fe726c3622 --- /dev/null +++ b/2024/CVE-2024-11120.md @@ -0,0 +1,22 @@ +### [CVE-2024-11120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11120) +![](https://img.shields.io/static/v1?label=Product&message=GV-DSP_LPR_V3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=GV-VS11&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=GV-VS12&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=GVLX%204%20V2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=GVLX%204%20V3&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-11121.md b/2024/CVE-2024-11121.md new file mode 100644 index 0000000000..e861897319 --- /dev/null +++ b/2024/CVE-2024-11121.md @@ -0,0 +1,18 @@ +### [CVE-2024-11121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11121) +![](https://img.shields.io/static/v1?label=Product&message=Lingdang%20CRM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.6.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11122.md b/2024/CVE-2024-11122.md new file mode 100644 index 0000000000..ed32ded3da --- /dev/null +++ b/2024/CVE-2024-11122.md @@ -0,0 +1,18 @@ +### [CVE-2024-11122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11122) +![](https://img.shields.io/static/v1?label=Product&message=Lingdang%20CRM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.6.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/8c9422c2-ecad-4471-97a2-6f8035a2ddf5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11123.md b/2024/CVE-2024-11123.md new file mode 100644 index 0000000000..959e5f51c5 --- /dev/null +++ b/2024/CVE-2024-11123.md @@ -0,0 +1,17 @@ +### [CVE-2024-11123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11123) +![](https://img.shields.io/static/v1?label=Product&message=Lingdang%20CRM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.6.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11140.md b/2024/CVE-2024-11140.md new file mode 100644 index 0000000000..9d484acae5 --- /dev/null +++ b/2024/CVE-2024-11140.md @@ -0,0 +1,17 @@ +### [CVE-2024-11140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11140) +![](https://img.shields.io/static/v1?label=Product&message=Real%20WP%20Shop%20Lite%20Ajax%20eCommerce%20Shopping%20Cart&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b3448dff-a839-45aa-8d5a-d359e50ab7fd/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11141.md b/2024/CVE-2024-11141.md new file mode 100644 index 0000000000..c6728086db --- /dev/null +++ b/2024/CVE-2024-11141.md @@ -0,0 +1,18 @@ +### [CVE-2024-11141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11141) +![](https://img.shields.io/static/v1?label=Product&message=Sailthru%20Triggermail&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6fe3544b-fb86-43e4-9771-6e9343f9f835/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11153.md b/2024/CVE-2024-11153.md new file mode 100644 index 0000000000..55371ea9ed --- /dev/null +++ b/2024/CVE-2024-11153.md @@ -0,0 +1,17 @@ +### [CVE-2024-11153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11153) +![](https://img.shields.io/static/v1?label=Product&message=Content%20Control%20%E2%80%93%20The%20Ultimate%20Content%20Restriction%20Plugin!%20Restrict%20Content%2C%20Create%20Conditional%20Blocks%20%26%20More&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11178.md b/2024/CVE-2024-11178.md new file mode 100644 index 0000000000..563e831250 --- /dev/null +++ b/2024/CVE-2024-11178.md @@ -0,0 +1,17 @@ +### [CVE-2024-11178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11178) +![](https://img.shields.io/static/v1?label=Product&message=Login%20With%20OTP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DalmatianuSebikk/WordPressExperiments + diff --git a/2024/CVE-2024-11182.md b/2024/CVE-2024-11182.md new file mode 100644 index 0000000000..94bc828498 --- /dev/null +++ b/2024/CVE-2024-11182.md @@ -0,0 +1,19 @@ +### [CVE-2024-11182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11182) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attackerto load arbitrary JavaScript code in the context of a webmail user's browser window. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/alecdhuse/Lantern-Shark +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-11183.md b/2024/CVE-2024-11183.md new file mode 100644 index 0000000000..92d1c8fdd6 --- /dev/null +++ b/2024/CVE-2024-11183.md @@ -0,0 +1,17 @@ +### [CVE-2024-11183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11183) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Side%20Tab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ff3f2788-d1a1-4a62-a247-39a931308f51/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11184.md b/2024/CVE-2024-11184.md new file mode 100644 index 0000000000..766661be3a --- /dev/null +++ b/2024/CVE-2024-11184.md @@ -0,0 +1,17 @@ +### [CVE-2024-11184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11184) +![](https://img.shields.io/static/v1?label=Product&message=wp-enable-svg&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fc982bcb-9974-481f-aef4-580ae9edc3c8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11187.md b/2024/CVE-2024-11187.md new file mode 100644 index 0000000000..a33fceec24 --- /dev/null +++ b/2024/CVE-2024-11187.md @@ -0,0 +1,17 @@ +### [CVE-2024-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11187) +![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=9.11.0%3C%3D%209.11.37%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-405%20Asymmetric%20Resource%20Consumption%20(Amplification)&color=brighgreen) + +### Description + +It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-11189.md b/2024/CVE-2024-11189.md new file mode 100644 index 0000000000..5d5aef0f13 --- /dev/null +++ b/2024/CVE-2024-11189.md @@ -0,0 +1,17 @@ +### [CVE-2024-11189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11189) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Share%20And%20Social%20Locker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f3d1473a-6d25-447d-af27-f315323fdd62/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11190.md b/2024/CVE-2024-11190.md new file mode 100644 index 0000000000..c23e3c0b9f --- /dev/null +++ b/2024/CVE-2024-11190.md @@ -0,0 +1,17 @@ +### [CVE-2024-11190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11190) +![](https://img.shields.io/static/v1?label=Product&message=jwp-a11y&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/66b914ba-4253-4849-a38a-05ab246a9a32/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11199.md b/2024/CVE-2024-11199.md new file mode 100644 index 0000000000..377faee41f --- /dev/null +++ b/2024/CVE-2024-11199.md @@ -0,0 +1,17 @@ +### [CVE-2024-11199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11199) +![](https://img.shields.io/static/v1?label=Product&message=Rescue%20Shortcodes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gh-ost00/CVE-2024-Collection + diff --git a/2024/CVE-2024-11201.md b/2024/CVE-2024-11201.md new file mode 100644 index 0000000000..0c672d6043 --- /dev/null +++ b/2024/CVE-2024-11201.md @@ -0,0 +1,17 @@ +### [CVE-2024-11201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11201) +![](https://img.shields.io/static/v1?label=Product&message=myCred%20%E2%80%93%20Exclusive%20Platform%20for%20Loyalty%20Points%20and%20Rewards%20%E2%80%93%20Create%20Leaderboards%2C%20Ranks%2C%20Badges%2C%20Cashback%20Coupons%2C%20Referral%20Programs%2C%20WooCommerce%20%26%20eCommerce%20wallet%2C%20Gamification%20Awards%2C%20and%20Achievements.&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.7.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NSQAQ/CVE-2024-11201 + diff --git a/2024/CVE-2024-11205.md b/2024/CVE-2024-11205.md new file mode 100644 index 0000000000..88c9aabb53 --- /dev/null +++ b/2024/CVE-2024-11205.md @@ -0,0 +1,17 @@ +### [CVE-2024-11205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11205) +![](https://img.shields.io/static/v1?label=Product&message=WPForms%20%E2%80%93%20Easy%20Form%20Builder%20for%20WordPress%20%E2%80%93%20Contact%20Forms%2C%20Payment%20Forms%2C%20Surveys%2C%20%26%20More&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.8.4%3C%3D%201.9.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-11221.md b/2024/CVE-2024-11221.md new file mode 100644 index 0000000000..5dd17291a6 --- /dev/null +++ b/2024/CVE-2024-11221.md @@ -0,0 +1,17 @@ +### [CVE-2024-11221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11221) +![](https://img.shields.io/static/v1?label=Product&message=Full%20Screen%20(Page)%20Background%20Image%20Slideshow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/810c2c94-5d35-419c-a993-07a0c7064ce6/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11223.md b/2024/CVE-2024-11223.md new file mode 100644 index 0000000000..646461ab61 --- /dev/null +++ b/2024/CVE-2024-11223.md @@ -0,0 +1,17 @@ +### [CVE-2024-11223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11223) +![](https://img.shields.io/static/v1?label=Product&message=WPForms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.9.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/82989909-9745-4c9a-abc7-c1adf8c2b047/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11237.md b/2024/CVE-2024-11237.md new file mode 100644 index 0000000000..2939b15422 --- /dev/null +++ b/2024/CVE-2024-11237.md @@ -0,0 +1,19 @@ +### [CVE-2024-11237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11237) +![](https://img.shields.io/static/v1?label=Product&message=VN020%20F3v(T)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20TT_V6.2.1021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/FarhadHosen101/Router +- https://github.com/Zephkek/TP-Thumper + diff --git a/2024/CVE-2024-11240.md b/2024/CVE-2024-11240.md new file mode 100644 index 0000000000..c6c0ef8bf0 --- /dev/null +++ b/2024/CVE-2024-11240.md @@ -0,0 +1,18 @@ +### [CVE-2024-11240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11240) +![](https://img.shields.io/static/v1?label=Product&message=ibWebAdmin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://docs.google.com/document/d/1_kk14QhqJuqMGzAD_SUlOSvCGwYdeF4gI8m7mVTPBAQ/edit?usp=sharing + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11243.md b/2024/CVE-2024-11243.md new file mode 100644 index 0000000000..a95e2133a5 --- /dev/null +++ b/2024/CVE-2024-11243.md @@ -0,0 +1,18 @@ +### [CVE-2024-11243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11243) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Shop%20Store&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://youtu.be/QThAqddl5Dk + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11248.md b/2024/CVE-2024-11248.md new file mode 100644 index 0000000000..cf4446f14a --- /dev/null +++ b/2024/CVE-2024-11248.md @@ -0,0 +1,18 @@ +### [CVE-2024-11248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11248) +![](https://img.shields.io/static/v1?label=Product&message=AC10&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.03.10.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-11251.md b/2024/CVE-2024-11251.md new file mode 100644 index 0000000000..f1bcdae5a0 --- /dev/null +++ b/2024/CVE-2024-11251.md @@ -0,0 +1,18 @@ +### [CVE-2024-11251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11251) +![](https://img.shields.io/static/v1?label=Product&message=Jeewms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241108%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. + +### POC + +#### Reference +- https://gitee.com/erzhongxmu/JEEWMS/issues/IB2XZG + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11252.md b/2024/CVE-2024-11252.md new file mode 100644 index 0000000000..7f360feabb --- /dev/null +++ b/2024/CVE-2024-11252.md @@ -0,0 +1,18 @@ +### [CVE-2024-11252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11252) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Sharing%20Plugin%20%E2%80%93%20Sassy%20Social%20Share&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.3.69%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/reinh3rz/CVE-2024-11252-Sassy-Social-Share-XSS + diff --git a/2024/CVE-2024-11257.md b/2024/CVE-2024-11257.md new file mode 100644 index 0000000000..84c305c264 --- /dev/null +++ b/2024/CVE-2024-11257.md @@ -0,0 +1,18 @@ +### [CVE-2024-11257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11257) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Parlour%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/10 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11258.md b/2024/CVE-2024-11258.md new file mode 100644 index 0000000000..7fe499ef7f --- /dev/null +++ b/2024/CVE-2024-11258.md @@ -0,0 +1,18 @@ +### [CVE-2024-11258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11258) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Parlour%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/11 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11261.md b/2024/CVE-2024-11261.md new file mode 100644 index 0000000000..2b99ce44de --- /dev/null +++ b/2024/CVE-2024-11261.md @@ -0,0 +1,17 @@ +### [CVE-2024-11261](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11261) +![](https://img.shields.io/static/v1?label=Product&message=Student%20Record%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0. Affected is an unknown function of the file StudentRecordManagementSystem.cpp of the component Number of Students Menu. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/12 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11262.md b/2024/CVE-2024-11262.md new file mode 100644 index 0000000000..3a4e5a16d1 --- /dev/null +++ b/2024/CVE-2024-11262.md @@ -0,0 +1,18 @@ +### [CVE-2024-11262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11262) +![](https://img.shields.io/static/v1?label=Product&message=Student%20Record%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Affected by this vulnerability is the function main of the component View All Student Marks. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/13 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11266.md b/2024/CVE-2024-11266.md new file mode 100644 index 0000000000..282be2526d --- /dev/null +++ b/2024/CVE-2024-11266.md @@ -0,0 +1,17 @@ +### [CVE-2024-11266](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11266) +![](https://img.shields.io/static/v1?label=Product&message=Geocache%20Stat%20Bar%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/361a4635-7e7d-483c-b2ce-a857d60d91ea/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11267.md b/2024/CVE-2024-11267.md new file mode 100644 index 0000000000..e3e6483bbc --- /dev/null +++ b/2024/CVE-2024-11267.md @@ -0,0 +1,17 @@ +### [CVE-2024-11267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11267) +![](https://img.shields.io/static/v1?label=Product&message=JSP%20Store%20Locator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fcbdc11a-a194-46e4-8c22-11010b98fdab/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11269.md b/2024/CVE-2024-11269.md new file mode 100644 index 0000000000..922ad1aaf0 --- /dev/null +++ b/2024/CVE-2024-11269.md @@ -0,0 +1,17 @@ +### [CVE-2024-11269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11269) +![](https://img.shields.io/static/v1?label=Product&message=AHAthat%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3ad89687-adb0-4c45-938c-0c18fda7f36f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11272.md b/2024/CVE-2024-11272.md new file mode 100644 index 0000000000..268c581f96 --- /dev/null +++ b/2024/CVE-2024-11272.md @@ -0,0 +1,17 @@ +### [CVE-2024-11272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11272) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20%26%20SMTP%20Plugin%20for%20WordPress%20by%20PirateForms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d7a76794-bc7d-42d6-9e7d-d7b845a7f461/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11273.md b/2024/CVE-2024-11273.md new file mode 100644 index 0000000000..9d965eb206 --- /dev/null +++ b/2024/CVE-2024-11273.md @@ -0,0 +1,17 @@ +### [CVE-2024-11273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11273) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20%26%20SMTP%20Plugin%20for%20WordPress%20by%20PirateForms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d1049a83-1298-4c8c-aeac-0055110d38fb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11280.md b/2024/CVE-2024-11280.md new file mode 100644 index 0000000000..9e24b5d9e8 --- /dev/null +++ b/2024/CVE-2024-11280.md @@ -0,0 +1,17 @@ +### [CVE-2024-11280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11280) +![](https://img.shields.io/static/v1?label=Product&message=PPWP%20%E2%80%93%20Password%20Protect%20Pages&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.9.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11282.md b/2024/CVE-2024-11282.md new file mode 100644 index 0000000000..1c57bc49df --- /dev/null +++ b/2024/CVE-2024-11282.md @@ -0,0 +1,17 @@ +### [CVE-2024-11282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11282) +![](https://img.shields.io/static/v1?label=Product&message=Passster%20%E2%80%93%20Password%20Protect%20Pages%20and%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.2.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-1129.md b/2024/CVE-2024-1129.md new file mode 100644 index 0000000000..c477bfffde --- /dev/null +++ b/2024/CVE-2024-1129.md @@ -0,0 +1,17 @@ +### [CVE-2024-1129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1129) +![](https://img.shields.io/static/v1?label=Product&message=NEX-Forms%20%E2%80%93%20Ultimate%20Form%20Builder%20%E2%80%93%20Contact%20forms%20and%20much%20more&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.5.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11290.md b/2024/CVE-2024-11290.md new file mode 100644 index 0000000000..f342450730 --- /dev/null +++ b/2024/CVE-2024-11290.md @@ -0,0 +1,17 @@ +### [CVE-2024-11290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11290) +![](https://img.shields.io/static/v1?label=Product&message=Member%20Access&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11291.md b/2024/CVE-2024-11291.md new file mode 100644 index 0000000000..3534e475a9 --- /dev/null +++ b/2024/CVE-2024-11291.md @@ -0,0 +1,17 @@ +### [CVE-2024-11291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11291) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Membership%20Subscriptions%20%E2%80%93%20Effortless%20Memberships%2C%20Recurring%20Payments%20%26%20Content%20Restriction&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.13.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11292.md b/2024/CVE-2024-11292.md new file mode 100644 index 0000000000..a76d28d489 --- /dev/null +++ b/2024/CVE-2024-11292.md @@ -0,0 +1,17 @@ +### [CVE-2024-11292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11292) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Private%20Content%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11294.md b/2024/CVE-2024-11294.md new file mode 100644 index 0000000000..bde3d92d44 --- /dev/null +++ b/2024/CVE-2024-11294.md @@ -0,0 +1,17 @@ +### [CVE-2024-11294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11294) +![](https://img.shields.io/static/v1?label=Product&message=Memberful%20%E2%80%93%20Membership%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.73.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11295.md b/2024/CVE-2024-11295.md new file mode 100644 index 0000000000..e1d6837ae6 --- /dev/null +++ b/2024/CVE-2024-11295.md @@ -0,0 +1,17 @@ +### [CVE-2024-11295](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11295) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Page%20Access%20Restriction&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.29%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11297.md b/2024/CVE-2024-11297.md new file mode 100644 index 0000000000..ad1db2d0cb --- /dev/null +++ b/2024/CVE-2024-11297.md @@ -0,0 +1,17 @@ +### [CVE-2024-11297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11297) +![](https://img.shields.io/static/v1?label=Product&message=Page%20Restriction%20WordPress%20(WP)%20%E2%80%93%20Protect%20WP%20Pages%2FPost&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11303.md b/2024/CVE-2024-11303.md new file mode 100644 index 0000000000..f7be10c95b --- /dev/null +++ b/2024/CVE-2024-11303.md @@ -0,0 +1,17 @@ +### [CVE-2024-11303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11303) +![](https://img.shields.io/static/v1?label=Product&message=JetPort%205601&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%201.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2. + +### POC + +#### Reference +- https://cyberdanube.com/en/en-st-polten-uas-path-traversal-in-korenix-jetport/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11305.md b/2024/CVE-2024-11305.md new file mode 100644 index 0000000000..cd07e2eb10 --- /dev/null +++ b/2024/CVE-2024-11305.md @@ -0,0 +1,19 @@ +### [CVE-2024-11305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11305) +![](https://img.shields.io/static/v1?label=Product&message=Power%20Control%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241108%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gh-ost00/CVE-2024-Collection +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-11306.md b/2024/CVE-2024-11306.md new file mode 100644 index 0000000000..d9d331f4f7 --- /dev/null +++ b/2024/CVE-2024-11306.md @@ -0,0 +1,18 @@ +### [CVE-2024-11306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11306) +![](https://img.shields.io/static/v1?label=Product&message=Power%20Control%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241108%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-11318.md b/2024/CVE-2024-11318.md new file mode 100644 index 0000000000..10671bfdf7 --- /dev/null +++ b/2024/CVE-2024-11318.md @@ -0,0 +1,17 @@ +### [CVE-2024-11318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11318) +![](https://img.shields.io/static/v1?label=Product&message=AbsysNet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xthalach/CVE-2024-11318 + diff --git a/2024/CVE-2024-11319.md b/2024/CVE-2024-11319.md new file mode 100644 index 0000000000..59604c7d95 --- /dev/null +++ b/2024/CVE-2024-11319.md @@ -0,0 +1,17 @@ +### [CVE-2024-11319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11319) +![](https://img.shields.io/static/v1?label=Product&message=django-cms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3. + +### POC + +#### Reference +- https://iltosec.com/blog/post/django-cms-413-stored-xss-vulnerability-exploiting-the-page-title-field/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11320.md b/2024/CVE-2024-11320.md new file mode 100644 index 0000000000..023b9853cd --- /dev/null +++ b/2024/CVE-2024-11320.md @@ -0,0 +1,17 @@ +### [CVE-2024-11320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11320) +![](https://img.shields.io/static/v1?label=Product&message=Pandora%20FMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=700%3C%3D%20777.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mhaskar/CVE-2024-11320 + diff --git a/2024/CVE-2024-11322.md b/2024/CVE-2024-11322.md new file mode 100644 index 0000000000..4b091d1762 --- /dev/null +++ b/2024/CVE-2024-11322.md @@ -0,0 +1,17 @@ +### [CVE-2024-11322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11322) +![](https://img.shields.io/static/v1?label=Product&message=PowerPanel%20Business&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%204.11.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it unavailable. + +### POC + +#### Reference +- https://www.tenable.com/security/research/tra-2025-01 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11351.md b/2024/CVE-2024-11351.md new file mode 100644 index 0000000000..04962ac770 --- /dev/null +++ b/2024/CVE-2024-11351.md @@ -0,0 +1,17 @@ +### [CVE-2024-11351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11351) +![](https://img.shields.io/static/v1?label=Product&message=Restrict%20%E2%80%93%20membership%2C%20site%2C%20content%20and%20user%20access%20restrictions%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/francescocarlucci/wp-content-exfiltrator + diff --git a/2024/CVE-2024-11356.md b/2024/CVE-2024-11356.md new file mode 100644 index 0000000000..e6541c7758 --- /dev/null +++ b/2024/CVE-2024-11356.md @@ -0,0 +1,17 @@ +### [CVE-2024-11356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11356) +![](https://img.shields.io/static/v1?label=Product&message=tourmaster&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.3.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d70df54e-e99e-4539-9fd9-002c0642137e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11357.md b/2024/CVE-2024-11357.md new file mode 100644 index 0000000000..1a00da0d75 --- /dev/null +++ b/2024/CVE-2024-11357.md @@ -0,0 +1,17 @@ +### [CVE-2024-11357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11357) +![](https://img.shields.io/static/v1?label=Product&message=goodlayers-core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7e8c6816-9b7a-43e8-9508-789c8051dd9b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11372.md b/2024/CVE-2024-11372.md new file mode 100644 index 0000000000..305543a43d --- /dev/null +++ b/2024/CVE-2024-11372.md @@ -0,0 +1,17 @@ +### [CVE-2024-11372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11372) +![](https://img.shields.io/static/v1?label=Product&message=Connexion%20Logs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/de74199a-001e-4388-82ae-70cfd5a49457/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11373.md b/2024/CVE-2024-11373.md new file mode 100644 index 0000000000..b706184fca --- /dev/null +++ b/2024/CVE-2024-11373.md @@ -0,0 +1,17 @@ +### [CVE-2024-11373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11373) +![](https://img.shields.io/static/v1?label=Product&message=Connexion%20Logs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e9ef847f-3a3f-4030-828b-78db0044e142/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11381.md b/2024/CVE-2024-11381.md new file mode 100644 index 0000000000..698d00bf3b --- /dev/null +++ b/2024/CVE-2024-11381.md @@ -0,0 +1,17 @@ +### [CVE-2024-11381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11381) +![](https://img.shields.io/static/v1?label=Product&message=Control%20horas&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gh-ost00/CVE-2024-Collection + diff --git a/2024/CVE-2024-11392.md b/2024/CVE-2024-11392.md new file mode 100644 index 0000000000..3be4796ff9 --- /dev/null +++ b/2024/CVE-2024-11392.md @@ -0,0 +1,19 @@ +### [CVE-2024-11392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11392) +![](https://img.shields.io/static/v1?label=Product&message=Transformers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20940fde8dafaecb8f17b588c5078291f1c1a420c8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Kwaai-AI-Lab/OpenAI-Petal +- https://github.com/Piyush-Bhor/CVE-2024-11392 +- https://github.com/kshartman/voicemail-transcriber + diff --git a/2024/CVE-2024-11393.md b/2024/CVE-2024-11393.md new file mode 100644 index 0000000000..6bfdead59c --- /dev/null +++ b/2024/CVE-2024-11393.md @@ -0,0 +1,18 @@ +### [CVE-2024-11393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11393) +![](https://img.shields.io/static/v1?label=Product&message=Transformers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208820fe8b8c4b9da94cf1e4761876f85c562e0efe%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Kwaai-AI-Lab/OpenAI-Petal +- https://github.com/Piyush-Bhor/CVE-2024-11393 + diff --git a/2024/CVE-2024-11394.md b/2024/CVE-2024-11394.md new file mode 100644 index 0000000000..b668007259 --- /dev/null +++ b/2024/CVE-2024-11394.md @@ -0,0 +1,18 @@ +### [CVE-2024-11394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11394) +![](https://img.shields.io/static/v1?label=Product&message=Transformers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20026a173a64372e9602a16523b8fae9de4b0ff428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Kwaai-AI-Lab/OpenAI-Petal +- https://github.com/Piyush-Bhor/CVE-2024-11394 + diff --git a/2024/CVE-2024-11395.md b/2024/CVE-2024-11395.md new file mode 100644 index 0000000000..e45a482026 --- /dev/null +++ b/2024/CVE-2024-11395.md @@ -0,0 +1,17 @@ +### [CVE-2024-11395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11395) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.85%3C%20131.0.6778.85%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/377384894 + +#### Github +- https://github.com/wh1ant/vulnjs + diff --git a/2024/CVE-2024-11396.md b/2024/CVE-2024-11396.md new file mode 100644 index 0000000000..154dcd978e --- /dev/null +++ b/2024/CVE-2024-11396.md @@ -0,0 +1,17 @@ +### [CVE-2024-11396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11396) +![](https://img.shields.io/static/v1?label=Product&message=Event%20Monster%20%E2%80%93%20Event%20Management%2C%20Tickets%20Booking%2C%20Upcoming%20Event&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-359%20Exposure%20of%20Private%20Personal%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-11396 + diff --git a/2024/CVE-2024-11404.md b/2024/CVE-2024-11404.md new file mode 100644 index 0000000000..5bce29bca0 --- /dev/null +++ b/2024/CVE-2024-11404.md @@ -0,0 +1,19 @@ +### [CVE-2024-11404](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11404) +![](https://img.shields.io/static/v1?label=Product&message=django%20Filer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3%3C%203.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-80%20Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brighgreen) + +### Description + +Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3. + +### POC + +#### Reference +- https://iltosec.com/blog/post/cve-2024-11404-medium-severity-file-upload-vulnerabilities-in-django-filer-323/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11423.md b/2024/CVE-2024-11423.md new file mode 100644 index 0000000000..141cb17db1 --- /dev/null +++ b/2024/CVE-2024-11423.md @@ -0,0 +1,19 @@ +### [CVE-2024-11423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11423) +![](https://img.shields.io/static/v1?label=Product&message=Gift%20Cards%20for%20WooCommerce%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Gift%20Cards%20for%20WooCommerce%20%E2%80%93%20Create%20WooCommerce%20Gift%20Cards%2C%20Gift%20Vouchers%2C%20Redeem%20%26%20Manage%20Digital%20Gift%20Coupons.%20Offer%20Gift%20Certificates%2C%20Schedule%20Gift%20Cards%2C%20and%20Use%20Advance%20Coupons%20With%20Personalized%20Templates&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-11423 + diff --git a/2024/CVE-2024-1143.md b/2024/CVE-2024-1143.md index 95c86e595c..a355b1fda3 100644 --- a/2024/CVE-2024-1143.md +++ b/2024/CVE-2024-1143.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-11451.md b/2024/CVE-2024-11451.md new file mode 100644 index 0000000000..5075bb9b0b --- /dev/null +++ b/2024/CVE-2024-11451.md @@ -0,0 +1,17 @@ +### [CVE-2024-11451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11451) +![](https://img.shields.io/static/v1?label=Product&message=Zooom&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-11477.md b/2024/CVE-2024-11477.md new file mode 100644 index 0000000000..965de77dcf --- /dev/null +++ b/2024/CVE-2024-11477.md @@ -0,0 +1,18 @@ +### [CVE-2024-11477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11477) +![](https://img.shields.io/static/v1?label=Product&message=7-Zip&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2024.06%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-191%3A%20Integer%20Underflow%20(Wrap%20or%20Wraparound)&color=brighgreen) + +### Description + +7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TheN00bBuilder/cve-2024-11477-writeup +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-11484.md b/2024/CVE-2024-11484.md new file mode 100644 index 0000000000..a1ec948c59 --- /dev/null +++ b/2024/CVE-2024-11484.md @@ -0,0 +1,18 @@ +### [CVE-2024-11484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11484) +![](https://img.shields.io/static/v1?label=Product&message=Decoration%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The manipulation of the argument productimage1 leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/scumdestroy/scumdestroy + diff --git a/2024/CVE-2024-11485.md b/2024/CVE-2024-11485.md new file mode 100644 index 0000000000..c9c01d8cd7 --- /dev/null +++ b/2024/CVE-2024-11485.md @@ -0,0 +1,18 @@ +### [CVE-2024-11485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11485) +![](https://img.shields.io/static/v1?label=Product&message=Decoration%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Permission%20Issues&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/scumdestroy/scumdestroy + diff --git a/2024/CVE-2024-11486.md b/2024/CVE-2024-11486.md new file mode 100644 index 0000000000..a9f0b58be0 --- /dev/null +++ b/2024/CVE-2024-11486.md @@ -0,0 +1,18 @@ +### [CVE-2024-11486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11486) +![](https://img.shields.io/static/v1?label=Product&message=Decoration%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Permission%20Issues&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/scumdestroy/scumdestroy + diff --git a/2024/CVE-2024-11487.md b/2024/CVE-2024-11487.md new file mode 100644 index 0000000000..c4c5bd2cf5 --- /dev/null +++ b/2024/CVE-2024-11487.md @@ -0,0 +1,18 @@ +### [CVE-2024-11487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11487) +![](https://img.shields.io/static/v1?label=Product&message=Decoration%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndates_report.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/scumdestroy/scumdestroy + diff --git a/2024/CVE-2024-11502.md b/2024/CVE-2024-11502.md new file mode 100644 index 0000000000..7f31acd311 --- /dev/null +++ b/2024/CVE-2024-11502.md @@ -0,0 +1,17 @@ +### [CVE-2024-11502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11502) +![](https://img.shields.io/static/v1?label=Product&message=Planning%20Center%20Online%20Giving&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d9bea52e-af32-449f-97b6-1dcfb2051bda/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11503.md b/2024/CVE-2024-11503.md new file mode 100644 index 0000000000..f106c14c0e --- /dev/null +++ b/2024/CVE-2024-11503.md @@ -0,0 +1,17 @@ +### [CVE-2024-11503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11503) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Tabs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Tabs WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/25592b6c-b9ab-4d9e-b314-091594ce9189/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11591.md b/2024/CVE-2024-11591.md new file mode 100644 index 0000000000..01c28cc765 --- /dev/null +++ b/2024/CVE-2024-11591.md @@ -0,0 +1,18 @@ +### [CVE-2024-11591](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11591) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Parlour%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument sername leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/14 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11592.md b/2024/CVE-2024-11592.md new file mode 100644 index 0000000000..573d9d3702 --- /dev/null +++ b/2024/CVE-2024-11592.md @@ -0,0 +1,18 @@ +### [CVE-2024-11592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11592) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Parlour%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/15 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11605.md b/2024/CVE-2024-11605.md new file mode 100644 index 0000000000..21e4a14cb5 --- /dev/null +++ b/2024/CVE-2024-11605.md @@ -0,0 +1,17 @@ +### [CVE-2024-11605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11605) +![](https://img.shields.io/static/v1?label=Product&message=wp-publications&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11606.md b/2024/CVE-2024-11606.md new file mode 100644 index 0000000000..05a3f36969 --- /dev/null +++ b/2024/CVE-2024-11606.md @@ -0,0 +1,17 @@ +### [CVE-2024-11606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11606) +![](https://img.shields.io/static/v1?label=Product&message=Tabs%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/76ae8f5b-2d0e-4bf5-9ae3-f76cd52dea8d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11607.md b/2024/CVE-2024-11607.md new file mode 100644 index 0000000000..42abc58e7d --- /dev/null +++ b/2024/CVE-2024-11607.md @@ -0,0 +1,18 @@ +### [CVE-2024-11607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11607) +![](https://img.shields.io/static/v1?label=Product&message=GTPayment%20Donations&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/132b5193-156b-40b8-b5c7-08646e1f6866/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11613.md b/2024/CVE-2024-11613.md new file mode 100644 index 0000000000..714831a358 --- /dev/null +++ b/2024/CVE-2024-11613.md @@ -0,0 +1,18 @@ +### [CVE-2024-11613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11613) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20File%20Upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.24.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Research-WordPress-CVE +- https://github.com/Sachinart/CVE-2024-11613-wp-file-upload + diff --git a/2024/CVE-2024-11616.md b/2024/CVE-2024-11616.md new file mode 100644 index 0000000000..45ce7fb464 --- /dev/null +++ b/2024/CVE-2024-11616.md @@ -0,0 +1,17 @@ +### [CVE-2024-11616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11616) +![](https://img.shields.io/static/v1?label=Product&message=Endpoint%20DLP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20118.0.0%3B%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue.This issue affects Endpoint DLP version below R119. + +### POC + +#### Reference +- https://inbits-sec.com/posts/cve-2024-11616-netskope/ + +#### Github +- https://github.com/inb1ts/CVE-2024-11616 + diff --git a/2024/CVE-2024-11621.md b/2024/CVE-2024-11621.md new file mode 100644 index 0000000000..32c7b81f3a --- /dev/null +++ b/2024/CVE-2024-11621.md @@ -0,0 +1,17 @@ +### [CVE-2024-11621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11621) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Desktop%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.3.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-295%3A%20Improper%20Certificate%20Validation&color=brighgreen) + +### Description + +Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.Versions affected are :Remote Desktop Manager macOS 2024.3.9.0 and earlierRemote Desktop Manager Linux 2024.3.2.5 and earlierRemote Desktop Manager Android 2024.3.3.7 and earlierRemote Desktop Manager iOS 2024.3.3.0 and earlierRemote Desktop Manager Powershell 2024.3.6.0 and earlier + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2025-0001/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1163.md b/2024/CVE-2024-1163.md index ce786c4bb0..78f1d3e699 100644 --- a/2024/CVE-2024-1163.md +++ b/2024/CVE-2024-1163.md @@ -1,11 +1,11 @@ ### [CVE-2024-1163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1163) ![](https://img.shields.io/static/v1?label=Product&message=mbloch%2Fmapshaper&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.6.44%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) ### Description -Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to 0.6.44. +The attacker may exploit a path traversal vulnerability leading to information disclosure. ### POC @@ -13,5 +13,6 @@ Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to - https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5 #### Github +- https://github.com/JafarAkhondali/cve-and-cybersec-research - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-11635.md b/2024/CVE-2024-11635.md new file mode 100644 index 0000000000..a35fe2c9cc --- /dev/null +++ b/2024/CVE-2024-11635.md @@ -0,0 +1,17 @@ +### [CVE-2024-11635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11635) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20File%20Upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.24.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Research-WordPress-CVE + diff --git a/2024/CVE-2024-11636.md b/2024/CVE-2024-11636.md new file mode 100644 index 0000000000..a45a26bce4 --- /dev/null +++ b/2024/CVE-2024-11636.md @@ -0,0 +1,17 @@ +### [CVE-2024-11636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11636) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Subscribers%20by%20Icegram%20Express&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.7.45%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/da616c20-3d74-4d3a-95f5-2d71d9ada094/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11638.md b/2024/CVE-2024-11638.md new file mode 100644 index 0000000000..3736526d00 --- /dev/null +++ b/2024/CVE-2024-11638.md @@ -0,0 +1,17 @@ +### [CVE-2024-11638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11638) +![](https://img.shields.io/static/v1?label=Product&message=Gtbabel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.6.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2f20336f-e12e-4b09-bcaf-45f7249f6495/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11639.md b/2024/CVE-2024-11639.md new file mode 100644 index 0000000000..351123474b --- /dev/null +++ b/2024/CVE-2024-11639.md @@ -0,0 +1,17 @@ +### [CVE-2024-11639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11639) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20Services%20Application&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%3A%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-11643.md b/2024/CVE-2024-11643.md new file mode 100644 index 0000000000..5ba01e25e2 --- /dev/null +++ b/2024/CVE-2024-11643.md @@ -0,0 +1,17 @@ +### [CVE-2024-11643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11643) +![](https://img.shields.io/static/v1?label=Product&message=Accessibility%20by%20AllAccessible&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-11643 + diff --git a/2024/CVE-2024-11644.md b/2024/CVE-2024-11644.md new file mode 100644 index 0000000000..230ead9665 --- /dev/null +++ b/2024/CVE-2024-11644.md @@ -0,0 +1,17 @@ +### [CVE-2024-11644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11644) +![](https://img.shields.io/static/v1?label=Product&message=WP-SVG&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5b6a80f1-369c-4dd2-877e-60b724084819/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11645.md b/2024/CVE-2024-11645.md new file mode 100644 index 0000000000..f4dacaa7a9 --- /dev/null +++ b/2024/CVE-2024-11645.md @@ -0,0 +1,17 @@ +### [CVE-2024-11645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11645) +![](https://img.shields.io/static/v1?label=Product&message=float%20block&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11646.md b/2024/CVE-2024-11646.md new file mode 100644 index 0000000000..614a057516 --- /dev/null +++ b/2024/CVE-2024-11646.md @@ -0,0 +1,18 @@ +### [CVE-2024-11646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11646) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Parlour%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://vuldb.com/?id.285967 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11650.md b/2024/CVE-2024-11650.md new file mode 100644 index 0000000000..56c5e69143 --- /dev/null +++ b/2024/CVE-2024-11650.md @@ -0,0 +1,18 @@ +### [CVE-2024-11650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11650) +![](https://img.shields.io/static/v1?label=Product&message=i9&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0.8(3828)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-11667.md b/2024/CVE-2024-11667.md new file mode 100644 index 0000000000..107cad5cc1 --- /dev/null +++ b/2024/CVE-2024-11667.md @@ -0,0 +1,23 @@ +### [CVE-2024-11667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11667) +![](https://img.shields.io/static/v1?label=Product&message=ATP%20series%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=USG%20FLEX%2050(W)%20series%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=USG%20FLEX%20series%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=USG20(W)-VPN%20series%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20versions%20V5.00%20through%20V5.38%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20versions%20V5.10%20through%20V5.38%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/ReverseArt/CVE-24-DEC +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-11670.md b/2024/CVE-2024-11670.md new file mode 100644 index 0000000000..9f5f8378b3 --- /dev/null +++ b/2024/CVE-2024-11670.md @@ -0,0 +1,17 @@ +### [CVE-2024-11670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11670) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Desktop%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.2.21.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) + +### Description + +Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0015 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11671.md b/2024/CVE-2024-11671.md new file mode 100644 index 0000000000..c3e21c3daa --- /dev/null +++ b/2024/CVE-2024-11671.md @@ -0,0 +1,17 @@ +### [CVE-2024-11671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11671) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Desktop%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.3.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0016 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11672.md b/2024/CVE-2024-11672.md new file mode 100644 index 0000000000..1873eb4529 --- /dev/null +++ b/2024/CVE-2024-11672.md @@ -0,0 +1,17 @@ +### [CVE-2024-11672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11672) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Desktop%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.2.21.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) + +### Description + +Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0016 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11673.md b/2024/CVE-2024-11673.md new file mode 100644 index 0000000000..3dc4871ea7 --- /dev/null +++ b/2024/CVE-2024-11673.md @@ -0,0 +1,18 @@ +### [CVE-2024-11673](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11673) +![](https://img.shields.io/static/v1?label=Product&message=Bookstore%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authorization&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/16 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11675.md b/2024/CVE-2024-11675.md new file mode 100644 index 0000000000..aba17cf6dd --- /dev/null +++ b/2024/CVE-2024-11675.md @@ -0,0 +1,19 @@ +### [CVE-2024-11675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11675) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://vuldb.com/?id.286015 +- https://www.youtube.com/watch?v=UsScmd8Xzuw + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11676.md b/2024/CVE-2024-11676.md new file mode 100644 index 0000000000..861f03d6a1 --- /dev/null +++ b/2024/CVE-2024-11676.md @@ -0,0 +1,18 @@ +### [CVE-2024-11676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11676) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://www.youtube.com/watch?v=UsScmd8Xzuw + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11677.md b/2024/CVE-2024-11677.md new file mode 100644 index 0000000000..1f02bbf956 --- /dev/null +++ b/2024/CVE-2024-11677.md @@ -0,0 +1,18 @@ +### [CVE-2024-11677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11677) +![](https://img.shields.io/static/v1?label=Product&message=Hospital%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://www.youtube.com/watch?v=UsScmd8Xzuw + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11680.md b/2024/CVE-2024-11680.md new file mode 100644 index 0000000000..acd222b918 --- /dev/null +++ b/2024/CVE-2024-11680.md @@ -0,0 +1,29 @@ +### [CVE-2024-11680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11680) +![](https://img.shields.io/static/v1?label=Product&message=ProjectSend&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20r1720%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/D3N14LD15K/CVE-2024-11680_PoC_Exploit +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Ostorlab/KEV +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-11691.md b/2024/CVE-2024-11691.md new file mode 100644 index 0000000000..625de5b572 --- /dev/null +++ b/2024/CVE-2024-11691.md @@ -0,0 +1,21 @@ +### [CVE-2024-11691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11691) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20133%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20write%20in%20Apple%20GPU%20drivers%20via%20WebGL&color=brighgreen) + +### Description + +Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1914707 +- https://bugzilla.mozilla.org/show_bug.cgi?id=1924184 + +#### Github +- https://github.com/l33d0hyun/l33d0hyun + diff --git a/2024/CVE-2024-11692.md b/2024/CVE-2024-11692.md new file mode 100644 index 0000000000..5226f6d08a --- /dev/null +++ b/2024/CVE-2024-11692.md @@ -0,0 +1,20 @@ +### [CVE-2024-11692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11692) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20133%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Select%20list%20elements%20could%20be%20shown%20over%20another%20site&color=brighgreen) + +### Description + +An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1909535 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11693.md b/2024/CVE-2024-11693.md new file mode 100644 index 0000000000..aa989afe8e --- /dev/null +++ b/2024/CVE-2024-11693.md @@ -0,0 +1,20 @@ +### [CVE-2024-11693](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11693) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20133%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Download%20Protections%20were%20bypassed%20by%20.library-ms%20files%20on%20Windows&color=brighgreen) + +### Description + +The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/robertobuenrostro/Wazuh + diff --git a/2024/CVE-2024-11695.md b/2024/CVE-2024-11695.md new file mode 100644 index 0000000000..2c54206aab --- /dev/null +++ b/2024/CVE-2024-11695.md @@ -0,0 +1,20 @@ +### [CVE-2024-11695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11695) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20133%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=URL%20Bar%20Spoofing%20via%20Manipulated%20Punycode%20and%20Whitespace%20Characters&color=brighgreen) + +### Description + +A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1925496 + +#### Github +- https://github.com/RenwaX23/Address_Bar_Spoofing + diff --git a/2024/CVE-2024-11697.md b/2024/CVE-2024-11697.md new file mode 100644 index 0000000000..663aa523ec --- /dev/null +++ b/2024/CVE-2024-11697.md @@ -0,0 +1,20 @@ +### [CVE-2024-11697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11697) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20133%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Keypress%20Handling%20in%20Executable%20File%20Confirmation%20Dialog&color=brighgreen) + +### Description + +When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1842187 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11700.md b/2024/CVE-2024-11700.md new file mode 100644 index 0000000000..cb87e506b1 --- /dev/null +++ b/2024/CVE-2024-11700.md @@ -0,0 +1,18 @@ +### [CVE-2024-11700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11700) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20133%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Potential%20Tapjacking%20Exploit%20for%20Intent%20Confirmation%20on%20Android&color=brighgreen) + +### Description + +Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1836921 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11704.md b/2024/CVE-2024-11704.md new file mode 100644 index 0000000000..e5308ebc83 --- /dev/null +++ b/2024/CVE-2024-11704.md @@ -0,0 +1,20 @@ +### [CVE-2024-11704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20133%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Potential%20double-free%20vulnerability%20in%20PKCS%237%20decryption%20handling&color=brighgreen) + +### Description + +A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1899402 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11716.md b/2024/CVE-2024-11716.md new file mode 100644 index 0000000000..bd744213e5 --- /dev/null +++ b/2024/CVE-2024-11716.md @@ -0,0 +1,17 @@ +### [CVE-2024-11716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11716) +![](https://img.shields.io/static/v1?label=Product&message=CTFd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.7.0%3C%3D%203.7.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-837%20Improper%20Enforcement%20of%20a%20Single%2C%20Unique%20Action&color=brighgreen) + +### Description + +While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing.This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636  included in 3.7.5 release. + +### POC + +#### Reference +- https://seclists.org/fulldisclosure/2024/Dec/21 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11717.md b/2024/CVE-2024-11717.md new file mode 100644 index 0000000000..93013bf929 --- /dev/null +++ b/2024/CVE-2024-11717.md @@ -0,0 +1,18 @@ +### [CVE-2024-11717](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11717) +![](https://img.shields.io/static/v1?label=Product&message=CTFd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.7.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1391%20Use%20of%20Weak%20Credentials&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-837%20Improper%20Enforcement%20of%20a%20Single%2C%20Unique%20Action&color=brighgreen) + +### Description + +Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email.This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679  included in 3.7.5 release. + +### POC + +#### Reference +- https://seclists.org/fulldisclosure/2024/Dec/21 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11718.md b/2024/CVE-2024-11718.md new file mode 100644 index 0000000000..b6f6d2abb2 --- /dev/null +++ b/2024/CVE-2024-11718.md @@ -0,0 +1,17 @@ +### [CVE-2024-11718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11718) +![](https://img.shields.io/static/v1?label=Product&message=tarteaucitron-wp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/02da3a49-20e4-4476-a78d-4c627994a90a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11719.md b/2024/CVE-2024-11719.md new file mode 100644 index 0000000000..785bdc3e7b --- /dev/null +++ b/2024/CVE-2024-11719.md @@ -0,0 +1,18 @@ +### [CVE-2024-11719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11719) +![](https://img.shields.io/static/v1?label=Product&message=tarteaucitron-wp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/64c2a296-5fc6-450e-a12d-75cbf8b73e3a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11728.md b/2024/CVE-2024-11728.md new file mode 100644 index 0000000000..b943511f13 --- /dev/null +++ b/2024/CVE-2024-11728.md @@ -0,0 +1,18 @@ +### [CVE-2024-11728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11728) +![](https://img.shields.io/static/v1?label=Product&message=KiviCare%20%E2%80%93%20Clinic%20%26%20Patient%20Management%20System%20(EHR)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/raydanielg/Kivicare +- https://github.com/samogod/CVE-2024-11728 + diff --git a/2024/CVE-2024-11745.md b/2024/CVE-2024-11745.md new file mode 100644 index 0000000000..034ff18673 --- /dev/null +++ b/2024/CVE-2024-11745.md @@ -0,0 +1,18 @@ +### [CVE-2024-11745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11745) +![](https://img.shields.io/static/v1?label=Product&message=AC8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.03.34.09%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-11772.md b/2024/CVE-2024-11772.md new file mode 100644 index 0000000000..1446c46522 --- /dev/null +++ b/2024/CVE-2024-11772.md @@ -0,0 +1,17 @@ +### [CVE-2024-11772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11772) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20Services%20Application&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-1179.md b/2024/CVE-2024-1179.md index 1a3ec9a061..4a831e3ec1 100644 --- a/2024/CVE-2024-1179.md +++ b/2024/CVE-2024-1179.md @@ -13,6 +13,7 @@ TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Cod No PoCs from references. #### Github +- https://github.com/MohamedNourTN/QuarksLabTest - https://github.com/tanjiti/sec_profile - https://github.com/z1r00/z1r00 diff --git a/2024/CVE-2024-11824.md b/2024/CVE-2024-11824.md new file mode 100644 index 0000000000..6f7f5d1f97 --- /dev/null +++ b/2024/CVE-2024-11824.md @@ -0,0 +1,17 @@ +### [CVE-2024-11824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11824) +![](https://img.shields.io/static/v1?label=Product&message=langgenius%2Fdify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.12.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and
are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information. This issue is fixed in version 0.12.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-11831.md b/2024/CVE-2024-11831.md new file mode 100644 index 0000000000..7be6675a80 --- /dev/null +++ b/2024/CVE-2024-11831.md @@ -0,0 +1,56 @@ +### [CVE-2024-11831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11831) +![](https://img.shields.io/static/v1?label=Product&message=.NET%206.0%20on%20Red%20Hat%20Enterprise%20Linux&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cryostat%203&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Logging%20Subsystem%20for%20Red%20Hat%20OpenShift&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Virtualization&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Lightspeed&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Pipelines&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Service%20Mesh%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.17-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.18-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%203scale%20API%20Management%20Platform%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Management%20for%20Kubernetes%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204.5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Developer%20Hub&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Discovery&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20AI%20(RHOAI)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%203.11&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Dev%20Spaces&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20distributed%20tracing%203&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Quay%203&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Trusted%20Profile%20Analyzer&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20-%20HawtIO%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mathworks/MATLAB-language-server + diff --git a/2024/CVE-2024-1184.md b/2024/CVE-2024-1184.md index f856e63cfb..1c33b423fe 100644 --- a/2024/CVE-2024-1184.md +++ b/2024/CVE-2024-1184.md @@ -13,5 +13,6 @@ A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated a - https://fitoxs.com/vuldb/10-exploit-perl.txt #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-11841.md b/2024/CVE-2024-11841.md new file mode 100644 index 0000000000..6f96ed4496 --- /dev/null +++ b/2024/CVE-2024-11841.md @@ -0,0 +1,17 @@ +### [CVE-2024-11841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11841) +![](https://img.shields.io/static/v1?label=Product&message=Tithe.ly%20Giving%20Button&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e344c722-c9b3-4527-a50d-50cdf07ebace/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11842.md b/2024/CVE-2024-11842.md new file mode 100644 index 0000000000..b61343e168 --- /dev/null +++ b/2024/CVE-2024-11842.md @@ -0,0 +1,17 @@ +### [CVE-2024-11842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11842) +![](https://img.shields.io/static/v1?label=Product&message=DN%20Shipping%20by%20Weight%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2545f054-b6ca-4ee5-ac6f-f42193db21b1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11843.md b/2024/CVE-2024-11843.md new file mode 100644 index 0000000000..e93a158a73 --- /dev/null +++ b/2024/CVE-2024-11843.md @@ -0,0 +1,17 @@ +### [CVE-2024-11843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11843) +![](https://img.shields.io/static/v1?label=Product&message=Panorama&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Panorama WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0dd41559-d88a-4018-a0f0-c8944b6d6f0a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11846.md b/2024/CVE-2024-11846.md new file mode 100644 index 0000000000..1cfcf6b17f --- /dev/null +++ b/2024/CVE-2024-11846.md @@ -0,0 +1,17 @@ +### [CVE-2024-11846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11846) +![](https://img.shields.io/static/v1?label=Product&message=TravelTour&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.2.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/eedaf2d8-171c-4785-99cc-ab33113308d1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11847.md b/2024/CVE-2024-11847.md new file mode 100644 index 0000000000..a23db10407 --- /dev/null +++ b/2024/CVE-2024-11847.md @@ -0,0 +1,17 @@ +### [CVE-2024-11847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11847) +![](https://img.shields.io/static/v1?label=Product&message=wp-svg-upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f57ecff2-0cff-40c7-b6e4-5b162b847d65/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11848.md b/2024/CVE-2024-11848.md new file mode 100644 index 0000000000..f2ac50badd --- /dev/null +++ b/2024/CVE-2024-11848.md @@ -0,0 +1,17 @@ +### [CVE-2024-11848](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11848) +![](https://img.shields.io/static/v1?label=Product&message=NitroPack%20%E2%80%93%20Caching%20%26%20Speed%20Optimization%20for%20Core%20Web%20Vitals%2C%20Defer%20CSS%20%26%20JS%2C%20Lazy%20load%20Images%20and%20CDN&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.17.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-11848 + diff --git a/2024/CVE-2024-11849.md b/2024/CVE-2024-11849.md new file mode 100644 index 0000000000..1499fc176b --- /dev/null +++ b/2024/CVE-2024-11849.md @@ -0,0 +1,17 @@ +### [CVE-2024-11849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11849) +![](https://img.shields.io/static/v1?label=Product&message=Pods&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1185.md b/2024/CVE-2024-1185.md index 209e4b0afc..c9ccbc0ede 100644 --- a/2024/CVE-2024-1185.md +++ b/2024/CVE-2024-1185.md @@ -13,5 +13,6 @@ A vulnerability classified as problematic has been found in Nsasoft NBMonitor Ne - https://fitoxs.com/vuldb/11-exploit-perl.txt #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-11850.md b/2024/CVE-2024-11850.md new file mode 100644 index 0000000000..38cf8d8377 --- /dev/null +++ b/2024/CVE-2024-11850.md @@ -0,0 +1,17 @@ +### [CVE-2024-11850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11850) +![](https://img.shields.io/static/v1?label=Product&message=langgenius%2Fdify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown support within the chatbot feature. An attacker can exploit this vulnerability by injecting malicious SVG content, which can execute arbitrary JavaScript code when viewed by an admin, potentially leading to credential theft. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-11857.md b/2024/CVE-2024-11857.md new file mode 100644 index 0000000000..a0f99acdec --- /dev/null +++ b/2024/CVE-2024-11857.md @@ -0,0 +1,17 @@ +### [CVE-2024-11857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11857) +![](https://img.shields.io/static/v1?label=Product&message=Bluetooth%20HCI%20Adaptor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.73.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file deletion to privilege escalation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crisprss/CVEs + diff --git a/2024/CVE-2024-1186.md b/2024/CVE-2024-1186.md index d8f51aa58b..fce2ee55c3 100644 --- a/2024/CVE-2024-1186.md +++ b/2024/CVE-2024-1186.md @@ -14,5 +14,5 @@ A vulnerability classified as problematic was found in Munsoft Easy Archive Reco - https://www.exploit-db.com/exploits/45884 #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-11860.md b/2024/CVE-2024-11860.md new file mode 100644 index 0000000000..16427216ca --- /dev/null +++ b/2024/CVE-2024-11860.md @@ -0,0 +1,18 @@ +### [CVE-2024-11860](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11860) +![](https://img.shields.io/static/v1?label=Product&message=Best%20House%20Rental%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +- https://drive.google.com/file/d/1CyjtknGVqn5QO_R1WZX-hoGH8ae5DjRq/view + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1187.md b/2024/CVE-2024-1187.md index 98b5cae2f9..b3b7676325 100644 --- a/2024/CVE-2024-1187.md +++ b/2024/CVE-2024-1187.md @@ -13,5 +13,7 @@ A vulnerability, which was classified as problematic, has been found in Munsoft - https://fitoxs.com/vuldb/13-exploit-perl.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/GuiMatosInfra/explorer2sectool +- https://github.com/cnetsec/south-america-cve-hall +- https://github.com/xaitax/SploitScan diff --git a/2024/CVE-2024-1188.md b/2024/CVE-2024-1188.md index 2f8edeae49..ae30d818e5 100644 --- a/2024/CVE-2024-1188.md +++ b/2024/CVE-2024-1188.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as problematic, was found in Rizone Soft N - https://fitoxs.com/vuldb/14-exploit-perl.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-1189.md b/2024/CVE-2024-1189.md index d833eef782..991feff900 100644 --- a/2024/CVE-2024-1189.md +++ b/2024/CVE-2024-1189.md @@ -13,5 +13,5 @@ A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affec - https://fitoxs.com/vuldb/15-exploit-perl.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-1190.md b/2024/CVE-2024-1190.md new file mode 100644 index 0000000000..802b03c4fd --- /dev/null +++ b/2024/CVE-2024-1190.md @@ -0,0 +1,17 @@ +### [CVE-2024-1190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1190) +![](https://img.shields.io/static/v1?label=Product&message=CuteFTP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-404%20Denial%20of%20Service&color=brighgreen) + +### Description + +A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-1191.md b/2024/CVE-2024-1191.md new file mode 100644 index 0000000000..aba93000c1 --- /dev/null +++ b/2024/CVE-2024-1191.md @@ -0,0 +1,17 @@ +### [CVE-2024-1191](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1191) +![](https://img.shields.io/static/v1?label=Product&message=CdCatalog&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-404%20Denial%20of%20Service&color=brighgreen) + +### Description + +A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-252681 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-1192.md b/2024/CVE-2024-1192.md new file mode 100644 index 0000000000..9756da745b --- /dev/null +++ b/2024/CVE-2024-1192.md @@ -0,0 +1,17 @@ +### [CVE-2024-1192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1192) +![](https://img.shields.io/static/v1?label=Product&message=WebDrive&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2018.00.5057%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-404%20Denial%20of%20Service&color=brighgreen) + +### Description + +A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-11921.md b/2024/CVE-2024-11921.md new file mode 100644 index 0000000000..ca78b56b63 --- /dev/null +++ b/2024/CVE-2024-11921.md @@ -0,0 +1,17 @@ +### [CVE-2024-11921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11921) +![](https://img.shields.io/static/v1?label=Product&message=GiveWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.19.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5f196294-5ba9-45b6-a27c-ab1702cc001f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11922.md b/2024/CVE-2024-11922.md new file mode 100644 index 0000000000..1ed6ad0f0d --- /dev/null +++ b/2024/CVE-2024-11922.md @@ -0,0 +1,17 @@ +### [CVE-2024-11922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11922) +![](https://img.shields.io/static/v1?label=Product&message=GoAnywhere%20MFT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email. + +### POC + +#### Reference +- https://www.fortra.com/security/advisories/product-security/fi-2025-005 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11924.md b/2024/CVE-2024-11924.md new file mode 100644 index 0000000000..c1202dab42 --- /dev/null +++ b/2024/CVE-2024-11924.md @@ -0,0 +1,17 @@ +### [CVE-2024-11924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11924) +![](https://img.shields.io/static/v1?label=Product&message=Icegram%20Express%20formerly%20known%20as%20Email%20Subscribers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.7.52%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/70288369-132d-4211-bca0-0411736df747/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1193.md b/2024/CVE-2024-1193.md index 978e43e348..e5beadf384 100644 --- a/2024/CVE-2024-1193.md +++ b/2024/CVE-2024-1193.md @@ -13,5 +13,5 @@ A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. - https://vuldb.com/?id.252683 #### Github -No PoCs found on GitHub currently. +- https://github.com/cnetsec/south-america-cve-hall diff --git a/2024/CVE-2024-11930.md b/2024/CVE-2024-11930.md new file mode 100644 index 0000000000..e25e44d61d --- /dev/null +++ b/2024/CVE-2024-11930.md @@ -0,0 +1,17 @@ +### [CVE-2024-11930](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11930) +![](https://img.shields.io/static/v1?label=Product&message=Taskbuilder%20%E2%80%93%20WordPress%20Project%20%26%20Task%20Management%20plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Research-WordPress-CVE + diff --git a/2024/CVE-2024-1194.md b/2024/CVE-2024-1194.md index 8e099baee3..4fa3b564f3 100644 --- a/2024/CVE-2024-1194.md +++ b/2024/CVE-2024-1194.md @@ -13,5 +13,6 @@ A vulnerability classified as problematic has been found in Armcode AlienIP 2.41 No PoCs from references. #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-11955.md b/2024/CVE-2024-11955.md new file mode 100644 index 0000000000..e2dd7f8c4d --- /dev/null +++ b/2024/CVE-2024-11955.md @@ -0,0 +1,17 @@ +### [CVE-2024-11955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11955) +![](https://img.shields.io/static/v1?label=Product&message=GLPI&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Open%20Redirect&color=brighgreen) + +### Description + +A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component. + +### POC + +#### Reference +- https://vuldb.com/?id.296809 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-11958.md b/2024/CVE-2024-11958.md new file mode 100644 index 0000000000..794ffe199f --- /dev/null +++ b/2024/CVE-2024-11958.md @@ -0,0 +1,17 @@ +### [CVE-2024-11958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11958) +![](https://img.shields.io/static/v1?label=Product&message=run-llama%2Fllama_index&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command&color=brighgreen) + +### Description + +A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. This can lead to remote code execution (RCE) by installing the shellfs extension and executing malicious commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-11959.md b/2024/CVE-2024-11959.md new file mode 100644 index 0000000000..5dab324864 --- /dev/null +++ b/2024/CVE-2024-11959.md @@ -0,0 +1,18 @@ +### [CVE-2024-11959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11959) +![](https://img.shields.io/static/v1?label=Product&message=DIR-605L&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.13B01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/offshore0315/loT-vulnerable + diff --git a/2024/CVE-2024-11960.md b/2024/CVE-2024-11960.md new file mode 100644 index 0000000000..4ce86967de --- /dev/null +++ b/2024/CVE-2024-11960.md @@ -0,0 +1,18 @@ +### [CVE-2024-11960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11960) +![](https://img.shields.io/static/v1?label=Product&message=DIR-605L&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.13B01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/offshore0315/loT-vulnerable + diff --git a/2024/CVE-2024-11972.md b/2024/CVE-2024-11972.md new file mode 100644 index 0000000000..6e791cb1ab --- /dev/null +++ b/2024/CVE-2024-11972.md @@ -0,0 +1,19 @@ +### [CVE-2024-11972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11972) +![](https://img.shields.io/static/v1?label=Product&message=Hunk%20Companion&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/ + +#### Github +- https://github.com/JunTakemura/exploit-CVE-2024-11972 +- https://github.com/Nxploited/CVE-2024-11972-PoC +- https://github.com/RonF98/CVE-2024-11972-POC + diff --git a/2024/CVE-2024-11977.md b/2024/CVE-2024-11977.md new file mode 100644 index 0000000000..21f73883a6 --- /dev/null +++ b/2024/CVE-2024-11977.md @@ -0,0 +1,17 @@ +### [CVE-2024-11977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11977) +![](https://img.shields.io/static/v1?label=Product&message=kk%20Star%20Ratings%20%E2%80%93%20Rate%20Post%20%26%20Collect%20User%20Feedbacks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.4.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Research-WordPress-CVE + diff --git a/2024/CVE-2024-11986.md b/2024/CVE-2024-11986.md new file mode 100644 index 0000000000..846d33a1d2 --- /dev/null +++ b/2024/CVE-2024-11986.md @@ -0,0 +1,17 @@ +### [CVE-2024-11986](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11986) +![](https://img.shields.io/static/v1?label=Product&message=CrushFTP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/frontal1660/VanuatuForensic + diff --git a/2024/CVE-2024-12002.md b/2024/CVE-2024-12002.md new file mode 100644 index 0000000000..2536c38934 --- /dev/null +++ b/2024/CVE-2024-12002.md @@ -0,0 +1,21 @@ +### [CVE-2024-12002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12002) +![](https://img.shields.io/static/v1?label=Product&message=FH1201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FH1202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FH1206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FH451&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241129%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JohenanLi/router_vuls + diff --git a/2024/CVE-2024-12006.md b/2024/CVE-2024-12006.md new file mode 100644 index 0000000000..ed12218dc2 --- /dev/null +++ b/2024/CVE-2024-12006.md @@ -0,0 +1,17 @@ +### [CVE-2024-12006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12006) +![](https://img.shields.io/static/v1?label=Product&message=W3%20Total%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Tchoumis/Analyse_SI + diff --git a/2024/CVE-2024-12007.md b/2024/CVE-2024-12007.md new file mode 100644 index 0000000000..ab6a3c0461 --- /dev/null +++ b/2024/CVE-2024-12007.md @@ -0,0 +1,18 @@ +### [CVE-2024-12007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12007) +![](https://img.shields.io/static/v1?label=Product&message=Farmacia&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LamentXU123/LamentXU123 + diff --git a/2024/CVE-2024-12008.md b/2024/CVE-2024-12008.md new file mode 100644 index 0000000000..53e57b7744 --- /dev/null +++ b/2024/CVE-2024-12008.md @@ -0,0 +1,19 @@ +### [CVE-2024-12008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12008) +![](https://img.shields.io/static/v1?label=Product&message=W3%20Total%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Tchoumis/Analyse_SI +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/spyata123/CVE-2024-12008-information-exposure-vulnerability-in-W3-Total-Cache + diff --git a/2024/CVE-2024-12015.md b/2024/CVE-2024-12015.md new file mode 100644 index 0000000000..2fc1009d65 --- /dev/null +++ b/2024/CVE-2024-12015.md @@ -0,0 +1,17 @@ +### [CVE-2024-12015](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12015) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Project%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route. + +### POC + +#### Reference +- https://www.tenable.com/security/research/tra-2024-47 + +#### Github +- https://github.com/JoshuaMart/JoshuaMart + diff --git a/2024/CVE-2024-12019.md b/2024/CVE-2024-12019.md new file mode 100644 index 0000000000..9976ab7acf --- /dev/null +++ b/2024/CVE-2024-12019.md @@ -0,0 +1,18 @@ +### [CVE-2024-12019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12019) +![](https://img.shields.io/static/v1?label=Product&message=LogicalDOC%20Community&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LogicalDOC%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%209.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%3A%20Relative%20Path%20Traversal&color=brighgreen) + +### Description + +The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to read the contents of any file available within the privileges of the system user running the application. + +### POC + +#### Reference +- https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html + +#### Github +- https://github.com/gg0h/gg0h + diff --git a/2024/CVE-2024-12020.md b/2024/CVE-2024-12020.md new file mode 100644 index 0000000000..70226e7aa0 --- /dev/null +++ b/2024/CVE-2024-12020.md @@ -0,0 +1,17 @@ +### [CVE-2024-12020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12020) +![](https://img.shields.io/static/v1?label=Product&message=LogicalDOC%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge.This vulnerability only affects LogicalDOC Enterprise. + +### POC + +#### Reference +- https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12025.md b/2024/CVE-2024-12025.md new file mode 100644 index 0000000000..057d5e1575 --- /dev/null +++ b/2024/CVE-2024-12025.md @@ -0,0 +1,17 @@ +### [CVE-2024-12025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12025) +![](https://img.shields.io/static/v1?label=Product&message=Collapsing%20Categories&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12025 + diff --git a/2024/CVE-2024-12029.md b/2024/CVE-2024-12029.md new file mode 100644 index 0000000000..3450a9ffb0 --- /dev/null +++ b/2024/CVE-2024-12029.md @@ -0,0 +1,17 @@ +### [CVE-2024-12029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12029) +![](https://img.shields.io/static/v1?label=Product&message=invoke-ai%2Finvokeai&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%205.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cheshie/code-analysis + diff --git a/2024/CVE-2024-12035.md b/2024/CVE-2024-12035.md new file mode 100644 index 0000000000..ff810d3cba --- /dev/null +++ b/2024/CVE-2024-12035.md @@ -0,0 +1,17 @@ +### [CVE-2024-12035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12035) +![](https://img.shields.io/static/v1?label=Product&message=CS%20Framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JairCodes/critical-threats-modern-systems + diff --git a/2024/CVE-2024-1204.md b/2024/CVE-2024-1204.md index a4e9967acc..a6f9c56968 100644 --- a/2024/CVE-2024-1204.md +++ b/2024/CVE-2024-1204.md @@ -13,5 +13,6 @@ The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least - https://wpscan.com/vulnerability/03191b00-0b05-42db-9ce2-fc525981b6c9/ #### Github +- https://github.com/JBrocklyAnderson/ICSPatchPrioritization - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-12053.md b/2024/CVE-2024-12053.md new file mode 100644 index 0000000000..29a4beec7a --- /dev/null +++ b/2024/CVE-2024-12053.md @@ -0,0 +1,17 @@ +### [CVE-2024-12053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12053) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.108%3C%20131.0.6778.108%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/379009132 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1207.md b/2024/CVE-2024-1207.md index 9c75096886..28cb0cabb2 100644 --- a/2024/CVE-2024-1207.md +++ b/2024/CVE-2024-1207.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sahar042/CVE-2024-1207 - https://github.com/securitycipher/daily-bugbounty-writeups diff --git a/2024/CVE-2024-12084.md b/2024/CVE-2024-12084.md new file mode 100644 index 0000000000..9e699b94b9 --- /dev/null +++ b/2024/CVE-2024-12084.md @@ -0,0 +1,26 @@ +### [CVE-2024-12084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12084) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EGI-Federation/SVG-advisories +- https://github.com/Ostorlab/KEV +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/mosaicwang/myrpm +- https://github.com/rxerium/CVE-2024-12084 +- https://github.com/themirze/cve-2024-12084 + diff --git a/2024/CVE-2024-12085.md b/2024/CVE-2024-12085.md new file mode 100644 index 0000000000..87d62a424a --- /dev/null +++ b/2024/CVE-2024-12085.md @@ -0,0 +1,41 @@ +### [CVE-2024-12085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.9-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206%20Extended%20Lifecycle%20Support%20%20-%20EXTENSION&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207%20Extended%20Lifecycle%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.2%20Advanced%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Advanced%20Mission%20Critical%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Telecommunications%20Update%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Update%20Services%20for%20SAP%20Solutions&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Advanced%20Mission%20Critical%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Telecommunications%20Update%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Update%20Services%20for%20SAP%20Solutions&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Update%20Services%20for%20SAP%20Solutions&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.4%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.12&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.17&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Otsutez/cve-2024-12085 +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/mosaicwang/myrpm + diff --git a/2024/CVE-2024-12086.md b/2024/CVE-2024-12086.md new file mode 100644 index 0000000000..6ab93a5e62 --- /dev/null +++ b/2024/CVE-2024-12086.md @@ -0,0 +1,22 @@ +### [CVE-2024-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Detection%20of%20Error%20Condition%20Without%20Action&color=brighgreen) + +### Description + +A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/mosaicwang/myrpm + diff --git a/2024/CVE-2024-12087.md b/2024/CVE-2024-12087.md new file mode 100644 index 0000000000..1706e619ad --- /dev/null +++ b/2024/CVE-2024-12087.md @@ -0,0 +1,24 @@ +### [CVE-2024-12087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Discovery%201.14&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal%3A%20'...%2F...%2F%2F'&color=brighgreen) + +### Description + +A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/mosaicwang/myrpm + diff --git a/2024/CVE-2024-12088.md b/2024/CVE-2024-12088.md new file mode 100644 index 0000000000..061f275175 --- /dev/null +++ b/2024/CVE-2024-12088.md @@ -0,0 +1,24 @@ +### [CVE-2024-12088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Discovery%201.14&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal%3A%20'...%2F...%2F%2F'&color=brighgreen) + +### Description + +A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/mosaicwang/myrpm + diff --git a/2024/CVE-2024-12096.md b/2024/CVE-2024-12096.md new file mode 100644 index 0000000000..0ad9bc3e1c --- /dev/null +++ b/2024/CVE-2024-12096.md @@ -0,0 +1,17 @@ +### [CVE-2024-12096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12096) +![](https://img.shields.io/static/v1?label=Product&message=Exhibit%20to%20WP%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/aff431fa-d984-40de-8a15-21f18db97859/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12107.md b/2024/CVE-2024-12107.md new file mode 100644 index 0000000000..7bb0aad834 --- /dev/null +++ b/2024/CVE-2024-12107.md @@ -0,0 +1,17 @@ +### [CVE-2024-12107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12107) +![](https://img.shields.io/static/v1?label=Product&message=%C2%B5D3TN&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.14.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-415%3A%20Double%20Free&color=brighgreen) + +### Description + +Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/StephanHav/StephanHav + diff --git a/2024/CVE-2024-12109.md b/2024/CVE-2024-12109.md new file mode 100644 index 0000000000..3b24d288ef --- /dev/null +++ b/2024/CVE-2024-12109.md @@ -0,0 +1,17 @@ +### [CVE-2024-12109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12109) +![](https://img.shields.io/static/v1?label=Product&message=Product%20Labels%20For%20Woocommerce%20(Sale%20Badges)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2eca2f88-c843-4794-8cd9-46f17c92753a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1211.md b/2024/CVE-2024-1211.md new file mode 100644 index 0000000000..5a6aa8e20c --- /dev/null +++ b/2024/CVE-2024-1211.md @@ -0,0 +1,17 @@ +### [CVE-2024-1211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1211) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.6%3C%2016.9.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sim4n6/Sim4n6 + diff --git a/2024/CVE-2024-1212.md b/2024/CVE-2024-1212.md index 92486591ab..bb6c736454 100644 --- a/2024/CVE-2024-1212.md +++ b/2024/CVE-2024-1212.md @@ -15,9 +15,14 @@ Unauthenticated remote attackers can access the system through the LoadMaster ma #### Github - https://github.com/Chocapikk/CVE-2024-1212 - https://github.com/Ostorlab/KEV +- https://github.com/Rehan07-Human/Exploiting-RCE-Cyber_Project_CVE-2024-1212 - https://github.com/RhinoSecurityLabs/CVEs - https://github.com/XRSec/AWVS-Update - https://github.com/YN1337/Kemp-LoadMaster- +- https://github.com/alex14324/UCMDI +- https://github.com/nak000/CVE-2024-1212 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/packetinside/CISA_BOT +- https://github.com/r0otk3r/CVE-2024-1212 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-12133.md b/2024/CVE-2024-12133.md new file mode 100644 index 0000000000..f80b986785 --- /dev/null +++ b/2024/CVE-2024-12133.md @@ -0,0 +1,24 @@ +### [CVE-2024-12133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Discovery%201.14&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.4%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inefficient%20Algorithmic%20Complexity&color=brighgreen) + +### Description + +A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-12148.md b/2024/CVE-2024-12148.md new file mode 100644 index 0000000000..c460583c54 --- /dev/null +++ b/2024/CVE-2024-12148.md @@ -0,0 +1,17 @@ +### [CVE-2024-12148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12148) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.3.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%3A%20Incorrect%20Authorization&color=brighgreen) + +### Description + +Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0017 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12149.md b/2024/CVE-2024-12149.md new file mode 100644 index 0000000000..e96b042ba4 --- /dev/null +++ b/2024/CVE-2024-12149.md @@ -0,0 +1,17 @@ +### [CVE-2024-12149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12149) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Desktop%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.3.19.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%3A%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0017 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12151.md b/2024/CVE-2024-12151.md new file mode 100644 index 0000000000..f92bf781ab --- /dev/null +++ b/2024/CVE-2024-12151.md @@ -0,0 +1,17 @@ +### [CVE-2024-12151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12151) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.3.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%3A%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0017 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12157.md b/2024/CVE-2024-12157.md new file mode 100644 index 0000000000..4bfc0eeca2 --- /dev/null +++ b/2024/CVE-2024-12157.md @@ -0,0 +1,17 @@ +### [CVE-2024-12157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12157) +![](https://img.shields.io/static/v1?label=Product&message=Popup%20%E2%80%93%20MailChimp%2C%20GetResponse%20and%20ActiveCampaign%20Intergrations&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12157 + diff --git a/2024/CVE-2024-12163.md b/2024/CVE-2024-12163.md new file mode 100644 index 0000000000..4bdda17bad --- /dev/null +++ b/2024/CVE-2024-12163.md @@ -0,0 +1,17 @@ +### [CVE-2024-12163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12163) +![](https://img.shields.io/static/v1?label=Product&message=goodlayers-core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ea704054-fb66-4014-89bd-1c61074f64e5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12172.md b/2024/CVE-2024-12172.md new file mode 100644 index 0000000000..4a63b32650 --- /dev/null +++ b/2024/CVE-2024-12172.md @@ -0,0 +1,17 @@ +### [CVE-2024-12172](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12172) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Courses%20LMS%20%E2%80%93%20Online%20Courses%20Builder%2C%20eLearning%20Courses%2C%20Courses%20Solution%2C%20Education%20Courses&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary user's metadata which can be levereged to block an administrator from accessing their site when wp_capabilities is set to 0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12172 + diff --git a/2024/CVE-2024-12173.md b/2024/CVE-2024-12173.md new file mode 100644 index 0000000000..dde4ec44ee --- /dev/null +++ b/2024/CVE-2024-12173.md @@ -0,0 +1,17 @@ +### [CVE-2024-12173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12173) +![](https://img.shields.io/static/v1?label=Product&message=Master%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.10.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0f35be0e-0f63-4e33-aa4d-c47b1f1e0595/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12196.md b/2024/CVE-2024-12196.md new file mode 100644 index 0000000000..0f9cb77fd7 --- /dev/null +++ b/2024/CVE-2024-12196.md @@ -0,0 +1,17 @@ +### [CVE-2024-12196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12196) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.3.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%3A%20Incorrect%20Authorization&color=brighgreen) + +### Description + +Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0017 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12209.md b/2024/CVE-2024-12209.md new file mode 100644 index 0000000000..e7c21f8a08 --- /dev/null +++ b/2024/CVE-2024-12209.md @@ -0,0 +1,19 @@ +### [CVE-2024-12209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12209) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Umbrella%3A%20Update%20Backup%20Restore%20%26%20Monitoring&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.17.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen) + +### Description + +The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-12209 +- https://github.com/Ostorlab/KEV +- https://github.com/RandomRobbieBF/CVE-2024-12209 + diff --git a/2024/CVE-2024-1221.md b/2024/CVE-2024-1221.md index 99f5890e43..cac1adc882 100644 --- a/2024/CVE-2024-1221.md +++ b/2024/CVE-2024-1221.md @@ -1,7 +1,7 @@ ### [CVE-2024-1221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1221) ![](https://img.shields.io/static/v1?label=Product&message=PaperCut%20NG%2C%20PaperCut%20MF&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-76%20Improper%20Neutralization%20of%20Equivalent%20Special%20Elements&color=brighgreen) ### Description diff --git a/2024/CVE-2024-1222.md b/2024/CVE-2024-1222.md index 1dcd367882..3024addbc4 100644 --- a/2024/CVE-2024-1222.md +++ b/2024/CVE-2024-1222.md @@ -1,7 +1,7 @@ ### [CVE-2024-1222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1222) ![](https://img.shields.io/static/v1?label=Product&message=PaperCut%20NG%2C%20PaperCut%20MF&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%3A%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen) ### Description diff --git a/2024/CVE-2024-1223.md b/2024/CVE-2024-1223.md index 8b9b697451..cbb059c056 100644 --- a/2024/CVE-2024-1223.md +++ b/2024/CVE-2024-1223.md @@ -1,7 +1,7 @@ ### [CVE-2024-1223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1223) ![](https://img.shields.io/static/v1?label=Product&message=PaperCut%20NG%2C%20PaperCut%20MF&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-488%3A%20Exposure%20of%20Data%20Element%20to%20Wrong%20Session&color=brighgreen) ### Description diff --git a/2024/CVE-2024-12232.md b/2024/CVE-2024-12232.md new file mode 100644 index 0000000000..2678b671fb --- /dev/null +++ b/2024/CVE-2024-12232.md @@ -0,0 +1,18 @@ +### [CVE-2024-12232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12232) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20CRUD%20Functionality&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LamentXU123/LamentXU123 + diff --git a/2024/CVE-2024-12233.md b/2024/CVE-2024-12233.md new file mode 100644 index 0000000000..3c2a2ae279 --- /dev/null +++ b/2024/CVE-2024-12233.md @@ -0,0 +1,18 @@ +### [CVE-2024-12233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12233) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Notice%20Board&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Controls&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LamentXU123/LamentXU123 + diff --git a/2024/CVE-2024-12234.md b/2024/CVE-2024-12234.md new file mode 100644 index 0000000000..5da0b2fa5d --- /dev/null +++ b/2024/CVE-2024-12234.md @@ -0,0 +1,18 @@ +### [CVE-2024-12234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12234) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Parlour%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. + +### POC + +#### Reference +- https://github.com/Hacker0xone/CVE/issues/17 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12243.md b/2024/CVE-2024-12243.md new file mode 100644 index 0000000000..32d266616c --- /dev/null +++ b/2024/CVE-2024-12243.md @@ -0,0 +1,25 @@ +### [CVE-2024-12243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12243) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Discovery%201.14&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.4%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inefficient%20Algorithmic%20Complexity&color=brighgreen) + +### Description + +A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GitHubForSnap/ssmtp-gael +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-12245.md b/2024/CVE-2024-12245.md new file mode 100644 index 0000000000..be4b5dc234 --- /dev/null +++ b/2024/CVE-2024-12245.md @@ -0,0 +1,18 @@ +### [CVE-2024-12245](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12245) +![](https://img.shields.io/static/v1?label=Product&message=LogicalDOC%20Community&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LogicalDOC%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. + +### POC + +#### Reference +- https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12252.md b/2024/CVE-2024-12252.md new file mode 100644 index 0000000000..21f051c8f7 --- /dev/null +++ b/2024/CVE-2024-12252.md @@ -0,0 +1,19 @@ +### [CVE-2024-12252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12252) +![](https://img.shields.io/static/v1?label=Product&message=SEO%20LAT%20Auto%20Post&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-12252 +- https://github.com/RandomRobbieBF/CVE-2024-12252 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-12254.md b/2024/CVE-2024-12254.md new file mode 100644 index 0000000000..3138cf32f1 --- /dev/null +++ b/2024/CVE-2024-12254.md @@ -0,0 +1,20 @@ +### [CVE-2024-12254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12254) +![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.12.0%3C%203.14.0a3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion.This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GitHubForSnap/matrix-commander-gael +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-12270.md b/2024/CVE-2024-12270.md new file mode 100644 index 0000000000..709a507982 --- /dev/null +++ b/2024/CVE-2024-12270.md @@ -0,0 +1,17 @@ +### [CVE-2024-12270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12270) +![](https://img.shields.io/static/v1?label=Product&message=Beautiful%20taxonomy%20filters&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12270 + diff --git a/2024/CVE-2024-12273.md b/2024/CVE-2024-12273.md new file mode 100644 index 0000000000..26b72a322b --- /dev/null +++ b/2024/CVE-2024-12273.md @@ -0,0 +1,17 @@ +### [CVE-2024-12273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12273) +![](https://img.shields.io/static/v1?label=Product&message=Calculated%20Fields%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.2.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/90333618-2be7-49cf-822a-819699f07977/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12274.md b/2024/CVE-2024-12274.md new file mode 100644 index 0000000000..ee2692b7ad --- /dev/null +++ b/2024/CVE-2024-12274.md @@ -0,0 +1,17 @@ +### [CVE-2024-12274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12274) +![](https://img.shields.io/static/v1?label=Product&message=Appointment%20Booking%20Calendar%20Plugin%20and%20Scheduling%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.23%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12275.md b/2024/CVE-2024-12275.md new file mode 100644 index 0000000000..e3abf4d323 --- /dev/null +++ b/2024/CVE-2024-12275.md @@ -0,0 +1,17 @@ +### [CVE-2024-12275](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12275) +![](https://img.shields.io/static/v1?label=Product&message=Canvasflow%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ca5bf8bd-a124-4088-a267-fd8a01cb4f4a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12280.md b/2024/CVE-2024-12280.md new file mode 100644 index 0000000000..7830f2cb3f --- /dev/null +++ b/2024/CVE-2024-12280.md @@ -0,0 +1,17 @@ +### [CVE-2024-12280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12280) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Customer%20Area&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2b32c0b8-28bb-4220-800b-4c369bca91c5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12282.md b/2024/CVE-2024-12282.md new file mode 100644 index 0000000000..3999919126 --- /dev/null +++ b/2024/CVE-2024-12282.md @@ -0,0 +1,18 @@ +### [CVE-2024-12282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12282) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%E8%BF%9E%E6%8E%A5%E5%BE%AE%E5%8D%9A&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2d81f038-e2bb-4906-a954-78dc971ed793/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12284.md b/2024/CVE-2024-12284.md new file mode 100644 index 0000000000..1c4ee93f4f --- /dev/null +++ b/2024/CVE-2024-12284.md @@ -0,0 +1,19 @@ +### [CVE-2024-12284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12284) +![](https://img.shields.io/static/v1?label=Product&message=Agent&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Console&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=14.1%3C%2038.53%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/apiverve/news-API +- https://github.com/apiverve/news.Python-API + diff --git a/2024/CVE-2024-12301.md b/2024/CVE-2024-12301.md new file mode 100644 index 0000000000..643ab102dc --- /dev/null +++ b/2024/CVE-2024-12301.md @@ -0,0 +1,17 @@ +### [CVE-2024-12301](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12301) +![](https://img.shields.io/static/v1?label=Product&message=JSP%20Store%20Locator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5d93db07-415f-475b-a76d-2e12f849a4dc/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12302.md b/2024/CVE-2024-12302.md new file mode 100644 index 0000000000..8df6b0a735 --- /dev/null +++ b/2024/CVE-2024-12302.md @@ -0,0 +1,17 @@ +### [CVE-2024-12302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12302) +![](https://img.shields.io/static/v1?label=Product&message=Icegram%20Engage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ed860dac-8c4a-482f-8826-31f1a894b6ce/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12305.md b/2024/CVE-2024-12305.md new file mode 100644 index 0000000000..9feca54f12 --- /dev/null +++ b/2024/CVE-2024-12305.md @@ -0,0 +1,17 @@ +### [CVE-2024-12305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12305) +![](https://img.shields.io/static/v1?label=Product&message=Unifiedtransform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ZHAW-Infosec-Research-Group/A2CT + diff --git a/2024/CVE-2024-12306.md b/2024/CVE-2024-12306.md new file mode 100644 index 0000000000..f3a4571b57 --- /dev/null +++ b/2024/CVE-2024-12306.md @@ -0,0 +1,18 @@ +### [CVE-2024-12306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12306) +![](https://img.shields.io/static/v1?label=Product&message=Unifiedtransform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ZHAW-Infosec-Research-Group/A2CT + diff --git a/2024/CVE-2024-12307.md b/2024/CVE-2024-12307.md new file mode 100644 index 0000000000..8d4d2c66af --- /dev/null +++ b/2024/CVE-2024-12307.md @@ -0,0 +1,17 @@ +### [CVE-2024-12307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12307) +![](https://img.shields.io/static/v1?label=Product&message=Unifiedtransform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ZHAW-Infosec-Research-Group/A2CT + diff --git a/2024/CVE-2024-12308.md b/2024/CVE-2024-12308.md new file mode 100644 index 0000000000..1e389a0301 --- /dev/null +++ b/2024/CVE-2024-12308.md @@ -0,0 +1,17 @@ +### [CVE-2024-12308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12308) +![](https://img.shields.io/static/v1?label=Product&message=Logo%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fa82ada7-357b-4f01-a0d6-ff633b188a80/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12311.md b/2024/CVE-2024-12311.md new file mode 100644 index 0000000000..c23da0f78d --- /dev/null +++ b/2024/CVE-2024-12311.md @@ -0,0 +1,17 @@ +### [CVE-2024-12311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12311) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Subscribers%20by%20Icegram%20Express&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.7.44%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5e00ba37-da7f-4703-a0b9-65237696fbdd/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12312.md b/2024/CVE-2024-12312.md new file mode 100644 index 0000000000..b0c5954d52 --- /dev/null +++ b/2024/CVE-2024-12312.md @@ -0,0 +1,17 @@ +### [CVE-2024-12312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12312) +![](https://img.shields.io/static/v1?label=Product&message=Print%20Science%20Designer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.152%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/runwuf/clickhouse-test + diff --git a/2024/CVE-2024-12321.md b/2024/CVE-2024-12321.md new file mode 100644 index 0000000000..7b8ec39f9b --- /dev/null +++ b/2024/CVE-2024-12321.md @@ -0,0 +1,17 @@ +### [CVE-2024-12321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12321) +![](https://img.shields.io/static/v1?label=Product&message=WC%20Affiliate&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d4c55d30-1c15-41ee-95e0-670891d67684/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1234.md b/2024/CVE-2024-1234.md index 860cfa53f9..c1163de360 100644 --- a/2024/CVE-2024-1234.md +++ b/2024/CVE-2024-1234.md @@ -14,13 +14,110 @@ No PoCs from references. #### Github - https://github.com/0x41424142/qualyspy +- https://github.com/0xC1pher/code-agente +- https://github.com/AcidicSoil/OSPAiN2 +- https://github.com/AndiisWorld/InfoSecTrackerBot +- https://github.com/ArtPreis/CVEMonitor +- https://github.com/Arun152k/vulnerability-scanner-api +- https://github.com/Bot-Maintains/CodXCD-DevOps-Copilot +- https://github.com/BuildAndDestroy/ai-cve-mcp-server +- https://github.com/BuildAndDestroy/ai-cve-vector-data +- https://github.com/ByteHackr/fedora-cve-dashboard +- https://github.com/Chinzzii/vulnscan - https://github.com/CraigDonkin/Microsoft-CVE-Lookup +- https://github.com/Cyber-Agents-Fleet/CVE-MCP-Server +- https://github.com/CyberSecAI/cve_dedup +- https://github.com/Dleifnesor/Nexus - https://github.com/EDJIM143341/Project---Ethical-Hacking-Report +- https://github.com/FerdiGul/euvdmapper +- https://github.com/Hanimn/Workshop-Labs +- https://github.com/JamesH86/NexusPhantom +- https://github.com/JigyasuRajput/vex-updater +- https://github.com/JpaulCRN/complyr +- https://github.com/Kevin-Li-2025/mamg - https://github.com/KyJr3os/Ethical-Hacking-Technical-Report +- https://github.com/Monica-Sai/kaicyber +- https://github.com/Mr-rakeshnaik/ShodanGUI +- https://github.com/Nitesh-NEU/llm-app-fork +- https://github.com/Ovenoboyo/kai-take-home +- https://github.com/Raymon9/delta-force-booster +- https://github.com/Rotemkal/AutoCVEAnalyzer +- https://github.com/SakamataDenji/bento-bsd +- https://github.com/SeanMooney/ca-bhfuil +- https://github.com/TFSID/CyberAI +- https://github.com/TFSID/Trainee +- https://github.com/TFury30/CheckCVE +- https://github.com/Vistaminc/AliyunCVE_Crawler - https://github.com/West-wise/nuclei_template_generater +- https://github.com/Xdoom99/ThreatIntel-NLP +- https://github.com/adhir-potdar/cve-mcp +- https://github.com/aditikilledar/SecurityScanAPI +- https://github.com/ai-agents-cybersecurity/NVD-Extractor +- https://github.com/alans0011/nist-cve-api +- https://github.com/amitbisoyi/W.V.S +- https://github.com/anthonyharrison/vex2doc +- https://github.com/arielkl9/AI-Threat-Intel +- https://github.com/barghava/portfolio +- https://github.com/bibo318/Cyberbugs-Tracker +- https://github.com/cd1zz/servicenow-security-copilot +- https://github.com/chanduusc/Devops-task +- https://github.com/cheongcode/n0h4ts-discord-bot - https://github.com/chinocchio/EthicalHacking +- https://github.com/chriszubiaga/cvedetails-scraper +- https://github.com/crozzy/vex-mcp +- https://github.com/csgol/ThreatFetch +- https://github.com/ctrliq/kernel-src-tree-tools +- https://github.com/cyse7125-su24-team09/llm-app +- https://github.com/danieleschmidt/provenance-graph-sbom-linker +- https://github.com/dhbarman/vulnerability +- https://github.com/dig-sec/autonomous_research - https://github.com/dumpnidadai/Ethical_Final +- https://github.com/erinczarnecki/pairing_interview_erin_czarnecki +- https://github.com/hafedh049/SecureTenants-Multi-Tenant-SaaS-CI-CD-DevSecOps-Platform +- https://github.com/hatlesswizard/PatchLeaks +- https://github.com/hruthwikkk/vulnerability_scanner +- https://github.com/ihrishikesh0896/vulnreach +- https://github.com/isarax3al/CognitiveVulnerabilityManager +- https://github.com/jayvishaalj/JSON_Vulnerability_Scan_Parser +- https://github.com/kagesensei/SimpleSpacy +- https://github.com/kaitlinmannings/Security_Lab +- https://github.com/kartikeya55555/vulnerability-scanner +- https://github.com/kayoMichael/CVE +- https://github.com/kettu-studio/openreport +- https://github.com/kharonsec/CVE_Bot +- https://github.com/ktfth/soft-awake +- https://github.com/kwkeefer/cookiecutter-poc +- https://github.com/lengo0951/cve-hunter +- https://github.com/lgopalab/vulnerability-scan +- https://github.com/luckYYz/suppress-checker +- https://github.com/mauvehed/kevvy - https://github.com/mingyeongbae93/mingyeongbae93 +- https://github.com/mkdemir/cve-harbor - https://github.com/mncbndy/Final-Project---Ethical-Hacking-Report +- https://github.com/mxgms/debian-audit - https://github.com/nattino9/Ethical-Hacking-Finals-Project +- https://github.com/nikhila26/github-vuln-scanner +- https://github.com/nilayjain12/github-scanner +- https://github.com/noforn/BREATHLESSSYMPHONY +- https://github.com/oujunke/ServerShield +- https://github.com/ozanunal0/viper +- https://github.com/pranavipranz/cve-analyst-langgraph +- https://github.com/pre-msc-2027/api +- https://github.com/projectdiscovery/cvemap +- https://github.com/r00tH3x/CVEHunterX +- https://github.com/realhugn/sploitus_crawler +- https://github.com/reicalasso/pinguard +- https://github.com/rezaduty/QueryExploit-Notebook +- https://github.com/sachinak/go-project +- https://github.com/secureta/vulnerability-links +- https://github.com/shrutii253/cve-intelligent-chatbot +- https://github.com/snkzt/cve-explainer-workflow +- https://github.com/souben/vul-scanner +- https://github.com/soubhi/CVEScanner +- https://github.com/sscafi/firmwareAnalyzer +- https://github.com/vertexneuralforge/Machine-Learning-Based-Exploitability-Prediction-for-Penetration-Testing +- https://github.com/vikramaditya-tatke/dlt-pipeline-examples +- https://github.com/williamzujkowski/NOPE +- https://github.com/yeger00/kev-mcp +- https://github.com/zoocandoit/snort-helper diff --git a/2024/CVE-2024-12342.md b/2024/CVE-2024-12342.md new file mode 100644 index 0000000000..888a46d03c --- /dev/null +++ b/2024/CVE-2024-12342.md @@ -0,0 +1,19 @@ +### [CVE-2024-12342](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12342) +![](https://img.shields.io/static/v1?label=Product&message=VN020%20F3v(T)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20TT_V6.2.1021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen) + +### Description + +A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Zephkek/TP-WANPunch +- https://github.com/becrevex/TPLink-VN020-DoS +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-12343.md b/2024/CVE-2024-12343.md new file mode 100644 index 0000000000..df15200b77 --- /dev/null +++ b/2024/CVE-2024-12343.md @@ -0,0 +1,18 @@ +### [CVE-2024-12343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12343) +![](https://img.shields.io/static/v1?label=Product&message=VN020%20F3v(T)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20TT_V6.2.1021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Zephkek/TP-WANPunch + diff --git a/2024/CVE-2024-12344.md b/2024/CVE-2024-12344.md new file mode 100644 index 0000000000..a0a4244b56 --- /dev/null +++ b/2024/CVE-2024-12344.md @@ -0,0 +1,17 @@ +### [CVE-2024-12344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12344) +![](https://img.shields.io/static/v1?label=Product&message=VN020%20F3v(T)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20TT_V6.2.1021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Zephkek/TP-1450 + diff --git a/2024/CVE-2024-12345.md b/2024/CVE-2024-12345.md new file mode 100644 index 0000000000..40e031718f --- /dev/null +++ b/2024/CVE-2024-12345.md @@ -0,0 +1,62 @@ +### [CVE-2024-12345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12345) +![](https://img.shields.io/static/v1?label=Product&message=Krbyyyzo&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2025.2002%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Resource%20Consumption&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack on the local host. Other endpoints might be affected as well. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/25S22/NIST-NVD-CVE-Watcher +- https://github.com/EPAM-SECLAB-UA/SBOM-JSON-Schema-Validator-Similarity-Analyzer +- https://github.com/HadarYoshvayav/VulnTrack +- https://github.com/MITRE-Cyber-Security-CVE-Database/mitre-cve-database +- https://github.com/Mikekellydev/Sparkwave-Insight +- https://github.com/NeoDay0/Pulse +- https://github.com/Obelisc26/soc-insight-render +- https://github.com/ProjectProRepo/Building-Multi-AI-Agent-Systems-using-CrewAI +- https://github.com/RafalW3bCraft/VulnPublisherPro +- https://github.com/RehanFazal77/kubernetes-cve-scanner +- https://github.com/Valmarelox/ghsa-client +- https://github.com/blackXploit-404/pacguard +- https://github.com/claraneves23/seguranca_da_informacao +- https://github.com/darksagae/wpscan +- https://github.com/esvanoe/cve-checker +- https://github.com/fekri600/tf-aws-devsecops-ecr-pipeline +- https://github.com/friendlyhacker-py/NVD-Vulnerability-Scanner +- https://github.com/gnlds/mcp-cve-intelligence-server-lite +- https://github.com/h4sh5/cve-enricher +- https://github.com/hiitaro/CVE-Searcher +- https://github.com/jfeddern/VulnRelay +- https://github.com/kasturixbm5/Automate-this-shi +- https://github.com/kerouacwannabe/CVE-Vuln-Evaluator +- https://github.com/kmukoo101/security_tools +- https://github.com/marklechner/cvewb +- https://github.com/maxime67/ONE_sync +- https://github.com/minamoto-me/ios-security-tracker +- https://github.com/msumari/vulnagent +- https://github.com/n3ptune-plan3t/pacguard +- https://github.com/nashaddams/audit +- https://github.com/pdevhare1/Capstone +- https://github.com/psagar-dev/capstone-2 +- https://github.com/runwuf/clickhouse-test +- https://github.com/sachin-gaikhe/vulnerability-tracing-service +- https://github.com/sahar042/Shodan-IDOR-2 +- https://github.com/scagogogo/cxsecurity-crawler +- https://github.com/sherazi1214/Vulnerability-Identification- +- https://github.com/splunk-soar-connectors/greynoise +- https://github.com/steven-d-pennington/aws-inspector-report-tool +- https://github.com/vicentewncosta/CVE +- https://github.com/w159/PAINFUL +- https://github.com/wweber993/openvas-n8n-tickets +- https://github.com/xmoezzz/cve-change-tracker +- https://github.com/yoely282/CVE-Analysis +- https://github.com/yutimmy/mis-security-platform + diff --git a/2024/CVE-2024-12346.md b/2024/CVE-2024-12346.md new file mode 100644 index 0000000000..469d8ac613 --- /dev/null +++ b/2024/CVE-2024-12346.md @@ -0,0 +1,18 @@ +### [CVE-2024-12346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12346) +![](https://img.shields.io/static/v1?label=Product&message=Talentera&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020241128%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h4sh5/cve-enricher + diff --git a/2024/CVE-2024-12347.md b/2024/CVE-2024-12347.md new file mode 100644 index 0000000000..7597fd40c2 --- /dev/null +++ b/2024/CVE-2024-12347.md @@ -0,0 +1,18 @@ +### [CVE-2024-12347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12347) +![](https://img.shields.io/static/v1?label=Product&message=Jeewms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Privilege%20Assignment&color=brighgreen) + +### Description + +A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h4sh5/cve-enricher + diff --git a/2024/CVE-2024-1235.md b/2024/CVE-2024-1235.md new file mode 100644 index 0000000000..17ca424b1a --- /dev/null +++ b/2024/CVE-2024-1235.md @@ -0,0 +1,17 @@ +### [CVE-2024-1235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1235) +![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Addons%20by%20Livemesh&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/reicalasso/pinguard + diff --git a/2024/CVE-2024-12356.md b/2024/CVE-2024-12356.md new file mode 100644 index 0000000000..54bd056f8d --- /dev/null +++ b/2024/CVE-2024-12356.md @@ -0,0 +1,18 @@ +### [CVE-2024-12356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12356) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Support%20%26%20Privileged%20Remote%20Access&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2024.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-12365.md b/2024/CVE-2024-12365.md new file mode 100644 index 0000000000..f9f0aba1d9 --- /dev/null +++ b/2024/CVE-2024-12365.md @@ -0,0 +1,19 @@ +### [CVE-2024-12365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12365) +![](https://img.shields.io/static/v1?label=Product&message=W3%20Total%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Tchoumis/Analyse_SI +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/spyata123/W3TotalChache + diff --git a/2024/CVE-2024-12368.md b/2024/CVE-2024-12368.md new file mode 100644 index 0000000000..62a6d6a01a --- /dev/null +++ b/2024/CVE-2024-12368.md @@ -0,0 +1,18 @@ +### [CVE-2024-12368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12368) +![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Community&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Odoo%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/migros/migros-security-advisories + diff --git a/2024/CVE-2024-12379.md b/2024/CVE-2024-12379.md new file mode 100644 index 0000000000..14ad6d5293 --- /dev/null +++ b/2024/CVE-2024-12379.md @@ -0,0 +1,17 @@ +### [CVE-2024-12379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12379) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=14.1%3C%2017.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sim4n6/Sim4n6 + diff --git a/2024/CVE-2024-12381.md b/2024/CVE-2024-12381.md new file mode 100644 index 0000000000..ca43f8f93c --- /dev/null +++ b/2024/CVE-2024-12381.md @@ -0,0 +1,17 @@ +### [CVE-2024-12381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12381) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.139%3C%20131.0.6778.139%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/381696874 + +#### Github +- https://github.com/leesh3288/leesh3288 + diff --git a/2024/CVE-2024-12382.md b/2024/CVE-2024-12382.md new file mode 100644 index 0000000000..61e43a2b33 --- /dev/null +++ b/2024/CVE-2024-12382.md @@ -0,0 +1,17 @@ +### [CVE-2024-12382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12382) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.139%3C%20131.0.6778.139%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/379516109 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12400.md b/2024/CVE-2024-12400.md new file mode 100644 index 0000000000..7fcc03d12e --- /dev/null +++ b/2024/CVE-2024-12400.md @@ -0,0 +1,17 @@ +### [CVE-2024-12400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12400) +![](https://img.shields.io/static/v1?label=Product&message=tourmaster&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.3.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3542315c-93c3-41dd-a99e-02a38cfd58fb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12404.md b/2024/CVE-2024-12404.md new file mode 100644 index 0000000000..66503f7608 --- /dev/null +++ b/2024/CVE-2024-12404.md @@ -0,0 +1,17 @@ +### [CVE-2024-12404](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12404) +![](https://img.shields.io/static/v1?label=Product&message=CF%20Internal%20Link%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12404 + diff --git a/2024/CVE-2024-12425.md b/2024/CVE-2024-12425.md new file mode 100644 index 0000000000..8ee732d2d6 --- /dev/null +++ b/2024/CVE-2024-12425.md @@ -0,0 +1,17 @@ +### [CVE-2024-12425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12425) +![](https://img.shields.io/static/v1?label=Product&message=LibreOffice&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=24.8%3C%20%3C%2024.8.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files.This issue affects LibreOffice: from 24.8 before < 24.8.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/alecdhuse/Lantern-Shark + diff --git a/2024/CVE-2024-12426.md b/2024/CVE-2024-12426.md new file mode 100644 index 0000000000..87f9f22e73 --- /dev/null +++ b/2024/CVE-2024-12426.md @@ -0,0 +1,17 @@ +### [CVE-2024-12426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12426) +![](https://img.shields.io/static/v1?label=Product&message=LibreOffice&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=24.8%3C%20%3C%2024.8.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.This issue affects LibreOffice: from 24.8 before < 24.8.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Icare1337/LibreOffice_Tips_Bug_Bounty + diff --git a/2024/CVE-2024-12436.md b/2024/CVE-2024-12436.md new file mode 100644 index 0000000000..ec084362ce --- /dev/null +++ b/2024/CVE-2024-12436.md @@ -0,0 +1,17 @@ +### [CVE-2024-12436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12436) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Customer%20Area&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3345a403-f62c-40c1-b7ae-bc947591e02a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1247.md b/2024/CVE-2024-1247.md index 8abde191ad..2f7e1bf8ff 100644 --- a/2024/CVE-2024-1247.md +++ b/2024/CVE-2024-1247.md @@ -13,5 +13,7 @@ Concrete CMS version 9 before 9.2.5 is vulnerable to  stored XSS via the Role No PoCs from references. #### Github +- https://github.com/Nxploited/CVE-2024-1247-PoC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-12471.md b/2024/CVE-2024-12471.md new file mode 100644 index 0000000000..2774036c27 --- /dev/null +++ b/2024/CVE-2024-12471.md @@ -0,0 +1,18 @@ +### [CVE-2024-12471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12471) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Saint%3A%20ChatGPT%2C%20GPT4%2C%20DALL-E%2C%20Stable%20Diffusion%2C%20Pexels%2C%20Dezgo%20AI%20Text%20%26%20Image%20Generator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-1247-PoC +- https://github.com/RandomRobbieBF/CVE-2024-12471 + diff --git a/2024/CVE-2024-12476.md b/2024/CVE-2024-12476.md new file mode 100644 index 0000000000..b34e6b5e83 --- /dev/null +++ b/2024/CVE-2024-12476.md @@ -0,0 +1,21 @@ +### [CVE-2024-12476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12476) +![](https://img.shields.io/static/v1?label=Product&message=Web%20Designer%20for%20BMENOC0311(C)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Web%20Designer%20for%20BMENOC0321(C)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Web%20Designer%20for%20BMXNOE0110(H)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Web%20Designer%20for%20BMXNOR0200H&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20Versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that couldcause information disclosure, impacts workstation integrity and potential remote code execution on thecompromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-12483.md b/2024/CVE-2024-12483.md new file mode 100644 index 0000000000..65858ef5c6 --- /dev/null +++ b/2024/CVE-2024-12483.md @@ -0,0 +1,18 @@ +### [CVE-2024-12483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12483) +![](https://img.shields.io/static/v1?label=Product&message=UJCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authorization%20Bypass&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authorization&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-12484.md b/2024/CVE-2024-12484.md new file mode 100644 index 0000000000..466b59c191 --- /dev/null +++ b/2024/CVE-2024-12484.md @@ -0,0 +1,18 @@ +### [CVE-2024-12484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12484) +![](https://img.shields.io/static/v1?label=Product&message=Technical%20Discussion%20Forum&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LiChaser/CVE-2024-12484 + diff --git a/2024/CVE-2024-1250.md b/2024/CVE-2024-1250.md index a50af25664..589c6d8bdd 100644 --- a/2024/CVE-2024-1250.md +++ b/2024/CVE-2024-1250.md @@ -1,7 +1,7 @@ ### [CVE-2024-1250](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1250) ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=16.8%3C%2016.8.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-268%3A%20Privilege%20Chaining&color=brighgreen) ### Description diff --git a/2024/CVE-2024-12535.md b/2024/CVE-2024-12535.md new file mode 100644 index 0000000000..bb79000062 --- /dev/null +++ b/2024/CVE-2024-12535.md @@ -0,0 +1,17 @@ +### [CVE-2024-12535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12535) +![](https://img.shields.io/static/v1?label=Product&message=Host%20PHP%20Info&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12535 + diff --git a/2024/CVE-2024-12542.md b/2024/CVE-2024-12542.md new file mode 100644 index 0000000000..7d1fcb4581 --- /dev/null +++ b/2024/CVE-2024-12542.md @@ -0,0 +1,18 @@ +### [CVE-2024-12542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12542) +![](https://img.shields.io/static/v1?label=Product&message=linkID&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%200.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-12542-PoC +- https://github.com/RandomRobbieBF/CVE-2024-12542 + diff --git a/2024/CVE-2024-12558.md b/2024/CVE-2024-12558.md new file mode 100644 index 0000000000..62d6a180b8 --- /dev/null +++ b/2024/CVE-2024-12558.md @@ -0,0 +1,18 @@ +### [CVE-2024-12558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12558) +![](https://img.shields.io/static/v1?label=Product&message=WP%20BASE%20Booking%20of%20Appointments%2C%20Services%20and%20Events&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.9.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-12558-exploit +- https://github.com/RandomRobbieBF/CVE-2024-12558 + diff --git a/2024/CVE-2024-12566.md b/2024/CVE-2024-12566.md new file mode 100644 index 0000000000..6f4d434a2e --- /dev/null +++ b/2024/CVE-2024-12566.md @@ -0,0 +1,17 @@ +### [CVE-2024-12566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12566) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Subscribers%20by%20Icegram%20Express&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.7.45%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9206064a-d54e-44ad-9670-65520ee166a6/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12567.md b/2024/CVE-2024-12567.md new file mode 100644 index 0000000000..52c97f10b9 --- /dev/null +++ b/2024/CVE-2024-12567.md @@ -0,0 +1,17 @@ +### [CVE-2024-12567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12567) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Subscribers%20by%20Icegram%20Express&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.7.45%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/82051ccc-c528-4ff3-900a-3b8e8ad34145/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12568.md b/2024/CVE-2024-12568.md new file mode 100644 index 0000000000..9e640f3280 --- /dev/null +++ b/2024/CVE-2024-12568.md @@ -0,0 +1,17 @@ +### [CVE-2024-12568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12568) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Subscribers%20by%20Icegram%20Express&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.7.45%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0ce9075a-754b-474e-9620-17da8ee29b56/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12581.md b/2024/CVE-2024-12581.md new file mode 100644 index 0000000000..a10b48a7e4 --- /dev/null +++ b/2024/CVE-2024-12581.md @@ -0,0 +1,18 @@ +### [CVE-2024-12581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12581) +![](https://img.shields.io/static/v1?label=Product&message=Gutenberg%20Blocks%20with%20AI%20by%20Kadence%20WP%20%E2%80%93%20Page%20Builder%20Features&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.53%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + +### POC + +#### Reference +- https://research.cleantalk.org/cve-2024-10637/ +- https://wpscan.com/vulnerability/df688dcc-9617-4f58-a310-891bfaea3695/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12583.md b/2024/CVE-2024-12583.md new file mode 100644 index 0000000000..3e73fc58dc --- /dev/null +++ b/2024/CVE-2024-12583.md @@ -0,0 +1,17 @@ +### [CVE-2024-12583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12583) +![](https://img.shields.io/static/v1?label=Product&message=Dynamics%20365%20Integration&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.23%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1336%20Improper%20Neutralization%20of%20Special%20Elements%20Used%20in%20a%20Template%20Engine&color=brighgreen) + +### Description + +The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pouriam23/CVE-2024-12583 + diff --git a/2024/CVE-2024-12585.md b/2024/CVE-2024-12585.md new file mode 100644 index 0000000000..f49d00baf5 --- /dev/null +++ b/2024/CVE-2024-12585.md @@ -0,0 +1,18 @@ +### [CVE-2024-12585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12585) +![](https://img.shields.io/static/v1?label=Product&message=Property%20Hive&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/afecf367-d298-4f4c-8f47-4e19b3937d3e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12586.md b/2024/CVE-2024-12586.md new file mode 100644 index 0000000000..870cb117a4 --- /dev/null +++ b/2024/CVE-2024-12586.md @@ -0,0 +1,17 @@ +### [CVE-2024-12586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12586) +![](https://img.shields.io/static/v1?label=Product&message=Chalet-Montagne.com%20Tools&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2ce05a44-762b-4aaf-b88a-92c830fd8ec4/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12587.md b/2024/CVE-2024-12587.md new file mode 100644 index 0000000000..7d3ed647a4 --- /dev/null +++ b/2024/CVE-2024-12587.md @@ -0,0 +1,17 @@ +### [CVE-2024-12587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12587) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Master&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7cb040f5-d154-48ea-a54e-80451054bad8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12594.md b/2024/CVE-2024-12594.md new file mode 100644 index 0000000000..9c1afc419f --- /dev/null +++ b/2024/CVE-2024-12594.md @@ -0,0 +1,17 @@ +### [CVE-2024-12594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12594) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Login%20Page%20Styler&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login – Limit Login Attempts – Locked Site plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'lps_generate_temp_access_url' AJAX action in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to login as other users such as subscribers. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12594 + diff --git a/2024/CVE-2024-12595.md b/2024/CVE-2024-12595.md new file mode 100644 index 0000000000..13c1ba172c --- /dev/null +++ b/2024/CVE-2024-12595.md @@ -0,0 +1,17 @@ +### [CVE-2024-12595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12595) +![](https://img.shields.io/static/v1?label=Product&message=AHAthat%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7a506438-3106-477f-816d-b9b116ec8555/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12632.md b/2024/CVE-2024-12632.md new file mode 100644 index 0000000000..89c4227639 --- /dev/null +++ b/2024/CVE-2024-12632.md @@ -0,0 +1,18 @@ +### [CVE-2024-12632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12632) +![](https://img.shields.io/static/v1?label=Product&message=Cleo%20Harmony%2C%20VLTrader%2C%20LexiCom&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%205.8.0.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +In Cleo Harmony up to and including 5.8.0.21, VLTrader up to and including 5.8.0.21, and LexiCom up to and including 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. + +### POC + +#### Reference +- https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update +- https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12638.md b/2024/CVE-2024-12638.md new file mode 100644 index 0000000000..f73a5ae6c2 --- /dev/null +++ b/2024/CVE-2024-12638.md @@ -0,0 +1,17 @@ +### [CVE-2024-12638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12638) +![](https://img.shields.io/static/v1?label=Product&message=Bulk%20Me%20Now!&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a6f5b0fe-00a0-4e30-aec6-87882c035beb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12641.md b/2024/CVE-2024-12641.md new file mode 100644 index 0000000000..ebc3a082f6 --- /dev/null +++ b/2024/CVE-2024-12641.md @@ -0,0 +1,18 @@ +### [CVE-2024-12641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12641) +![](https://img.shields.io/static/v1?label=Product&message=TenderDocTransfer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.41.151%3C%3D%200.41.156%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user’s browser. Since the web server set by the application supports Node.Js features, attackers can further leverage this to run OS commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jimmy01240397/CVE-2024-12641_12642_12645 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-12663.md b/2024/CVE-2024-12663.md new file mode 100644 index 0000000000..7a0314bcdf --- /dev/null +++ b/2024/CVE-2024-12663.md @@ -0,0 +1,18 @@ +### [CVE-2024-12663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12663) +![](https://img.shields.io/static/v1?label=Product&message=Mee-Admin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Exposure%20Through%20Discrepancy&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20Response%20Discrepancy&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-12664.md b/2024/CVE-2024-12664.md new file mode 100644 index 0000000000..96f38e2a97 --- /dev/null +++ b/2024/CVE-2024-12664.md @@ -0,0 +1,18 @@ +### [CVE-2024-12664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12664) +![](https://img.shields.io/static/v1?label=Product&message=Rebuild&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.8.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-12665.md b/2024/CVE-2024-12665.md new file mode 100644 index 0000000000..8d5537237a --- /dev/null +++ b/2024/CVE-2024-12665.md @@ -0,0 +1,18 @@ +### [CVE-2024-12665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12665) +![](https://img.shields.io/static/v1?label=Product&message=Rebuild&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.8.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-12667.md b/2024/CVE-2024-12667.md new file mode 100644 index 0000000000..174f050347 --- /dev/null +++ b/2024/CVE-2024-12667.md @@ -0,0 +1,17 @@ +### [CVE-2024-12667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12667) +![](https://img.shields.io/static/v1?label=Product&message=InvoicePlane&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Session%20Expiration&color=brighgreen) + +### Description + +A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Fahad139/Assigned-CVEs---Security-Research- + diff --git a/2024/CVE-2024-12679.md b/2024/CVE-2024-12679.md new file mode 100644 index 0000000000..0238547612 --- /dev/null +++ b/2024/CVE-2024-12679.md @@ -0,0 +1,17 @@ +### [CVE-2024-12679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12679) +![](https://img.shields.io/static/v1?label=Product&message=Prisna%20GWT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7ca1438f-4269-4e34-be4a-766276a9f016/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12680.md b/2024/CVE-2024-12680.md new file mode 100644 index 0000000000..dd9d1b27a5 --- /dev/null +++ b/2024/CVE-2024-12680.md @@ -0,0 +1,17 @@ +### [CVE-2024-12680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12680) +![](https://img.shields.io/static/v1?label=Product&message=Prisna%20GWT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/28537fbc-3c2b-40c1-85f0-8b5f94eaad51/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12682.md b/2024/CVE-2024-12682.md new file mode 100644 index 0000000000..784456ccb3 --- /dev/null +++ b/2024/CVE-2024-12682.md @@ -0,0 +1,17 @@ +### [CVE-2024-12682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12682) +![](https://img.shields.io/static/v1?label=Product&message=Smart%20Maintenance%20Mode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/79d0a139-0fb3-4a4b-ac33-80cbc6cb3831/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12683.md b/2024/CVE-2024-12683.md new file mode 100644 index 0000000000..eaa9498146 --- /dev/null +++ b/2024/CVE-2024-12683.md @@ -0,0 +1,17 @@ +### [CVE-2024-12683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12683) +![](https://img.shields.io/static/v1?label=Product&message=Smart%20Maintenance%20Mode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1569ee00-56c3-4a1b-940e-e0256a748675/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12686.md b/2024/CVE-2024-12686.md new file mode 100644 index 0000000000..86db71797a --- /dev/null +++ b/2024/CVE-2024-12686.md @@ -0,0 +1,18 @@ +### [CVE-2024-12686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12686) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Support(RS)%20%26%20Privileged%20Remote%20Access(PRA)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2024.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-12692.md b/2024/CVE-2024-12692.md new file mode 100644 index 0000000000..c18a8b1a14 --- /dev/null +++ b/2024/CVE-2024-12692.md @@ -0,0 +1,17 @@ +### [CVE-2024-12692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12692) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.204%3C%20131.0.6778.204%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Type%20Confusion&color=brighgreen) + +### Description + +Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/382291459 + +#### Github +- https://github.com/leesh3288/leesh3288 + diff --git a/2024/CVE-2024-12693.md b/2024/CVE-2024-12693.md new file mode 100644 index 0000000000..a9a5cb5aeb --- /dev/null +++ b/2024/CVE-2024-12693.md @@ -0,0 +1,17 @@ +### [CVE-2024-12693](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12693) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.204%3C%20131.0.6778.204%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out%20of%20bounds%20memory%20access&color=brighgreen) + +### Description + +Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/382190919 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12695.md b/2024/CVE-2024-12695.md new file mode 100644 index 0000000000..3c2cae6fbd --- /dev/null +++ b/2024/CVE-2024-12695.md @@ -0,0 +1,18 @@ +### [CVE-2024-12695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12695) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=131.0.6778.204%3C%20131.0.6778.204%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out%20of%20bounds%20write&color=brighgreen) + +### Description + +Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) + +### POC + +#### Reference +- https://issues.chromium.org/issues/383647255 + +#### Github +- https://github.com/bjrjk/CVE-2024-4947 +- https://github.com/mwlik/v8-resources + diff --git a/2024/CVE-2024-12704.md b/2024/CVE-2024-12704.md new file mode 100644 index 0000000000..f28317066c --- /dev/null +++ b/2024/CVE-2024-12704.md @@ -0,0 +1,17 @@ +### [CVE-2024-12704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12704) +![](https://img.shields.io/static/v1?label=Product&message=run-llama%2Fllama_index&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.12.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-755%20Improper%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) + +### Description + +A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-12705.md b/2024/CVE-2024-12705.md new file mode 100644 index 0000000000..04a9677158 --- /dev/null +++ b/2024/CVE-2024-12705.md @@ -0,0 +1,17 @@ +### [CVE-2024-12705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12705) +![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=9.18.0%3C%3D%209.18.32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-12708.md b/2024/CVE-2024-12708.md new file mode 100644 index 0000000000..18058c2122 --- /dev/null +++ b/2024/CVE-2024-12708.md @@ -0,0 +1,17 @@ +### [CVE-2024-12708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12708) +![](https://img.shields.io/static/v1?label=Product&message=Bulk%20Me%20Now!&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8f30a37e-b9d0-467b-a0e3-20dc0a9f2b61/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12709.md b/2024/CVE-2024-12709.md new file mode 100644 index 0000000000..5b1208c473 --- /dev/null +++ b/2024/CVE-2024-12709.md @@ -0,0 +1,18 @@ +### [CVE-2024-12709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12709) +![](https://img.shields.io/static/v1?label=Product&message=Bulk%20Me%20Now!&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d93056f1-1a6e-405f-a094-d4d270393f87/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12714.md b/2024/CVE-2024-12714.md new file mode 100644 index 0000000000..3a9683ad07 --- /dev/null +++ b/2024/CVE-2024-12714.md @@ -0,0 +1,17 @@ +### [CVE-2024-12714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12714) +![](https://img.shields.io/static/v1?label=Product&message=Backlink%20Monitoring%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f7fb2aef-16ce-4ae7-927c-2ffbc45fbda5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12715.md b/2024/CVE-2024-12715.md new file mode 100644 index 0000000000..d9f33e6b3d --- /dev/null +++ b/2024/CVE-2024-12715.md @@ -0,0 +1,17 @@ +### [CVE-2024-12715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12715) +![](https://img.shields.io/static/v1?label=Product&message=Asgard%20Security%20Scanner&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e1456295-75ba-4dc2-9b1a-dc16a2000db2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12716.md b/2024/CVE-2024-12716.md new file mode 100644 index 0000000000..3e4faa675d --- /dev/null +++ b/2024/CVE-2024-12716.md @@ -0,0 +1,17 @@ +### [CVE-2024-12716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12716) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Basic%20Contact%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2020250114%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a9fa48f1-d7fd-4968-a122-937803f186a2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12717.md b/2024/CVE-2024-12717.md new file mode 100644 index 0000000000..845f347443 --- /dev/null +++ b/2024/CVE-2024-12717.md @@ -0,0 +1,17 @@ +### [CVE-2024-12717](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12717) +![](https://img.shields.io/static/v1?label=Product&message=Aklamator%20INfeed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5564926a-6b1d-43f4-8147-128472f6b93a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12718.md b/2024/CVE-2024-12718.md new file mode 100644 index 0000000000..70e4f78092 --- /dev/null +++ b/2024/CVE-2024-12718.md @@ -0,0 +1,17 @@ +### [CVE-2024-12718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12718) +![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.15.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature.Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GitHubForSnap/matrix-commander-gael + diff --git a/2024/CVE-2024-12722.md b/2024/CVE-2024-12722.md new file mode 100644 index 0000000000..f56c66716a --- /dev/null +++ b/2024/CVE-2024-12722.md @@ -0,0 +1,17 @@ +### [CVE-2024-12722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12722) +![](https://img.shields.io/static/v1?label=Product&message=Twitter%20Bootstrap%20Collapse%20aka%20Accordian%20Shortcode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c3be5990-ca89-4ac4-baae-49af55df9d57/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12723.md b/2024/CVE-2024-12723.md new file mode 100644 index 0000000000..3238275abf --- /dev/null +++ b/2024/CVE-2024-12723.md @@ -0,0 +1,17 @@ +### [CVE-2024-12723](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12723) +![](https://img.shields.io/static/v1?label=Product&message=Infility%20Global&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d9053b8b-c05c-42fd-913e-f85c799df807/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12724.md b/2024/CVE-2024-12724.md new file mode 100644 index 0000000000..0b053701d7 --- /dev/null +++ b/2024/CVE-2024-12724.md @@ -0,0 +1,17 @@ +### [CVE-2024-12724](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12724) +![](https://img.shields.io/static/v1?label=Product&message=WP%20DeskLite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9dd3ffaa-9020-47a6-bf9a-7e1412b9e9d5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12725.md b/2024/CVE-2024-12725.md new file mode 100644 index 0000000000..0140326a57 --- /dev/null +++ b/2024/CVE-2024-12725.md @@ -0,0 +1,17 @@ +### [CVE-2024-12725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12725) +![](https://img.shields.io/static/v1?label=Product&message=Clasify%20Classified%20Listing&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a174c640-6994-4028-a8a3-c470d5612304/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12726.md b/2024/CVE-2024-12726.md new file mode 100644 index 0000000000..3a71798907 --- /dev/null +++ b/2024/CVE-2024-12726.md @@ -0,0 +1,17 @@ +### [CVE-2024-12726](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12726) +![](https://img.shields.io/static/v1?label=Product&message=ClipArt&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/88d748fc-6c2f-4656-99c5-c00cbed9d7e0/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12731.md b/2024/CVE-2024-12731.md new file mode 100644 index 0000000000..a9ef167ccc --- /dev/null +++ b/2024/CVE-2024-12731.md @@ -0,0 +1,17 @@ +### [CVE-2024-12731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12731) +![](https://img.shields.io/static/v1?label=Product&message=Aklamator%20INfeed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e1c3754f-60e0-4a89-b4fc-89056dba3616/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12732.md b/2024/CVE-2024-12732.md new file mode 100644 index 0000000000..ab01791363 --- /dev/null +++ b/2024/CVE-2024-12732.md @@ -0,0 +1,17 @@ +### [CVE-2024-12732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12732) +![](https://img.shields.io/static/v1?label=Product&message=AffiliateImporterEb&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/bc46edd8-8d77-4567-873b-e9e90a01adcf/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12733.md b/2024/CVE-2024-12733.md new file mode 100644 index 0000000000..8c9125eeb9 --- /dev/null +++ b/2024/CVE-2024-12733.md @@ -0,0 +1,17 @@ +### [CVE-2024-12733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12733) +![](https://img.shields.io/static/v1?label=Product&message=AffiliateImporterEb&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/61be935e-ecb4-45be-8553-65877dd42569/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12734.md b/2024/CVE-2024-12734.md new file mode 100644 index 0000000000..0c5497623d --- /dev/null +++ b/2024/CVE-2024-12734.md @@ -0,0 +1,17 @@ +### [CVE-2024-12734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12734) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Post%20Prefix&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/038b44dc-0495-4f56-ae7e-c78a265aa535/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12735.md b/2024/CVE-2024-12735.md new file mode 100644 index 0000000000..c1ecfcf677 --- /dev/null +++ b/2024/CVE-2024-12735.md @@ -0,0 +1,17 @@ +### [CVE-2024-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12735) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Post%20Prefix&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1b355399-e92b-46aa-ada1-95e99fc03976/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12736.md b/2024/CVE-2024-12736.md new file mode 100644 index 0000000000..bddb145c85 --- /dev/null +++ b/2024/CVE-2024-12736.md @@ -0,0 +1,17 @@ +### [CVE-2024-12736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12736) +![](https://img.shields.io/static/v1?label=Product&message=BU%20Section%20Editing&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d3c6a4c1-8358-4f8b-b58d-3f712052668f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12737.md b/2024/CVE-2024-12737.md new file mode 100644 index 0000000000..9ae34d6944 --- /dev/null +++ b/2024/CVE-2024-12737.md @@ -0,0 +1,17 @@ +### [CVE-2024-12737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12737) +![](https://img.shields.io/static/v1?label=Product&message=WP%20BASE%20Booking%20of%20Appointments%2C%20Services%20and%20Events&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/997eb9f6-80e1-4bc5-be72-bd6a6f52379c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12739.md b/2024/CVE-2024-12739.md new file mode 100644 index 0000000000..d7f7734de6 --- /dev/null +++ b/2024/CVE-2024-12739.md @@ -0,0 +1,17 @@ +### [CVE-2024-12739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12739) +![](https://img.shields.io/static/v1?label=Product&message=Mobile%20Contact%20Bar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5492f1b2-481b-472a-82d3-949f85c8dc70/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12743.md b/2024/CVE-2024-12743.md new file mode 100644 index 0000000000..b8c237077a --- /dev/null +++ b/2024/CVE-2024-12743.md @@ -0,0 +1,17 @@ +### [CVE-2024-12743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12743) +![](https://img.shields.io/static/v1?label=Product&message=MailPoet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12747.md b/2024/CVE-2024-12747.md new file mode 100644 index 0000000000..80a1426541 --- /dev/null +++ b/2024/CVE-2024-12747.md @@ -0,0 +1,24 @@ +### [CVE-2024-12747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Discovery%201.14&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization%20('Race%20Condition')&color=brighgreen) + +### Description + +A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/mosaicwang/myrpm + diff --git a/2024/CVE-2024-12749.md b/2024/CVE-2024-12749.md new file mode 100644 index 0000000000..025576b3f2 --- /dev/null +++ b/2024/CVE-2024-12749.md @@ -0,0 +1,17 @@ +### [CVE-2024-12749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12749) +![](https://img.shields.io/static/v1?label=Product&message=Competition%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/478316b9-9f47-4aa6-92c6-03879f16a3e5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12750.md b/2024/CVE-2024-12750.md new file mode 100644 index 0000000000..c3a992fcaa --- /dev/null +++ b/2024/CVE-2024-12750.md @@ -0,0 +1,17 @@ +### [CVE-2024-12750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12750) +![](https://img.shields.io/static/v1?label=Product&message=Competition%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f3570bdc-659f-4a03-96f8-b4f9f045f910/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12754.md b/2024/CVE-2024-12754.md new file mode 100644 index 0000000000..689f9d4a3a --- /dev/null +++ b/2024/CVE-2024-12754.md @@ -0,0 +1,17 @@ +### [CVE-2024-12754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12754) +![](https://img.shields.io/static/v1?label=Product&message=AnyDesk&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.0.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-12767.md b/2024/CVE-2024-12767.md new file mode 100644 index 0000000000..240ba68c9e --- /dev/null +++ b/2024/CVE-2024-12767.md @@ -0,0 +1,17 @@ +### [CVE-2024-12767](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12767) +![](https://img.shields.io/static/v1?label=Product&message=buddyboss-platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.60%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e8997f90-d8e9-4815-8808-aa0183443dae/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12768.md b/2024/CVE-2024-12768.md new file mode 100644 index 0000000000..1ff6d3927d --- /dev/null +++ b/2024/CVE-2024-12768.md @@ -0,0 +1,17 @@ +### [CVE-2024-12768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12768) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20iframe&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fe2e47f4-b89e-4c22-8d27-672da0fb99af/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12769.md b/2024/CVE-2024-12769.md new file mode 100644 index 0000000000..a5f63217f0 --- /dev/null +++ b/2024/CVE-2024-12769.md @@ -0,0 +1,17 @@ +### [CVE-2024-12769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12769) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Banner&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/02b5c1a8-cf2a-4378-bfda-84d841d88a18/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12770.md b/2024/CVE-2024-12770.md new file mode 100644 index 0000000000..3c62fa8bdd --- /dev/null +++ b/2024/CVE-2024-12770.md @@ -0,0 +1,17 @@ +### [CVE-2024-12770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12770) +![](https://img.shields.io/static/v1?label=Product&message=WP%20ULike&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.7.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e21f6a4e-f385-411b-8d91-0f38f9e6cdd3/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12772.md b/2024/CVE-2024-12772.md new file mode 100644 index 0000000000..e416cd2855 --- /dev/null +++ b/2024/CVE-2024-12772.md @@ -0,0 +1,17 @@ +### [CVE-2024-12772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12772) +![](https://img.shields.io/static/v1?label=Product&message=Ninja%20Tables&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7b6d0f95-6632-4079-8c1b-517a8d02c330/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12773.md b/2024/CVE-2024-12773.md new file mode 100644 index 0000000000..0cb36b4a41 --- /dev/null +++ b/2024/CVE-2024-12773.md @@ -0,0 +1,17 @@ +### [CVE-2024-12773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12773) +![](https://img.shields.io/static/v1?label=Product&message=Altra%20Side%20Menu&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fab64105-599f-49a4-b01d-c873ff34b590/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12774.md b/2024/CVE-2024-12774.md new file mode 100644 index 0000000000..135fb84d4a --- /dev/null +++ b/2024/CVE-2024-12774.md @@ -0,0 +1,17 @@ +### [CVE-2024-12774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12774) +![](https://img.shields.io/static/v1?label=Product&message=Altra%20Side%20Menu&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8decbef5-f106-488b-925c-42b3b280460a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12797.md b/2024/CVE-2024-12797.md new file mode 100644 index 0000000000..fd5a76b9a4 --- /dev/null +++ b/2024/CVE-2024-12797.md @@ -0,0 +1,20 @@ +### [CVE-2024-12797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797) +![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.4.0%3C%203.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-392%20Missing%20Report%20of%20Error%20Condition&color=brighgreen) + +### Description + +Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate aserver may fail to notice that the server was not authenticated, becausehandshakes don't abort as expected when the SSL_VERIFY_PEER verification modeis set.Impact summary: TLS and DTLS connections using raw public keys may bevulnerable to man-in-middle attacks when server authentication failure is notdetected by clients.RPKs are disabled by default in both TLS clients and TLS servers. The issueonly arises when TLS clients explicitly enable RPK use by the server, and theserver, likewise, enables sending of an RPK instead of an X.509 certificatechain. The affected clients are those that then rely on the handshake tofail when the server's RPK fails to match one of the expected public keys,by setting the verification mode to SSL_VERIFY_PEER.Clients that enable server-side raw public keys can still find out that rawpublic key verification failed by calling SSL_get_verify_result(), and thosethat do, and take appropriate action, are not affected. This issue wasintroduced in the initial implementation of RPK support in OpenSSL 3.2.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeepOchhane/Dev-Sec-Ops-Project +- https://github.com/Dgporte/ExerciciosDockerPB2025 +- https://github.com/chnzzh/OpenSSL-CVE-lib +- https://github.com/williampsena/ci-repices + diff --git a/2024/CVE-2024-12798.md b/2024/CVE-2024-12798.md new file mode 100644 index 0000000000..24c6d3f329 --- /dev/null +++ b/2024/CVE-2024-12798.md @@ -0,0 +1,20 @@ +### [CVE-2024-12798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12798) +![](https://img.shields.io/static/v1?label=Product&message=Logback-core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-917%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20Expression%20Language%20Statement%20('Expression%20Language%20Injection')&color=brighgreen) + +### Description + +ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension.A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lore-Ferra/Progetto_SSDLC_Ferrari_Lorenzo +- https://github.com/chasemp/cycoding +- https://github.com/diegopacheco/Smith +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-12800.md b/2024/CVE-2024-12800.md new file mode 100644 index 0000000000..6afe5bed3e --- /dev/null +++ b/2024/CVE-2024-12800.md @@ -0,0 +1,17 @@ +### [CVE-2024-12800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12800) +![](https://img.shields.io/static/v1?label=Product&message=IP%20Based%20Login&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8f1ceca5-3b7b-4cf0-bccd-03e204e5bfad/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12801.md b/2024/CVE-2024-12801.md new file mode 100644 index 0000000000..233f2a891f --- /dev/null +++ b/2024/CVE-2024-12801.md @@ -0,0 +1,18 @@ +### [CVE-2024-12801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12801) +![](https://img.shields.io/static/v1?label=Product&message=logback&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.The attacks involves the modification of DOCTYPE declaration in  XML configuration files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lore-Ferra/Progetto_SSDLC_Ferrari_Lorenzo +- https://github.com/diegopacheco/Smith + diff --git a/2024/CVE-2024-12807.md b/2024/CVE-2024-12807.md new file mode 100644 index 0000000000..da27752ffb --- /dev/null +++ b/2024/CVE-2024-12807.md @@ -0,0 +1,17 @@ +### [CVE-2024-12807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12807) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Share%20Buttons%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fcce0839-bb1d-4aa3-b236-ff5f5e9b6120/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12808.md b/2024/CVE-2024-12808.md new file mode 100644 index 0000000000..b8e5e48ab0 --- /dev/null +++ b/2024/CVE-2024-12808.md @@ -0,0 +1,17 @@ +### [CVE-2024-12808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12808) +![](https://img.shields.io/static/v1?label=Product&message=WP%20ERP%20%7C%20Complete%20HR%20solution%20with%20recruitment%20%26%20job%20listings%20%7C%20WooCommerce%20CRM%20%26%20Accounting&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.13.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f1f823f5-d0f1-45a5-85c2-60208d76366e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12812.md b/2024/CVE-2024-12812.md new file mode 100644 index 0000000000..0e459b3e91 --- /dev/null +++ b/2024/CVE-2024-12812.md @@ -0,0 +1,17 @@ +### [CVE-2024-12812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12812) +![](https://img.shields.io/static/v1?label=Product&message=WP%20ERP%20%7C%20Complete%20HR%20solution%20with%20recruitment%20%26%20job%20listings%20%7C%20WooCommerce%20CRM%20%26%20Accounting&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.13.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/757e76fd-830f-4d1c-8b89-dfad7c9c1f37/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1283.md b/2024/CVE-2024-1283.md index 5301b7eec5..ce88d8e200 100644 --- a/2024/CVE-2024-1283.md +++ b/2024/CVE-2024-1283.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-12847.md b/2024/CVE-2024-12847.md new file mode 100644 index 0000000000..57c0312034 --- /dev/null +++ b/2024/CVE-2024-12847.md @@ -0,0 +1,18 @@ +### [CVE-2024-12847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12847) +![](https://img.shields.io/static/v1?label=Product&message=DGN1000&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.00.48%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%3A%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017. + +### POC + +#### Reference +- https://www.exploit-db.com/exploits/25978 +- https://www.exploit-db.com/exploits/43055 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12848.md b/2024/CVE-2024-12848.md new file mode 100644 index 0000000000..4a65f817a2 --- /dev/null +++ b/2024/CVE-2024-12848.md @@ -0,0 +1,17 @@ +### [CVE-2024-12848](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12848) +![](https://img.shields.io/static/v1?label=Product&message=SKT%20Page%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Research-WordPress-CVE + diff --git a/2024/CVE-2024-12849.md b/2024/CVE-2024-12849.md new file mode 100644 index 0000000000..59af58b539 --- /dev/null +++ b/2024/CVE-2024-12849.md @@ -0,0 +1,27 @@ +### [CVE-2024-12849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12849) +![](https://img.shields.io/static/v1?label=Product&message=Error%20Log%20Viewer%20By%20WP%20Guru&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.0.1.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Nxploited/CVE-2024-12849-Poc +- https://github.com/RandomRobbieBF/CVE-2024-12849 +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability + diff --git a/2024/CVE-2024-12856.md b/2024/CVE-2024-12856.md new file mode 100644 index 0000000000..52b6c28798 --- /dev/null +++ b/2024/CVE-2024-12856.md @@ -0,0 +1,19 @@ +### [CVE-2024-12856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12856) +![](https://img.shields.io/static/v1?label=Product&message=F3x24&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=F3x36&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nu113d/CVE-2024-12856 +- https://github.com/opendr-io/causality + diff --git a/2024/CVE-2024-12872.md b/2024/CVE-2024-12872.md new file mode 100644 index 0000000000..6181cb5e77 --- /dev/null +++ b/2024/CVE-2024-12872.md @@ -0,0 +1,17 @@ +### [CVE-2024-12872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12872) +![](https://img.shields.io/static/v1?label=Product&message=Zalomen%C3%AD&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a8a706c6-7f0f-4148-9f6f-40c0ca95dd9a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12873.md b/2024/CVE-2024-12873.md new file mode 100644 index 0000000000..38974138eb --- /dev/null +++ b/2024/CVE-2024-12873.md @@ -0,0 +1,17 @@ +### [CVE-2024-12873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12873) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Field%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3e82d45f-7b8f-424e-a8d7-be64f5acf65e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12874.md b/2024/CVE-2024-12874.md new file mode 100644 index 0000000000..1a9fda6dca --- /dev/null +++ b/2024/CVE-2024-12874.md @@ -0,0 +1,17 @@ +### [CVE-2024-12874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12874) +![](https://img.shields.io/static/v1?label=Product&message=Top%20Comments&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7cc14a87-4605-49f6-9d51-0b9eb57e6c9d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12877.md b/2024/CVE-2024-12877.md new file mode 100644 index 0000000000..ff1e3e1bff --- /dev/null +++ b/2024/CVE-2024-12877.md @@ -0,0 +1,19 @@ +### [CVE-2024-12877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12877) +![](https://img.shields.io/static/v1?label=Product&message=GiveWP%20%E2%80%93%20Donation%20Plugin%20and%20Fundraising%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.19.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-12877 +- https://github.com/RandomRobbieBF/CVE-2025-22777 +- https://github.com/soltanali0/CVE-2024-12877-Exploit + diff --git a/2024/CVE-2024-12878.md b/2024/CVE-2024-12878.md new file mode 100644 index 0000000000..539c22f36e --- /dev/null +++ b/2024/CVE-2024-12878.md @@ -0,0 +1,17 @@ +### [CVE-2024-12878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12878) +![](https://img.shields.io/static/v1?label=Product&message=Custom%20Block%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.8.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/827444d1-87cb-4057-827a-d802eac82cf8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12883.md b/2024/CVE-2024-12883.md new file mode 100644 index 0000000000..eea8ee2f48 --- /dev/null +++ b/2024/CVE-2024-12883.md @@ -0,0 +1,18 @@ +### [CVE-2024-12883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12883) +![](https://img.shields.io/static/v1?label=Product&message=Job%20Recruitment&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-12884.md b/2024/CVE-2024-12884.md new file mode 100644 index 0000000000..d7fda62dab --- /dev/null +++ b/2024/CVE-2024-12884.md @@ -0,0 +1,19 @@ +### [CVE-2024-12884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12884) +![](https://img.shields.io/static/v1?label=Product&message=E-Commerce%20Website&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/geo-chen/E-Commerce +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-12905.md b/2024/CVE-2024-12905.md new file mode 100644 index 0000000000..97d728b5cd --- /dev/null +++ b/2024/CVE-2024-12905.md @@ -0,0 +1,20 @@ +### [CVE-2024-12905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12905) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. + +### POC + +#### Reference +- https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/theMcSam/CVE-2024-12905-PoC +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-12907.md b/2024/CVE-2024-12907.md new file mode 100644 index 0000000000..ea5393a157 --- /dev/null +++ b/2024/CVE-2024-12907.md @@ -0,0 +1,17 @@ +### [CVE-2024-12907](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12907) +![](https://img.shields.io/static/v1?label=Product&message=Kentico%20CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint.Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-12908.md b/2024/CVE-2024-12908.md new file mode 100644 index 0000000000..7177f2e443 --- /dev/null +++ b/2024/CVE-2024-12908.md @@ -0,0 +1,17 @@ +### [CVE-2024-12908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12908) +![](https://img.shields.io/static/v1?label=Product&message=Secret%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.7.31%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open amalicious document which could trigger the vulnerable handler, allowing them to executearbitrary code on the user's machine. Delinea added additional validation that the downloaded installer's batch file was in the expected format. + +### POC + +#### Reference +- https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-12909.md b/2024/CVE-2024-12909.md new file mode 100644 index 0000000000..8857933352 --- /dev/null +++ b/2024/CVE-2024-12909.md @@ -0,0 +1,17 @@ +### [CVE-2024-12909](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12909) +![](https://img.shields.io/static/v1?label=Product&message=run-llama%2Fllama_index&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command&color=brighgreen) + +### Description + +A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code execution (RCE) through the use of PostgreSQL's large object functionality. The issue is fixed in version 0.3.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-12910.md b/2024/CVE-2024-12910.md new file mode 100644 index 0000000000..fc79ae0dff --- /dev/null +++ b/2024/CVE-2024-12910.md @@ -0,0 +1,17 @@ +### [CVE-2024-12910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12910) +![](https://img.shields.io/static/v1?label=Product&message=run-llama%2Fllama_index&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-12911.md b/2024/CVE-2024-12911.md new file mode 100644 index 0000000000..6780fae84a --- /dev/null +++ b/2024/CVE-2024-12911.md @@ -0,0 +1,17 @@ +### [CVE-2024-12911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12911) +![](https://img.shields.io/static/v1?label=Product&message=run-llama%2Fllama_index&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-379%20Creation%20of%20Temporary%20File%20in%20Directory%20with%20Insecure%20Permissions&color=brighgreen) + +### Description + +A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-12912.md b/2024/CVE-2024-12912.md new file mode 100644 index 0000000000..cd57d2fd1e --- /dev/null +++ b/2024/CVE-2024-12912.md @@ -0,0 +1,18 @@ +### [CVE-2024-12912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12912) +![](https://img.shields.io/static/v1?label=Product&message=Router&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.0.0.4_382%20series%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution.Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/felixsta/Using_CVSS + diff --git a/2024/CVE-2024-12928.md b/2024/CVE-2024-12928.md new file mode 100644 index 0000000000..a417612ed2 --- /dev/null +++ b/2024/CVE-2024-12928.md @@ -0,0 +1,18 @@ +### [CVE-2024-12928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12928) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Admin%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-12930.md b/2024/CVE-2024-12930.md new file mode 100644 index 0000000000..ca6f8596a1 --- /dev/null +++ b/2024/CVE-2024-12930.md @@ -0,0 +1,18 @@ +### [CVE-2024-12930](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12930) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Admin%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Simple Admin Panel 1.0 and classified as problematic. This issue affects some unknown processing of the file addCatController.php. The manipulation of the argument c_name leads to cross site scripting. The attack may be initiated remotely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-12933.md b/2024/CVE-2024-12933.md new file mode 100644 index 0000000000..21bf12b876 --- /dev/null +++ b/2024/CVE-2024-12933.md @@ -0,0 +1,18 @@ +### [CVE-2024-12933](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12933) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Admin%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file updateItemController.php. The manipulation of the argument p_name/p_desc leads to cross site scripting. The attack may be launched remotely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-12935.md b/2024/CVE-2024-12935.md new file mode 100644 index 0000000000..a1b067ac86 --- /dev/null +++ b/2024/CVE-2024-12935.md @@ -0,0 +1,18 @@ +### [CVE-2024-12935](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12935) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Admin%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-12938.md b/2024/CVE-2024-12938.md new file mode 100644 index 0000000000..edef6ef3b4 --- /dev/null +++ b/2024/CVE-2024-12938.md @@ -0,0 +1,18 @@ +### [CVE-2024-12938](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12938) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Admin%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-12949.md b/2024/CVE-2024-12949.md new file mode 100644 index 0000000000..9f27457484 --- /dev/null +++ b/2024/CVE-2024-12949.md @@ -0,0 +1,18 @@ +### [CVE-2024-12949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12949) +![](https://img.shields.io/static/v1?label=Product&message=Travel%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-12950.md b/2024/CVE-2024-12950.md new file mode 100644 index 0000000000..f4f97bc4f6 --- /dev/null +++ b/2024/CVE-2024-12950.md @@ -0,0 +1,18 @@ +### [CVE-2024-12950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12950) +![](https://img.shields.io/static/v1?label=Product&message=Travel%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-12970.md b/2024/CVE-2024-12970.md new file mode 100644 index 0000000000..bed288d8e5 --- /dev/null +++ b/2024/CVE-2024-12970.md @@ -0,0 +1,17 @@ +### [CVE-2024-12970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12970) +![](https://img.shields.io/static/v1?label=Product&message=Pardus%20OS%20My%20Computer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/osmancanvural/CVE-2024-12970 + diff --git a/2024/CVE-2024-1300.md b/2024/CVE-2024-1300.md index 57b47d53de..b6e06bb5ee 100644 --- a/2024/CVE-2024-1300.md +++ b/2024/CVE-2024-1300.md @@ -6,25 +6,25 @@ ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Runtimes%201%20on%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=RHINT%20Service%20Registry%202.5.11%20GA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20AMQ%20Broker%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20AMQ%20Streams%202.7.0&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20A-MQ%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.4.1%20for%20Spring%20Boot&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot%203&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.11.Final&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Release%20of%20Memory%20after%20Effective%20Lifetime&color=brighgreen) ### Description diff --git a/2024/CVE-2024-13012.md b/2024/CVE-2024-13012.md new file mode 100644 index 0000000000..51fa4cc752 --- /dev/null +++ b/2024/CVE-2024-13012.md @@ -0,0 +1,18 @@ +### [CVE-2024-13012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13012) +![](https://img.shields.io/static/v1?label=Product&message=Hostel%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The manipulation of the argument fname/mname/lname leads to cross site scripting. The attack may be initiated remotely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13015.md b/2024/CVE-2024-13015.md new file mode 100644 index 0000000000..21c3bf4255 --- /dev/null +++ b/2024/CVE-2024-13015.md @@ -0,0 +1,18 @@ +### [CVE-2024-13015](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13015) +![](https://img.shields.io/static/v1?label=Product&message=Maid%20Hiring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13016.md b/2024/CVE-2024-13016.md new file mode 100644 index 0000000000..069aa1f8fc --- /dev/null +++ b/2024/CVE-2024-13016.md @@ -0,0 +1,18 @@ +### [CVE-2024-13016](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13016) +![](https://img.shields.io/static/v1?label=Product&message=Maid%20Hiring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13017.md b/2024/CVE-2024-13017.md new file mode 100644 index 0000000000..96b3eac39c --- /dev/null +++ b/2024/CVE-2024-13017.md @@ -0,0 +1,18 @@ +### [CVE-2024-13017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13017) +![](https://img.shields.io/static/v1?label=Product&message=Maid%20Hiring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/aboutus.php of the component About Us Page. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13018.md b/2024/CVE-2024-13018.md new file mode 100644 index 0000000000..fcb37d7484 --- /dev/null +++ b/2024/CVE-2024-13018.md @@ -0,0 +1,18 @@ +### [CVE-2024-13018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13018) +![](https://img.shields.io/static/v1?label=Product&message=Maid%20Hiring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13019.md b/2024/CVE-2024-13019.md new file mode 100644 index 0000000000..a3e5c31442 --- /dev/null +++ b/2024/CVE-2024-13019.md @@ -0,0 +1,18 @@ +### [CVE-2024-13019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13019) +![](https://img.shields.io/static/v1?label=Product&message=Chat%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13020.md b/2024/CVE-2024-13020.md new file mode 100644 index 0000000000..aa6cc72e2b --- /dev/null +++ b/2024/CVE-2024-13020.md @@ -0,0 +1,18 @@ +### [CVE-2024-13020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13020) +![](https://img.shields.io/static/v1?label=Product&message=Chat%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13028.md b/2024/CVE-2024-13028.md new file mode 100644 index 0000000000..6de7e5ec47 --- /dev/null +++ b/2024/CVE-2024-13028.md @@ -0,0 +1,18 @@ +### [CVE-2024-13028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13028) +![](https://img.shields.io/static/v1?label=Product&message=White-Jotter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Exposure%20Through%20Discrepancy&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20Response%20Discrepancy&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-13029.md b/2024/CVE-2024-13029.md new file mode 100644 index 0000000000..31ff7b598a --- /dev/null +++ b/2024/CVE-2024-13029.md @@ -0,0 +1,17 @@ +### [CVE-2024-13029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13029) +![](https://img.shields.io/static/v1?label=Product&message=White-Jotter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Server-Side%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-13031.md b/2024/CVE-2024-13031.md new file mode 100644 index 0000000000..5bc8c0f47a --- /dev/null +++ b/2024/CVE-2024-13031.md @@ -0,0 +1,18 @@ +### [CVE-2024-13031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13031) +![](https://img.shields.io/static/v1?label=Product&message=White-Jotter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-13032.md b/2024/CVE-2024-13032.md new file mode 100644 index 0000000000..9033b738ec --- /dev/null +++ b/2024/CVE-2024-13032.md @@ -0,0 +1,17 @@ +### [CVE-2024-13032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13032) +![](https://img.shields.io/static/v1?label=Product&message=White-Jotter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Server-Side%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component Article Editor. The manipulation of the argument articleCover leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-13036.md b/2024/CVE-2024-13036.md new file mode 100644 index 0000000000..ea10f27b9b --- /dev/null +++ b/2024/CVE-2024-13036.md @@ -0,0 +1,18 @@ +### [CVE-2024-13036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13036) +![](https://img.shields.io/static/v1?label=Product&message=Chat%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/update_room.php. The manipulation of the argument id/name/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13050.md b/2024/CVE-2024-13050.md new file mode 100644 index 0000000000..a33c80d7f5 --- /dev/null +++ b/2024/CVE-2024-13050.md @@ -0,0 +1,17 @@ +### [CVE-2024-13050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13050) +![](https://img.shields.io/static/v1?label=Product&message=Graphite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2013_SE_13048%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores + diff --git a/2024/CVE-2024-13052.md b/2024/CVE-2024-13052.md new file mode 100644 index 0000000000..b780080f9d --- /dev/null +++ b/2024/CVE-2024-13052.md @@ -0,0 +1,17 @@ +### [CVE-2024-13052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13052) +![](https://img.shields.io/static/v1?label=Product&message=Dental%20Optimizer%20Patient%20Generator%20App&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/671d5eef-c496-4047-9d01-8ab8a94cdc72/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13053.md b/2024/CVE-2024-13053.md new file mode 100644 index 0000000000..9aaa3a4c37 --- /dev/null +++ b/2024/CVE-2024-13053.md @@ -0,0 +1,17 @@ +### [CVE-2024-13053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13053) +![](https://img.shields.io/static/v1?label=Product&message=Form%20Maker%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.15.33%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1c667a70-8b38-4854-8969-2971f9c2fe79/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13054.md b/2024/CVE-2024-13054.md new file mode 100644 index 0000000000..18150f0c7f --- /dev/null +++ b/2024/CVE-2024-13054.md @@ -0,0 +1,17 @@ +### [CVE-2024-13054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13054) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2017.7.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sim4n6/Sim4n6 + diff --git a/2024/CVE-2024-13055.md b/2024/CVE-2024-13055.md new file mode 100644 index 0000000000..73554fb50b --- /dev/null +++ b/2024/CVE-2024-13055.md @@ -0,0 +1,17 @@ +### [CVE-2024-13055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13055) +![](https://img.shields.io/static/v1?label=Product&message=Dyn%20Business%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/91178272-ed7e-412c-a187-e360a1313004/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13056.md b/2024/CVE-2024-13056.md new file mode 100644 index 0000000000..904bfb0bc2 --- /dev/null +++ b/2024/CVE-2024-13056.md @@ -0,0 +1,17 @@ +### [CVE-2024-13056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13056) +![](https://img.shields.io/static/v1?label=Product&message=Dyn%20Business%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a6acb608-a23e-461d-af48-a6669a45594a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13057.md b/2024/CVE-2024-13057.md new file mode 100644 index 0000000000..cc44e40a12 --- /dev/null +++ b/2024/CVE-2024-13057.md @@ -0,0 +1,18 @@ +### [CVE-2024-13057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13057) +![](https://img.shields.io/static/v1?label=Product&message=Dyn%20Business%20Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6f869a3d-1ac1-4d31-8fe5-9b9795b15b5b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13080.md b/2024/CVE-2024-13080.md new file mode 100644 index 0000000000..39a2f9504e --- /dev/null +++ b/2024/CVE-2024-13080.md @@ -0,0 +1,18 @@ +### [CVE-2024-13080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13080) +![](https://img.shields.io/static/v1?label=Product&message=Land%20Record%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13081.md b/2024/CVE-2024-13081.md new file mode 100644 index 0000000000..52238dadf4 --- /dev/null +++ b/2024/CVE-2024-13081.md @@ -0,0 +1,18 @@ +### [CVE-2024-13081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13081) +![](https://img.shields.io/static/v1?label=Product&message=Land%20Record%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/contactus.php. The manipulation of the argument Page Description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13082.md b/2024/CVE-2024-13082.md new file mode 100644 index 0000000000..51845eea6d --- /dev/null +++ b/2024/CVE-2024-13082.md @@ -0,0 +1,18 @@ +### [CVE-2024-13082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13082) +![](https://img.shields.io/static/v1?label=Product&message=Land%20Record%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in PHPGurukul Land Record System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/search-property.php. The manipulation of the argument Search By leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13083.md b/2024/CVE-2024-13083.md new file mode 100644 index 0000000000..157bc291d4 --- /dev/null +++ b/2024/CVE-2024-13083.md @@ -0,0 +1,18 @@ +### [CVE-2024-13083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13083) +![](https://img.shields.io/static/v1?label=Product&message=Land%20Record%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument Admin Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13084.md b/2024/CVE-2024-13084.md new file mode 100644 index 0000000000..a887c08953 --- /dev/null +++ b/2024/CVE-2024-13084.md @@ -0,0 +1,18 @@ +### [CVE-2024-13084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13084) +![](https://img.shields.io/static/v1?label=Product&message=Land%20Record%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-property.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13085.md b/2024/CVE-2024-13085.md new file mode 100644 index 0000000000..90650dc43d --- /dev/null +++ b/2024/CVE-2024-13085.md @@ -0,0 +1,18 @@ +### [CVE-2024-13085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13085) +![](https://img.shields.io/static/v1?label=Product&message=Land%20Record%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13094.md b/2024/CVE-2024-13094.md new file mode 100644 index 0000000000..45ce9dc7e7 --- /dev/null +++ b/2024/CVE-2024-13094.md @@ -0,0 +1,17 @@ +### [CVE-2024-13094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13094) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Triggers%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7a75809e-824e-458e-bd01-50dadcea7713/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13095.md b/2024/CVE-2024-13095.md new file mode 100644 index 0000000000..c5aa1f6377 --- /dev/null +++ b/2024/CVE-2024-13095.md @@ -0,0 +1,17 @@ +### [CVE-2024-13095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13095) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Triggers%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/74e95fb5-025b-4d4d-a279-844b6ee3e57d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13096.md b/2024/CVE-2024-13096.md new file mode 100644 index 0000000000..b883a4df67 --- /dev/null +++ b/2024/CVE-2024-13096.md @@ -0,0 +1,18 @@ +### [CVE-2024-13096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13096) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Finance&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ca65c478-30bf-4109-93e0-3aedbf4a8264/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13097.md b/2024/CVE-2024-13097.md new file mode 100644 index 0000000000..723c0e2d66 --- /dev/null +++ b/2024/CVE-2024-13097.md @@ -0,0 +1,17 @@ +### [CVE-2024-13097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13097) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Finance&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d83d7274-55ae-4f35-b65e-6d6e19e36fac/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13098.md b/2024/CVE-2024-13098.md new file mode 100644 index 0000000000..da775efa4a --- /dev/null +++ b/2024/CVE-2024-13098.md @@ -0,0 +1,17 @@ +### [CVE-2024-13098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13098) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Email%20Newsletter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/eac71f70-993e-4353-8550-affb24c61c02/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13099.md b/2024/CVE-2024-13099.md new file mode 100644 index 0000000000..1feca2bccd --- /dev/null +++ b/2024/CVE-2024-13099.md @@ -0,0 +1,17 @@ +### [CVE-2024-13099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13099) +![](https://img.shields.io/static/v1?label=Product&message=Widget4Call&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a0cabf5c-7b01-4163-834b-a134db3a90b4/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13100.md b/2024/CVE-2024-13100.md new file mode 100644 index 0000000000..dd6ec34253 --- /dev/null +++ b/2024/CVE-2024-13100.md @@ -0,0 +1,17 @@ +### [CVE-2024-13100](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13100) +![](https://img.shields.io/static/v1?label=Product&message=OPSI%20Israel%20Domestic%20Shipments&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b9261010-ab55-4d18-8fd2-2003f8692ae8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13101.md b/2024/CVE-2024-13101.md new file mode 100644 index 0000000000..6c081b728b --- /dev/null +++ b/2024/CVE-2024-13101.md @@ -0,0 +1,17 @@ +### [CVE-2024-13101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13101) +![](https://img.shields.io/static/v1?label=Product&message=WP%20MediaTagger&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/03f51b54-0ec2-40ce-a0fa-ef0c4ab0ea99/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13112.md b/2024/CVE-2024-13112.md new file mode 100644 index 0000000000..b2d9bc6719 --- /dev/null +++ b/2024/CVE-2024-13112.md @@ -0,0 +1,17 @@ +### [CVE-2024-13112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13112) +![](https://img.shields.io/static/v1?label=Product&message=WP%20MediaTagger&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/155df231-30ef-47bb-aa91-a7deb1779bd1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13113.md b/2024/CVE-2024-13113.md new file mode 100644 index 0000000000..f46d0b360a --- /dev/null +++ b/2024/CVE-2024-13113.md @@ -0,0 +1,17 @@ +### [CVE-2024-13113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13113) +![](https://img.shields.io/static/v1?label=Product&message=Countdown%20Timer%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ffc31d9d-d245-4c4b-992d-394a01798117/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13114.md b/2024/CVE-2024-13114.md new file mode 100644 index 0000000000..d986d87bbb --- /dev/null +++ b/2024/CVE-2024-13114.md @@ -0,0 +1,17 @@ +### [CVE-2024-13114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13114) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Projects%20Portfolio%20with%20Client%20Testimonials&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0cecda12-590a-42a6-b10b-e0efe7fb3a3a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13115.md b/2024/CVE-2024-13115.md new file mode 100644 index 0000000000..114164627b --- /dev/null +++ b/2024/CVE-2024-13115.md @@ -0,0 +1,18 @@ +### [CVE-2024-13115](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13115) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Projects%20Portfolio%20with%20Client%20Testimonials&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/76e46727-3995-4442-bbcb-04e793d72108/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13116.md b/2024/CVE-2024-13116.md new file mode 100644 index 0000000000..74db6a469f --- /dev/null +++ b/2024/CVE-2024-13116.md @@ -0,0 +1,17 @@ +### [CVE-2024-13116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13116) +![](https://img.shields.io/static/v1?label=Product&message=Crelly%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1755c8ad-7620-4b12-bba0-013e80c2691b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13117.md b/2024/CVE-2024-13117.md new file mode 100644 index 0000000000..fd65a986dd --- /dev/null +++ b/2024/CVE-2024-13117.md @@ -0,0 +1,17 @@ +### [CVE-2024-13117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13117) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Share%20Buttons%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3234cdac-f328-4f1e-a1de-31fbd86aefb9/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13118.md b/2024/CVE-2024-13118.md new file mode 100644 index 0000000000..59f5ee85a0 --- /dev/null +++ b/2024/CVE-2024-13118.md @@ -0,0 +1,17 @@ +### [CVE-2024-13118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13118) +![](https://img.shields.io/static/v1?label=Product&message=IP%20Based%20Login&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/eba6f98e-b931-4f02-b190-ca855a674839/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13119.md b/2024/CVE-2024-13119.md new file mode 100644 index 0000000000..4943c756e6 --- /dev/null +++ b/2024/CVE-2024-13119.md @@ -0,0 +1,17 @@ +### [CVE-2024-13119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13119) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Membership%20Plugin%2C%20Ecommerce%2C%20User%20Registration%20Form%2C%20Login%20Form%2C%20User%20Profile%20%26%20Restrict%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.15.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/32600a45-a8cd-446c-9aa2-0621a02a9754/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13120.md b/2024/CVE-2024-13120.md new file mode 100644 index 0000000000..6cae04fafa --- /dev/null +++ b/2024/CVE-2024-13120.md @@ -0,0 +1,17 @@ +### [CVE-2024-13120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13120) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Membership%20Plugin%2C%20Ecommerce%2C%20User%20Registration%20Form%2C%20Login%20Form%2C%20User%20Profile%20%26%20Restrict%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.15.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5b70798c-c30d-42e6-ac72-821c5568b9b5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13121.md b/2024/CVE-2024-13121.md new file mode 100644 index 0000000000..c4905eb827 --- /dev/null +++ b/2024/CVE-2024-13121.md @@ -0,0 +1,17 @@ +### [CVE-2024-13121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13121) +![](https://img.shields.io/static/v1?label=Product&message=Paid%20Membership%20Plugin%2C%20Ecommerce%2C%20User%20Registration%20Form%2C%20Login%20Form%2C%20User%20Profile%20%26%20Restrict%20Content&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.15.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/59ee8fe5-4820-4d52-b17a-7044631c40c1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13122.md b/2024/CVE-2024-13122.md new file mode 100644 index 0000000000..2fd101ed1e --- /dev/null +++ b/2024/CVE-2024-13122.md @@ -0,0 +1,17 @@ +### [CVE-2024-13122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13122) +![](https://img.shields.io/static/v1?label=Product&message=AFI&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.100.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/512721cb-e544-4d26-87ca-43d83e77f8e4/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13123.md b/2024/CVE-2024-13123.md new file mode 100644 index 0000000000..fe1bf82961 --- /dev/null +++ b/2024/CVE-2024-13123.md @@ -0,0 +1,17 @@ +### [CVE-2024-13123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13123) +![](https://img.shields.io/static/v1?label=Product&message=AFI&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.100.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/417178de-17ff-438c-a36c-b90db6486a46/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13124.md b/2024/CVE-2024-13124.md new file mode 100644 index 0000000000..7b1c89091f --- /dev/null +++ b/2024/CVE-2024-13124.md @@ -0,0 +1,17 @@ +### [CVE-2024-13124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13124) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.33%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5b3bf87b-73a1-47e8-bb00-0dfded07b191/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13125.md b/2024/CVE-2024-13125.md new file mode 100644 index 0000000000..6ad1e6621e --- /dev/null +++ b/2024/CVE-2024-13125.md @@ -0,0 +1,17 @@ +### [CVE-2024-13125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13125) +![](https://img.shields.io/static/v1?label=Product&message=Everest%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f60a8358-1765-4cae-9c89-0d75c5e394ec/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13126.md b/2024/CVE-2024-13126.md new file mode 100644 index 0000000000..ca91b0bd4b --- /dev/null +++ b/2024/CVE-2024-13126.md @@ -0,0 +1,17 @@ +### [CVE-2024-13126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13126) +![](https://img.shields.io/static/v1?label=Product&message=Download%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3.07%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) + +### Description + +The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13127.md b/2024/CVE-2024-13127.md new file mode 100644 index 0000000000..869ba4d0a6 --- /dev/null +++ b/2024/CVE-2024-13127.md @@ -0,0 +1,17 @@ +### [CVE-2024-13127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13127) +![](https://img.shields.io/static/v1?label=Product&message=LearnPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.2.7.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/003ac248-74db-4b83-af0b-aa37ffb9b3d3/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13128.md b/2024/CVE-2024-13128.md new file mode 100644 index 0000000000..bfd27a54b4 --- /dev/null +++ b/2024/CVE-2024-13128.md @@ -0,0 +1,17 @@ +### [CVE-2024-13128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13128) +![](https://img.shields.io/static/v1?label=Product&message=LearnPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.2.7.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1506a339-f85a-408a-8efa-ca83eb3b3ffb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1313.md b/2024/CVE-2024-1313.md index 5051a94e9a..d174f3ce69 100644 --- a/2024/CVE-2024-1313.md +++ b/2024/CVE-2024-1313.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-13146.md b/2024/CVE-2024-13146.md new file mode 100644 index 0000000000..eb18d9e067 --- /dev/null +++ b/2024/CVE-2024-13146.md @@ -0,0 +1,17 @@ +### [CVE-2024-13146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13146) +![](https://img.shields.io/static/v1?label=Product&message=Booknetic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/19cb40dd-53b0-46db-beb0-1841e385ce09/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13159.md b/2024/CVE-2024-13159.md new file mode 100644 index 0000000000..41ca2ea08a --- /dev/null +++ b/2024/CVE-2024-13159.md @@ -0,0 +1,22 @@ +### [CVE-2024-13159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13159) +![](https://img.shields.io/static/v1?label=Product&message=Endpoint%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-36%20Absolute%20Path%20Traversal&color=brighgreen) + +### Description + +Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/hogehuga/cveTreage +- https://github.com/horizon3ai/Ivanti-EPM-Coercion-Vulnerabilities +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13160.md b/2024/CVE-2024-13160.md new file mode 100644 index 0000000000..954ef45c60 --- /dev/null +++ b/2024/CVE-2024-13160.md @@ -0,0 +1,20 @@ +### [CVE-2024-13160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13160) +![](https://img.shields.io/static/v1?label=Product&message=Endpoint%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-36%20Absolute%20Path%20Traversal&color=brighgreen) + +### Description + +Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/hogehuga/cveTreage +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-13161.md b/2024/CVE-2024-13161.md new file mode 100644 index 0000000000..9bbab6d22f --- /dev/null +++ b/2024/CVE-2024-13161.md @@ -0,0 +1,19 @@ +### [CVE-2024-13161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13161) +![](https://img.shields.io/static/v1?label=Product&message=Endpoint%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-36%20Absolute%20Path%20Traversal&color=brighgreen) + +### Description + +Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hogehuga/cveTreage +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-13176.md b/2024/CVE-2024-13176.md new file mode 100644 index 0000000000..28f1466941 --- /dev/null +++ b/2024/CVE-2024-13176.md @@ -0,0 +1,18 @@ +### [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) +![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.4.0%3C%203.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-385%20Covert%20Timing%20Channel&color=brighgreen) + +### Description + +Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature computation.Impact summary: A timing side-channel in ECDSA signature computationscould allow recovering the private key by an attacker. However, measuringthe timing would require either local access to the signing application ora very fast network connection with low latency.There is a timing signal of around 300 nanoseconds when the top word ofthe inverted ECDSA nonce value is zero. This can happen with significantprobability only for some of the supported elliptic curves. In particularthe NIST P-521 curve is affected. To be able to measure this leak, the attackerprocess must either be located in the same physical computer or musthave a very fast network connection with low latency. For that reasonthe severity of this vulnerability is Low.The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Myash-New/05-virt-04-docker-in-practice +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-13184.md b/2024/CVE-2024-13184.md new file mode 100644 index 0000000000..f0c6b0d6e1 --- /dev/null +++ b/2024/CVE-2024-13184.md @@ -0,0 +1,17 @@ +### [CVE-2024-13184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13184) +![](https://img.shields.io/static/v1?label=Product&message=The%20Ultimate%20WordPress%20Toolkit%20%E2%80%93%20WP%20Extended&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13184 + diff --git a/2024/CVE-2024-13198.md b/2024/CVE-2024-13198.md new file mode 100644 index 0000000000..6b965b9be4 --- /dev/null +++ b/2024/CVE-2024-13198.md @@ -0,0 +1,18 @@ +### [CVE-2024-13198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13198) +![](https://img.shields.io/static/v1?label=Product&message=Mblog%20Blog%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Exposure%20Through%20Discrepancy&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20Response%20Discrepancy&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-13199.md b/2024/CVE-2024-13199.md new file mode 100644 index 0000000000..002cc6dcc7 --- /dev/null +++ b/2024/CVE-2024-13199.md @@ -0,0 +1,18 @@ +### [CVE-2024-13199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13199) +![](https://img.shields.io/static/v1?label=Product&message=Mblog%20Blog%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cydtseng/Vulnerability-Research + diff --git a/2024/CVE-2024-13203.md b/2024/CVE-2024-13203.md new file mode 100644 index 0000000000..1a2b1d4506 --- /dev/null +++ b/2024/CVE-2024-13203.md @@ -0,0 +1,18 @@ +### [CVE-2024-13203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13203) +![](https://img.shields.io/static/v1?label=Product&message=E-Commerce-PHP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authorization&color=brighgreen) + +### Description + +A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13204.md b/2024/CVE-2024-13204.md new file mode 100644 index 0000000000..82316da08a --- /dev/null +++ b/2024/CVE-2024-13204.md @@ -0,0 +1,18 @@ +### [CVE-2024-13204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13204) +![](https://img.shields.io/static/v1?label=Product&message=E-Commerce-PHP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1 + +#### Github +- https://github.com/YZS17/CVE + diff --git a/2024/CVE-2024-13205.md b/2024/CVE-2024-13205.md new file mode 100644 index 0000000000..dbb9f50d97 --- /dev/null +++ b/2024/CVE-2024-13205.md @@ -0,0 +1,18 @@ +### [CVE-2024-13205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13205) +![](https://img.shields.io/static/v1?label=Product&message=E-Commerce-PHP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13207.md b/2024/CVE-2024-13207.md new file mode 100644 index 0000000000..88d91b15e1 --- /dev/null +++ b/2024/CVE-2024-13207.md @@ -0,0 +1,17 @@ +### [CVE-2024-13207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13207) +![](https://img.shields.io/static/v1?label=Product&message=Widget%20for%20Social%20Page%20Feeds&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c3e27fa2-b6dd-48eb-83ec-99dc034eff38/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13208.md b/2024/CVE-2024-13208.md new file mode 100644 index 0000000000..c648582849 --- /dev/null +++ b/2024/CVE-2024-13208.md @@ -0,0 +1,17 @@ +### [CVE-2024-13208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13208) +![](https://img.shields.io/static/v1?label=Product&message=Maps%20Plugin%20using%20Google%20Maps%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.9.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f86d4f64-208f-407f-8d2c-a89b5e0ac777/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13209.md b/2024/CVE-2024-13209.md new file mode 100644 index 0000000000..9011710e1f --- /dev/null +++ b/2024/CVE-2024-13209.md @@ -0,0 +1,19 @@ +### [CVE-2024-13209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13209) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.18.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/geo-chen/Redaxo +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13218.md b/2024/CVE-2024-13218.md new file mode 100644 index 0000000000..e606444f4a --- /dev/null +++ b/2024/CVE-2024-13218.md @@ -0,0 +1,17 @@ +### [CVE-2024-13218](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13218) +![](https://img.shields.io/static/v1?label=Product&message=Fast%20Tube&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/79eb9432-3e3c-4a23-88a8-05aa3146061c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13219.md b/2024/CVE-2024-13219.md new file mode 100644 index 0000000000..a7809ba9fc --- /dev/null +++ b/2024/CVE-2024-13219.md @@ -0,0 +1,17 @@ +### [CVE-2024-13219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13219) +![](https://img.shields.io/static/v1?label=Product&message=Privacy%20Policy%20Genius&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3ad02238-dce1-48ce-986f-fef36b110b2d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13220.md b/2024/CVE-2024-13220.md new file mode 100644 index 0000000000..c542067364 --- /dev/null +++ b/2024/CVE-2024-13220.md @@ -0,0 +1,17 @@ +### [CVE-2024-13220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13220) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Google%20Map%20Professional%20(Map%20In%20Your%20Language)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/33ef27b4-e88f-46ec-9b3f-0a3e16d6f82e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13221.md b/2024/CVE-2024-13221.md new file mode 100644 index 0000000000..f66e437d6f --- /dev/null +++ b/2024/CVE-2024-13221.md @@ -0,0 +1,17 @@ +### [CVE-2024-13221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13221) +![](https://img.shields.io/static/v1?label=Product&message=Fantastic%20ElasticSearch&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/693f4cc4-a082-46bc-abc9-a08919f70157/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13222.md b/2024/CVE-2024-13222.md new file mode 100644 index 0000000000..69e1f8ff5f --- /dev/null +++ b/2024/CVE-2024-13222.md @@ -0,0 +1,17 @@ +### [CVE-2024-13222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13222) +![](https://img.shields.io/static/v1?label=Product&message=User%20Messages&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/069e1f81-448d-4d27-b288-87111dade2f2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13223.md b/2024/CVE-2024-13223.md new file mode 100644 index 0000000000..94ca3ef05a --- /dev/null +++ b/2024/CVE-2024-13223.md @@ -0,0 +1,17 @@ +### [CVE-2024-13223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13223) +![](https://img.shields.io/static/v1?label=Product&message=Tabulate&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e3a52af1-7cb6-4361-b1c7-a50e0cc62fb1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13224.md b/2024/CVE-2024-13224.md new file mode 100644 index 0000000000..4a2a4c1151 --- /dev/null +++ b/2024/CVE-2024-13224.md @@ -0,0 +1,17 @@ +### [CVE-2024-13224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13224) +![](https://img.shields.io/static/v1?label=Product&message=SlideDeck%201%20Lite%20Content%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/32a90907-e82f-41b3-b20e-d10a722e2999/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13225.md b/2024/CVE-2024-13225.md new file mode 100644 index 0000000000..31c0ee638f --- /dev/null +++ b/2024/CVE-2024-13225.md @@ -0,0 +1,17 @@ +### [CVE-2024-13225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13225) +![](https://img.shields.io/static/v1?label=Product&message=ECT%20Home%20Page%20Products&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8efd7d62-3f74-4108-970e-bd5ed24914ff/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13226.md b/2024/CVE-2024-13226.md new file mode 100644 index 0000000000..8a7606685f --- /dev/null +++ b/2024/CVE-2024-13226.md @@ -0,0 +1,17 @@ +### [CVE-2024-13226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13226) +![](https://img.shields.io/static/v1?label=Product&message=A5%20Custom%20Login%20Page&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/dd09fe99-2334-4d6f-8a70-e1cd856b1486/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13306.md b/2024/CVE-2024-13306.md new file mode 100644 index 0000000000..57fe9aca12 --- /dev/null +++ b/2024/CVE-2024-13306.md @@ -0,0 +1,17 @@ +### [CVE-2024-13306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13306) +![](https://img.shields.io/static/v1?label=Product&message=Maps%20Plugin%20using%20Google%20Maps%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.9.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ec3096f2-60fd-4654-9e95-5cf4b20b2990/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1331.md b/2024/CVE-2024-1331.md index 27c95584da..bc31f171c5 100644 --- a/2024/CVE-2024-1331.md +++ b/2024/CVE-2024-1331.md @@ -13,6 +13,7 @@ The Team Members WordPress plugin before 5.3.2 does not validate and escape some - https://wpscan.com/vulnerability/b2bac900-3d8f-406c-b03d-c8db156acc59/ #### Github +- https://github.com/Davida-AduGyamfi/INPT - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-13313.md b/2024/CVE-2024-13313.md new file mode 100644 index 0000000000..5ab98e24f8 --- /dev/null +++ b/2024/CVE-2024-13313.md @@ -0,0 +1,17 @@ +### [CVE-2024-13313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13313) +![](https://img.shields.io/static/v1?label=Product&message=AWeber&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/cc35b2f4-f1f1-4ed3-91b2-025bd5848b29/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13314.md b/2024/CVE-2024-13314.md new file mode 100644 index 0000000000..5676ebeb3c --- /dev/null +++ b/2024/CVE-2024-13314.md @@ -0,0 +1,17 @@ +### [CVE-2024-13314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13314) +![](https://img.shields.io/static/v1?label=Product&message=Carousel%2C%20Slider%2C%20Gallery%20by%20WP%20Carousel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ae234bbe-a4af-49f5-8e0a-4fb960821e05/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13322.md b/2024/CVE-2024-13322.md new file mode 100644 index 0000000000..b403b58860 --- /dev/null +++ b/2024/CVE-2024-13322.md @@ -0,0 +1,18 @@ +### [CVE-2024-13322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13322) +![](https://img.shields.io/static/v1?label=Product&message=Ads%20Pro%20Plugin%20-%20Multi-Purpose%20WordPress%20Advertising%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.88%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/l0928h/kate + diff --git a/2024/CVE-2024-13325.md b/2024/CVE-2024-13325.md new file mode 100644 index 0000000000..31f6bddbb2 --- /dev/null +++ b/2024/CVE-2024-13325.md @@ -0,0 +1,17 @@ +### [CVE-2024-13325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13325) +![](https://img.shields.io/static/v1?label=Product&message=Glossy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/49bddf87-c578-47b7-a8fb-4dc550bbaa47/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13326.md b/2024/CVE-2024-13326.md new file mode 100644 index 0000000000..13504e21a0 --- /dev/null +++ b/2024/CVE-2024-13326.md @@ -0,0 +1,17 @@ +### [CVE-2024-13326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13326) +![](https://img.shields.io/static/v1?label=Product&message=iBuildApp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/dc1f755e-63f2-4f5d-a50e-9e2c589e6e4f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13327.md b/2024/CVE-2024-13327.md new file mode 100644 index 0000000000..fea87fe5be --- /dev/null +++ b/2024/CVE-2024-13327.md @@ -0,0 +1,17 @@ +### [CVE-2024-13327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13327) +![](https://img.shields.io/static/v1?label=Product&message=Musicbox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/abc8f3e1-2aee-44f0-8ecd-0ea424c0540a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13328.md b/2024/CVE-2024-13328.md new file mode 100644 index 0000000000..79e7612372 --- /dev/null +++ b/2024/CVE-2024-13328.md @@ -0,0 +1,17 @@ +### [CVE-2024-13328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13328) +![](https://img.shields.io/static/v1?label=Product&message=Giga%20Messenger&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/543a209b-c43c-46fc-8369-edb3b7e0ca98/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13329.md b/2024/CVE-2024-13329.md new file mode 100644 index 0000000000..5657b52ccd --- /dev/null +++ b/2024/CVE-2024-13329.md @@ -0,0 +1,17 @@ +### [CVE-2024-13329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13329) +![](https://img.shields.io/static/v1?label=Product&message=Solidres&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f923e557-dc3c-43b7-9545-9e92751c9783/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13330.md b/2024/CVE-2024-13330.md new file mode 100644 index 0000000000..7a0ebea96d --- /dev/null +++ b/2024/CVE-2024-13330.md @@ -0,0 +1,17 @@ +### [CVE-2024-13330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13330) +![](https://img.shields.io/static/v1?label=Product&message=JustRows%20free&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b0360650-8c7a-4e17-8618-b5ef1c71ccbf/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13331.md b/2024/CVE-2024-13331.md new file mode 100644 index 0000000000..657d710542 --- /dev/null +++ b/2024/CVE-2024-13331.md @@ -0,0 +1,17 @@ +### [CVE-2024-13331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13331) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Dream%20Carousel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6425ccff-2e18-4498-b8b1-d493286efc7b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13332.md b/2024/CVE-2024-13332.md new file mode 100644 index 0000000000..f6e8b92f80 --- /dev/null +++ b/2024/CVE-2024-13332.md @@ -0,0 +1,17 @@ +### [CVE-2024-13332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13332) +![](https://img.shields.io/static/v1?label=Product&message=TransFinanz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/35b53a2d-9a8b-49e7-9553-ea09c9c50d66/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13334.md b/2024/CVE-2024-13334.md new file mode 100644 index 0000000000..28780fe5cd --- /dev/null +++ b/2024/CVE-2024-13334.md @@ -0,0 +1,17 @@ +### [CVE-2024-13334](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13334) +![](https://img.shields.io/static/v1?label=Product&message=Car%20Demon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-13345.md b/2024/CVE-2024-13345.md new file mode 100644 index 0000000000..5ea0cedd13 --- /dev/null +++ b/2024/CVE-2024-13345.md @@ -0,0 +1,17 @@ +### [CVE-2024-13345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13345) +![](https://img.shields.io/static/v1?label=Product&message=Avada%20(Fusion)%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.11.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/itm4n/CVEs + diff --git a/2024/CVE-2024-13346.md b/2024/CVE-2024-13346.md new file mode 100644 index 0000000000..af4afc34e1 --- /dev/null +++ b/2024/CVE-2024-13346.md @@ -0,0 +1,19 @@ +### [CVE-2024-13346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13346) +![](https://img.shields.io/static/v1?label=Product&message=Avada%20%7C%20Website%20Builder%20For%20WordPress%20%26%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.11.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/itm4n/CVEs +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/tausifzaman/CVE-2024-13346 + diff --git a/2024/CVE-2024-13347.md b/2024/CVE-2024-13347.md new file mode 100644 index 0000000000..9ec9866a42 --- /dev/null +++ b/2024/CVE-2024-13347.md @@ -0,0 +1,17 @@ +### [CVE-2024-13347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13347) +![](https://img.shields.io/static/v1?label=Product&message=Essential%20WP%20Real%20Estate&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e2f97636-4c67-409a-83c6-ad6255aa2cc5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13352.md b/2024/CVE-2024-13352.md new file mode 100644 index 0000000000..b9ff7b69f1 --- /dev/null +++ b/2024/CVE-2024-13352.md @@ -0,0 +1,17 @@ +### [CVE-2024-13352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13352) +![](https://img.shields.io/static/v1?label=Product&message=Legull&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2c141cc0-f79e-42bd-97a6-98829647104c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13357.md b/2024/CVE-2024-13357.md new file mode 100644 index 0000000000..9123896c50 --- /dev/null +++ b/2024/CVE-2024-13357.md @@ -0,0 +1,17 @@ +### [CVE-2024-13357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13357) +![](https://img.shields.io/static/v1?label=Product&message=Ditty&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.52%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d134bb34-6324-4bc8-943e-4e743d00fcb2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13375.md b/2024/CVE-2024-13375.md new file mode 100644 index 0000000000..aca29e8b12 --- /dev/null +++ b/2024/CVE-2024-13375.md @@ -0,0 +1,17 @@ +### [CVE-2024-13375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13375) +![](https://img.shields.io/static/v1?label=Product&message=Adifier%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-620%20Unverified%20Password%20Change&color=brighgreen) + +### Description + +The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13381.md b/2024/CVE-2024-13381.md new file mode 100644 index 0000000000..9a6e946b10 --- /dev/null +++ b/2024/CVE-2024-13381.md @@ -0,0 +1,17 @@ +### [CVE-2024-13381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13381) +![](https://img.shields.io/static/v1?label=Product&message=Calculated%20Fields%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.2.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/da099e52-7f7b-4d76-a0bc-a46315510e0a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13382.md b/2024/CVE-2024-13382.md new file mode 100644 index 0000000000..f4278f4882 --- /dev/null +++ b/2024/CVE-2024-13382.md @@ -0,0 +1,17 @@ +### [CVE-2024-13382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13382) +![](https://img.shields.io/static/v1?label=Product&message=Calculated%20Fields%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.2.64%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/925de4af-fc71-45ae-8454-7e4f70be13ca/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13383.md b/2024/CVE-2024-13383.md new file mode 100644 index 0000000000..ab10cf511d --- /dev/null +++ b/2024/CVE-2024-13383.md @@ -0,0 +1,17 @@ +### [CVE-2024-13383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13383) +![](https://img.shields.io/static/v1?label=Product&message=HD%20Quiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/85bc905d-c960-4399-a879-2d18a4b03007/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13384.md b/2024/CVE-2024-13384.md new file mode 100644 index 0000000000..a39d52f04d --- /dev/null +++ b/2024/CVE-2024-13384.md @@ -0,0 +1,17 @@ +### [CVE-2024-13384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13384) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Gallery%2C%20Images%2C%20Slider%20in%20Rbs%20Image%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.24%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f65d8a83-6ce8-40be-8633-deffd555c349/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1342.md b/2024/CVE-2024-1342.md index 4397103dca..bc643ed7c9 100644 --- a/2024/CVE-2024-1342.md +++ b/2024/CVE-2024-1342.md @@ -1,11 +1,11 @@ ### [CVE-2024-1342](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1342) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF. +** REJECT ** Unable to reproduce. ### POC diff --git a/2024/CVE-2024-13454.md b/2024/CVE-2024-13454.md new file mode 100644 index 0000000000..4e2721afab --- /dev/null +++ b/2024/CVE-2024-13454.md @@ -0,0 +1,17 @@ +### [CVE-2024-13454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13454) +![](https://img.shields.io/static/v1?label=Product&message=Easy-RSA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.0.5%3C%3D%203.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-326%20Inadequate%20Encryption%20Strength&color=brighgreen) + +### Description + +Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2024/CVE-2024-1347.md b/2024/CVE-2024-1347.md index 6e630975ca..7d12be0dbf 100644 --- a/2024/CVE-2024-1347.md +++ b/2024/CVE-2024-1347.md @@ -1,7 +1,7 @@ ### [CVE-2024-1347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1347) ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0.0%3C%2016.9.6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-290%3A%20Authentication%20Bypass%20by%20Spoofing&color=brighgreen) ### Description diff --git a/2024/CVE-2024-13478.md b/2024/CVE-2024-13478.md new file mode 100644 index 0000000000..088367b10c --- /dev/null +++ b/2024/CVE-2024-13478.md @@ -0,0 +1,18 @@ +### [CVE-2024-13478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13478) +![](https://img.shields.io/static/v1?label=Product&message=LTL%20Freight%20Quotes%20%E2%80%93%20TForce%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13478 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13479.md b/2024/CVE-2024-13479.md new file mode 100644 index 0000000000..3535348d0a --- /dev/null +++ b/2024/CVE-2024-13479.md @@ -0,0 +1,18 @@ +### [CVE-2024-13479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13479) +![](https://img.shields.io/static/v1?label=Product&message=LTL%20Freight%20Quotes%20%E2%80%93%20SEFL%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.2.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13479 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13481.md b/2024/CVE-2024-13481.md new file mode 100644 index 0000000000..2209ff6c00 --- /dev/null +++ b/2024/CVE-2024-13481.md @@ -0,0 +1,18 @@ +### [CVE-2024-13481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13481) +![](https://img.shields.io/static/v1?label=Product&message=LTL%20Freight%20Quotes%20%E2%80%93%20R%2BL%20Carriers%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.3.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13481 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13482.md b/2024/CVE-2024-13482.md new file mode 100644 index 0000000000..2a7a834fa7 --- /dev/null +++ b/2024/CVE-2024-13482.md @@ -0,0 +1,18 @@ +### [CVE-2024-13482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13482) +![](https://img.shields.io/static/v1?label=Product&message=Icegram%20Engage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/83ae33d0-4fc1-4186-9d70-b854a16df3a7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13483.md b/2024/CVE-2024-13483.md new file mode 100644 index 0000000000..efd00e2e3a --- /dev/null +++ b/2024/CVE-2024-13483.md @@ -0,0 +1,18 @@ +### [CVE-2024-13483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13483) +![](https://img.shields.io/static/v1?label=Product&message=LTL%20Freight%20Quotes%20%E2%80%93%20SAIA%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13483 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13485.md b/2024/CVE-2024-13485.md new file mode 100644 index 0000000000..58b7644371 --- /dev/null +++ b/2024/CVE-2024-13485.md @@ -0,0 +1,18 @@ +### [CVE-2024-13485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13485) +![](https://img.shields.io/static/v1?label=Product&message=LTL%20Freight%20Quotes%20%E2%80%93%20ABF%20Freight%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.3.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13485 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13486.md b/2024/CVE-2024-13486.md new file mode 100644 index 0000000000..89b7361d54 --- /dev/null +++ b/2024/CVE-2024-13486.md @@ -0,0 +1,17 @@ +### [CVE-2024-13486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13486) +![](https://img.shields.io/static/v1?label=Product&message=Icegram%20Engage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/cbba8346-41f6-46ee-89ae-ed9524d768ef/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13488.md b/2024/CVE-2024-13488.md new file mode 100644 index 0000000000..43644a9e3c --- /dev/null +++ b/2024/CVE-2024-13488.md @@ -0,0 +1,18 @@ +### [CVE-2024-13488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13488) +![](https://img.shields.io/static/v1?label=Product&message=LTL%20Freight%20Quotes%20%E2%80%93%20Estes%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.3.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13488 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13489.md b/2024/CVE-2024-13489.md new file mode 100644 index 0000000000..1a11209137 --- /dev/null +++ b/2024/CVE-2024-13489.md @@ -0,0 +1,18 @@ +### [CVE-2024-13489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13489) +![](https://img.shields.io/static/v1?label=Product&message=LTL%20Freight%20Quotes%20%E2%80%93%20Old%20Dominion%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.2.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13489 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13492.md b/2024/CVE-2024-13492.md new file mode 100644 index 0000000000..37ffe96634 --- /dev/null +++ b/2024/CVE-2024-13492.md @@ -0,0 +1,17 @@ +### [CVE-2024-13492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13492) +![](https://img.shields.io/static/v1?label=Product&message=Guten%20Free%20Options&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a4a75b75-4801-4ed4-bcc6-4874ac169562/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13493.md b/2024/CVE-2024-13493.md new file mode 100644 index 0000000000..ffb6f192ae --- /dev/null +++ b/2024/CVE-2024-13493.md @@ -0,0 +1,17 @@ +### [CVE-2024-13493](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13493) +![](https://img.shields.io/static/v1?label=Product&message=Sensly%20Online%20Presence&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/dfbdd474-92e5-422b-a185-e441a6014557/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13496.md b/2024/CVE-2024-13496.md new file mode 100644 index 0000000000..476fe0b7df --- /dev/null +++ b/2024/CVE-2024-13496.md @@ -0,0 +1,17 @@ +### [CVE-2024-13496](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13496) +![](https://img.shields.io/static/v1?label=Product&message=GamiPress%20%E2%80%93%20Gamification%20plugin%20to%20reward%20points%2C%20achievements%2C%20badges%20%26%20ranks%20in%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This vulnerability was previously published as being fixed in version 7.2.2 which was incorrect. The correct fixed version is 7.3.2. + +### POC + +#### Reference +- https://abrahack.com/posts/gamipress-sqli/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13513.md b/2024/CVE-2024-13513.md new file mode 100644 index 0000000000..86df7afb7d --- /dev/null +++ b/2024/CVE-2024-13513.md @@ -0,0 +1,18 @@ +### [CVE-2024-13513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13513) +![](https://img.shields.io/static/v1?label=Product&message=Oliver%20POS%20%E2%80%93%20A%20WooCommerce%20Point%20of%20Sale%20(POS)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.4.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KTN1990/CVE-2024-13513 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13524.md b/2024/CVE-2024-13524.md new file mode 100644 index 0000000000..db025e520a --- /dev/null +++ b/2024/CVE-2024-13524.md @@ -0,0 +1,17 @@ +### [CVE-2024-13524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13524) +![](https://img.shields.io/static/v1?label=Product&message=OBS%20Studio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2030.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Untrusted%20Search%20Path&color=brighgreen) + +### Description + +A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. The vendor disagrees that this issue is "something worth reporting, as every attack surface requires privileged access/user compromise". + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/south-america-cve-hall + diff --git a/2024/CVE-2024-13543.md b/2024/CVE-2024-13543.md new file mode 100644 index 0000000000..acf8af4bd0 --- /dev/null +++ b/2024/CVE-2024-13543.md @@ -0,0 +1,17 @@ +### [CVE-2024-13543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13543) +![](https://img.shields.io/static/v1?label=Product&message=Zarinpal%20Paid%20Download&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/04a545c4-75d3-4672-8530-00bb879991ca/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13544.md b/2024/CVE-2024-13544.md new file mode 100644 index 0000000000..1d5df37fb2 --- /dev/null +++ b/2024/CVE-2024-13544.md @@ -0,0 +1,17 @@ +### [CVE-2024-13544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13544) +![](https://img.shields.io/static/v1?label=Product&message=Zarinpal%20Paid%20Download&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/91884263-62a7-436e-b19f-682b1aeb37d6/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13569.md b/2024/CVE-2024-13569.md new file mode 100644 index 0000000000..a519f52bbe --- /dev/null +++ b/2024/CVE-2024-13569.md @@ -0,0 +1,17 @@ +### [CVE-2024-13569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13569) +![](https://img.shields.io/static/v1?label=Product&message=Front%20End%20Users&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b9742440-0e36-4900-b58e-41c9854a62b2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13570.md b/2024/CVE-2024-13570.md new file mode 100644 index 0000000000..b3be6f5e92 --- /dev/null +++ b/2024/CVE-2024-13570.md @@ -0,0 +1,17 @@ +### [CVE-2024-13570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13570) +![](https://img.shields.io/static/v1?label=Product&message=Stray%20Random%20Quotes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/26019036-f7e4-4ef5-85d4-7d5fda18823e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13571.md b/2024/CVE-2024-13571.md new file mode 100644 index 0000000000..73a8af31c7 --- /dev/null +++ b/2024/CVE-2024-13571.md @@ -0,0 +1,17 @@ +### [CVE-2024-13571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13571) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Timeline&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ad6ad44d-fdc3-494c-a371-5d7959d1fd23/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13574.md b/2024/CVE-2024-13574.md new file mode 100644 index 0000000000..f1c5a3fab3 --- /dev/null +++ b/2024/CVE-2024-13574.md @@ -0,0 +1,17 @@ +### [CVE-2024-13574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13574) +![](https://img.shields.io/static/v1?label=Product&message=XV%20Random%20Quotes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7eb9ef20-5d34-425e-b7fc-38a769d0a822/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13580.md b/2024/CVE-2024-13580.md new file mode 100644 index 0000000000..3ece01da2e --- /dev/null +++ b/2024/CVE-2024-13580.md @@ -0,0 +1,18 @@ +### [CVE-2024-13580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13580) +![](https://img.shields.io/static/v1?label=Product&message=XV%20Random%20Quotes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/48cffe03-adcf-4da2-a331-464ae511a805/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13585.md b/2024/CVE-2024-13585.md new file mode 100644 index 0000000000..c5521a2c92 --- /dev/null +++ b/2024/CVE-2024-13585.md @@ -0,0 +1,17 @@ +### [CVE-2024-13585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13585) +![](https://img.shields.io/static/v1?label=Product&message=Ajax%20Search%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.12.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/270f213a-2fde-471c-ad09-2b44d11891ec/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13597.md b/2024/CVE-2024-13597.md new file mode 100644 index 0000000000..437927f174 --- /dev/null +++ b/2024/CVE-2024-13597.md @@ -0,0 +1,17 @@ +### [CVE-2024-13597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13597) +![](https://img.shields.io/static/v1?label=Product&message=iKSORIS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2079.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form sent to login panel at /softcom/ with a malicious script, what causes the script to run in user's context. This vulnerability has been patched in version 79.0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-13598.md b/2024/CVE-2024-13598.md new file mode 100644 index 0000000000..f334be07b6 --- /dev/null +++ b/2024/CVE-2024-13598.md @@ -0,0 +1,17 @@ +### [CVE-2024-13598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13598) +![](https://img.shields.io/static/v1?label=Product&message=iKSORIS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2079.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into filling such a form with a malicious script will run the code in their's context. This vulnerability has been patched in version 79.0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-13602.md b/2024/CVE-2024-13602.md new file mode 100644 index 0000000000..e2fa16be95 --- /dev/null +++ b/2024/CVE-2024-13602.md @@ -0,0 +1,17 @@ +### [CVE-2024-13602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13602) +![](https://img.shields.io/static/v1?label=Product&message=Poll%20Maker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/05d5010b-94eb-4fd3-b962-e2a16c032b71/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13603.md b/2024/CVE-2024-13603.md new file mode 100644 index 0000000000..d59facc5a4 --- /dev/null +++ b/2024/CVE-2024-13603.md @@ -0,0 +1,17 @@ +### [CVE-2024-13603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13603) +![](https://img.shields.io/static/v1?label=Product&message=Wise%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/234a8d22-e6c6-4819-9ac0-434a96b3462d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13605.md b/2024/CVE-2024-13605.md new file mode 100644 index 0000000000..462e7e620f --- /dev/null +++ b/2024/CVE-2024-13605.md @@ -0,0 +1,17 @@ +### [CVE-2024-13605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13605) +![](https://img.shields.io/static/v1?label=Product&message=Form%20Maker%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.15.33%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d5543b3b-1c28-481b-aba4-9a07d160e1f2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13608.md b/2024/CVE-2024-13608.md new file mode 100644 index 0000000000..1852a41e2c --- /dev/null +++ b/2024/CVE-2024-13608.md @@ -0,0 +1,17 @@ +### [CVE-2024-13608](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13608) +![](https://img.shields.io/static/v1?label=Product&message=Track%20Logins&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/408e6cad-f02d-455a-9943-32da77537da1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13610.md b/2024/CVE-2024-13610.md new file mode 100644 index 0000000000..548ce28149 --- /dev/null +++ b/2024/CVE-2024-13610.md @@ -0,0 +1,17 @@ +### [CVE-2024-13610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13610) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Social%20Media%20Share%20Buttons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/85229528-1110-4d45-b972-8bbcba003a1f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13615.md b/2024/CVE-2024-13615.md new file mode 100644 index 0000000000..2affa4fc99 --- /dev/null +++ b/2024/CVE-2024-13615.md @@ -0,0 +1,17 @@ +### [CVE-2024-13615](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13615) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Share%20Buttons%2C%20Social%20Sharing%20Icons%2C%20Click%20to%20Tweet%20%E2%80%94%20Social%20Media%20Plugin%20by%20Social%20Snap&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e8401973-f4c2-4ccf-a6ad-507dde8d2259/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13616.md b/2024/CVE-2024-13616.md new file mode 100644 index 0000000000..9c8d6deba2 --- /dev/null +++ b/2024/CVE-2024-13616.md @@ -0,0 +1,17 @@ +### [CVE-2024-13616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13616) +![](https://img.shields.io/static/v1?label=Product&message=VikBooking%20Hotel%20Booking%20Engine%20%26%20PMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/44b3a2d9-a2e1-43dd-b27a-1ad9d6015c9b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13617.md b/2024/CVE-2024-13617.md new file mode 100644 index 0000000000..d4b3ea5c9d --- /dev/null +++ b/2024/CVE-2024-13617.md @@ -0,0 +1,17 @@ +### [CVE-2024-13617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13617) +![](https://img.shields.io/static/v1?label=Product&message=aoa-downloadable&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) + +### Description + +The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8d6dd979-21ef-4d14-9c42-bbd1d7b65c53/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13618.md b/2024/CVE-2024-13618.md new file mode 100644 index 0000000000..b144689440 --- /dev/null +++ b/2024/CVE-2024-13618.md @@ -0,0 +1,17 @@ +### [CVE-2024-13618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13618) +![](https://img.shields.io/static/v1?label=Product&message=aoa-downloadable&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d6a78233-3f23-4da4-9bc0-1439cde20a30/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13619.md b/2024/CVE-2024-13619.md new file mode 100644 index 0000000000..c80e743f67 --- /dev/null +++ b/2024/CVE-2024-13619.md @@ -0,0 +1,17 @@ +### [CVE-2024-13619](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13619) +![](https://img.shields.io/static/v1?label=Product&message=LifterLMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/97a7e1a6-0fb3-49e9-86fc-ebb1d426fcca/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13621.md b/2024/CVE-2024-13621.md new file mode 100644 index 0000000000..9113ce95e8 --- /dev/null +++ b/2024/CVE-2024-13621.md @@ -0,0 +1,17 @@ +### [CVE-2024-13621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13621) +![](https://img.shields.io/static/v1?label=Product&message=The%20GDPR%20Framework%20By%20Data443&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5b48ecbb-c459-4c39-825d-61744d36f2fe/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13624.md b/2024/CVE-2024-13624.md new file mode 100644 index 0000000000..46d65ae4d9 --- /dev/null +++ b/2024/CVE-2024-13624.md @@ -0,0 +1,17 @@ +### [CVE-2024-13624](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13624) +![](https://img.shields.io/static/v1?label=Product&message=WPMovieLibrary&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c19b56cc-634f-420f-b6a0-9a10ad159049/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13625.md b/2024/CVE-2024-13625.md new file mode 100644 index 0000000000..2b8e202905 --- /dev/null +++ b/2024/CVE-2024-13625.md @@ -0,0 +1,17 @@ +### [CVE-2024-13625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13625) +![](https://img.shields.io/static/v1?label=Product&message=Tube%20Video%20Ads%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6bfabf1d-86f2-4d29-bc55-d618d757dcc6/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13626.md b/2024/CVE-2024-13626.md new file mode 100644 index 0000000000..0f9844872e --- /dev/null +++ b/2024/CVE-2024-13626.md @@ -0,0 +1,17 @@ +### [CVE-2024-13626](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13626) +![](https://img.shields.io/static/v1?label=Product&message=VR-Frases%20(collect%20%26%20share%20quotes)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/511c6e7a-087f-41ef-9009-2525f332f8c6/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13627.md b/2024/CVE-2024-13627.md new file mode 100644 index 0000000000..4082ee3463 --- /dev/null +++ b/2024/CVE-2024-13627.md @@ -0,0 +1,17 @@ +### [CVE-2024-13627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13627) +![](https://img.shields.io/static/v1?label=Product&message=OWL%20Carousel%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f7e425a1-ae49-4ea6-abe4-42ba2713af8f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13628.md b/2024/CVE-2024-13628.md new file mode 100644 index 0000000000..0517b75712 --- /dev/null +++ b/2024/CVE-2024-13628.md @@ -0,0 +1,17 @@ +### [CVE-2024-13628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13628) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Pricing%20Table&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/34d6c8a2-e70d-485c-a217-4a569c16b079/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13629.md b/2024/CVE-2024-13629.md new file mode 100644 index 0000000000..0b7a880870 --- /dev/null +++ b/2024/CVE-2024-13629.md @@ -0,0 +1,17 @@ +### [CVE-2024-13629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13629) +![](https://img.shields.io/static/v1?label=Product&message=pushBIZ&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The pushBIZ WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5ffb548c-14f1-499d-8bbf-6ecc632cbb8c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13630.md b/2024/CVE-2024-13630.md new file mode 100644 index 0000000000..c09e3887db --- /dev/null +++ b/2024/CVE-2024-13630.md @@ -0,0 +1,17 @@ +### [CVE-2024-13630](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13630) +![](https://img.shields.io/static/v1?label=Product&message=NewsTicker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/15eed487-01ac-4c1e-88f8-26cfa036fb54/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13631.md b/2024/CVE-2024-13631.md new file mode 100644 index 0000000000..4c56676652 --- /dev/null +++ b/2024/CVE-2024-13631.md @@ -0,0 +1,17 @@ +### [CVE-2024-13631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13631) +![](https://img.shields.io/static/v1?label=Product&message=Om%20Stripe&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c991fdd0-cb9d-43ea-bafa-df3b2e806013/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13632.md b/2024/CVE-2024-13632.md new file mode 100644 index 0000000000..dda044f916 --- /dev/null +++ b/2024/CVE-2024-13632.md @@ -0,0 +1,17 @@ +### [CVE-2024-13632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13632) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Extra%20Fields&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/85c5b465-afce-4c68-b5e3-214ec4b5c9f2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13633.md b/2024/CVE-2024-13633.md new file mode 100644 index 0000000000..8cd387f2bc --- /dev/null +++ b/2024/CVE-2024-13633.md @@ -0,0 +1,17 @@ +### [CVE-2024-13633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13633) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20catalogue&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4291d5eb-c006-42b0-accf-90f09f26b6a0/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13634.md b/2024/CVE-2024-13634.md new file mode 100644 index 0000000000..775c0eaa7f --- /dev/null +++ b/2024/CVE-2024-13634.md @@ -0,0 +1,17 @@ +### [CVE-2024-13634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13634) +![](https://img.shields.io/static/v1?label=Product&message=Post%20Sync&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0e60bf74-19fb-441c-85a8-005def36af9a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13667.md b/2024/CVE-2024-13667.md new file mode 100644 index 0000000000..c21a9405e3 --- /dev/null +++ b/2024/CVE-2024-13667.md @@ -0,0 +1,17 @@ +### [CVE-2024-13667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13667) +![](https://img.shields.io/static/v1?label=Product&message=Uncode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +- https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13668.md b/2024/CVE-2024-13668.md new file mode 100644 index 0000000000..a40ddc6d56 --- /dev/null +++ b/2024/CVE-2024-13668.md @@ -0,0 +1,17 @@ +### [CVE-2024-13668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13668) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Activity%20O%20Meter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a7bfc094-b235-419d-882d-96b439651f65/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13669.md b/2024/CVE-2024-13669.md new file mode 100644 index 0000000000..32478f0b22 --- /dev/null +++ b/2024/CVE-2024-13669.md @@ -0,0 +1,17 @@ +### [CVE-2024-13669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13669) +![](https://img.shields.io/static/v1?label=Product&message=CalendApp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/71e69cf2-7d41-479c-9721-662b57571c90/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13678.md b/2024/CVE-2024-13678.md new file mode 100644 index 0000000000..455e1e45d5 --- /dev/null +++ b/2024/CVE-2024-13678.md @@ -0,0 +1,17 @@ +### [CVE-2024-13678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13678) +![](https://img.shields.io/static/v1?label=Product&message=R3W%20InstaFeed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ba759796-a152-4f13-a474-f0368b4bc1f6/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13681.md b/2024/CVE-2024-13681.md new file mode 100644 index 0000000000..c6d3a31224 --- /dev/null +++ b/2024/CVE-2024-13681.md @@ -0,0 +1,17 @@ +### [CVE-2024-13681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13681) +![](https://img.shields.io/static/v1?label=Product&message=Uncode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server. + +### POC + +#### Reference +- https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13685.md b/2024/CVE-2024-13685.md new file mode 100644 index 0000000000..d051f31a1c --- /dev/null +++ b/2024/CVE-2024-13685.md @@ -0,0 +1,17 @@ +### [CVE-2024-13685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13685) +![](https://img.shields.io/static/v1?label=Product&message=Admin%20and%20Site%20Enhancements%20(ASE)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.6.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-290%20Authentication%20Bypass%20by%20Spoofing&color=brighgreen) + +### Description + +The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13688.md b/2024/CVE-2024-13688.md new file mode 100644 index 0000000000..38e9308771 --- /dev/null +++ b/2024/CVE-2024-13688.md @@ -0,0 +1,17 @@ +### [CVE-2024-13688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13688) +![](https://img.shields.io/static/v1?label=Product&message=Admin%20and%20Site%20Enhancements%20(ASE)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.6.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request + +### POC + +#### Reference +- https://wpscan.com/vulnerability/19051d08-16b0-466c-976b-be7b076e8e92/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13689.md b/2024/CVE-2024-13689.md new file mode 100644 index 0000000000..4f1d405cf1 --- /dev/null +++ b/2024/CVE-2024-13689.md @@ -0,0 +1,17 @@ +### [CVE-2024-13689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13689) +![](https://img.shields.io/static/v1?label=Product&message=Uncode%20Core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. + +### POC + +#### Reference +- https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13691.md b/2024/CVE-2024-13691.md new file mode 100644 index 0000000000..32c181ddd8 --- /dev/null +++ b/2024/CVE-2024-13691.md @@ -0,0 +1,17 @@ +### [CVE-2024-13691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13691) +![](https://img.shields.io/static/v1?label=Product&message=Uncode&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.9.1.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary files on the server. + +### POC + +#### Reference +- https://support.undsgn.com/hc/en-us/articles/213454129-Change-Log + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13722.md b/2024/CVE-2024-13722.md new file mode 100644 index 0000000000..2ea35f9149 --- /dev/null +++ b/2024/CVE-2024-13722.md @@ -0,0 +1,17 @@ +### [CVE-2024-13722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13722) +![](https://img.shields.io/static/v1?label=Product&message=NagVis&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=NagVis%201.9.40%3C%201.9.42%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13723.md b/2024/CVE-2024-13723.md new file mode 100644 index 0000000000..66adb80821 --- /dev/null +++ b/2024/CVE-2024-13723.md @@ -0,0 +1,17 @@ +### [CVE-2024-13723](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13723) +![](https://img.shields.io/static/v1?label=Product&message=NagVis&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=NagVis%201.9.40%3C%201.9.42%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. + +### POC + +#### Reference +- https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13726.md b/2024/CVE-2024-13726.md new file mode 100644 index 0000000000..869afcc488 --- /dev/null +++ b/2024/CVE-2024-13726.md @@ -0,0 +1,17 @@ +### [CVE-2024-13726](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13726) +![](https://img.shields.io/static/v1?label=Product&message=Themes%20Coder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ec226d22-0c09-4e7c-86ec-b64819089b60/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13727.md b/2024/CVE-2024-13727.md new file mode 100644 index 0000000000..72e4728e65 --- /dev/null +++ b/2024/CVE-2024-13727.md @@ -0,0 +1,17 @@ +### [CVE-2024-13727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13727) +![](https://img.shields.io/static/v1?label=Product&message=MemberSpace&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/598d20f2-0f42-48f2-a941-0d6c5da5303e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13729.md b/2024/CVE-2024-13729.md new file mode 100644 index 0000000000..dcbda4df1f --- /dev/null +++ b/2024/CVE-2024-13729.md @@ -0,0 +1,17 @@ +### [CVE-2024-13729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13729) +![](https://img.shields.io/static/v1?label=Product&message=Podlove%20Podcast%20Publisher&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1.24%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/2feed26b-ef02-4954-ab9d-8b0f958b0ef1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13730.md b/2024/CVE-2024-13730.md new file mode 100644 index 0000000000..cad6d60918 --- /dev/null +++ b/2024/CVE-2024-13730.md @@ -0,0 +1,17 @@ +### [CVE-2024-13730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13730) +![](https://img.shields.io/static/v1?label=Product&message=Podlove%20Podcast%20Publisher&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4541a285-a095-4178-a64b-6a859eb5034e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13759.md b/2024/CVE-2024-13759.md new file mode 100644 index 0000000000..996492d486 --- /dev/null +++ b/2024/CVE-2024-13759.md @@ -0,0 +1,17 @@ +### [CVE-2024-13759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13759) +![](https://img.shields.io/static/v1?label=Product&message=Prime&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64  allows local attackers to gain system-level privileges via arbitrary file deletion + +### POC + +#### Reference +- https://www.gendigital.com/us/en/contact-us/security-advisories/) + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1380.md b/2024/CVE-2024-1380.md new file mode 100644 index 0000000000..75a810c244 --- /dev/null +++ b/2024/CVE-2024-1380.md @@ -0,0 +1,18 @@ +### [CVE-2024-1380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1380) +![](https://img.shields.io/static/v1?label=Product&message=Relevanssi%20%E2%80%93%20A%20Better%20Search&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.22.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-1380 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-13800.md b/2024/CVE-2024-13800.md new file mode 100644 index 0000000000..98793284e3 --- /dev/null +++ b/2024/CVE-2024-13800.md @@ -0,0 +1,18 @@ +### [CVE-2024-13800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13800) +![](https://img.shields.io/static/v1?label=Product&message=ConvertPlus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.5.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-13800 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13804.md b/2024/CVE-2024-13804.md new file mode 100644 index 0000000000..0d48f3580c --- /dev/null +++ b/2024/CVE-2024-13804.md @@ -0,0 +1,17 @@ +### [CVE-2024-13804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13804) +![](https://img.shields.io/static/v1?label=Product&message=HPE%20Insight%20Cluster%20Management%20Utility%20(CMU)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** Unauthenticated RCE in HPE Insight Cluster Management Utility + +### POC + +#### Reference +- https://red.0xbad53c.com/vulnerability-research/rce-in-hpe-insight-cluster-management-utility-cve-2024-13804 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13822.md b/2024/CVE-2024-13822.md new file mode 100644 index 0000000000..6b895ebdfc --- /dev/null +++ b/2024/CVE-2024-13822.md @@ -0,0 +1,17 @@ +### [CVE-2024-13822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13822) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Contest%20%20%7C%20Competition%20%7C%20Video%20Contest&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1f0f1553-1987-428c-9fe3-ffb3f6b0aecc/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13823.md b/2024/CVE-2024-13823.md new file mode 100644 index 0000000000..90b452c935 --- /dev/null +++ b/2024/CVE-2024-13823.md @@ -0,0 +1,17 @@ +### [CVE-2024-13823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13823) +![](https://img.shields.io/static/v1?label=Product&message=360%20Product%20Rotation&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/dcfd8a03-0a04-4fd1-986d-1e816b1fad19/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13825.md b/2024/CVE-2024-13825.md new file mode 100644 index 0000000000..97291d0068 --- /dev/null +++ b/2024/CVE-2024-13825.md @@ -0,0 +1,17 @@ +### [CVE-2024-13825](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13825) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Keep&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/368474a0-550d-49f8-855d-b2010f8b91b5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13826.md b/2024/CVE-2024-13826.md new file mode 100644 index 0000000000..d38d095ea8 --- /dev/null +++ b/2024/CVE-2024-13826.md @@ -0,0 +1,18 @@ +### [CVE-2024-13826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13826) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Keep&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/56b143b6-e5db-4037-ab2a-4e4d0cb7a005/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13828.md b/2024/CVE-2024-13828.md new file mode 100644 index 0000000000..bacd918a7c --- /dev/null +++ b/2024/CVE-2024-13828.md @@ -0,0 +1,17 @@ +### [CVE-2024-13828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13828) +![](https://img.shields.io/static/v1?label=Product&message=Badgearoo&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0f901807-9ef2-4cd3-969a-9fd23a8da371/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13836.md b/2024/CVE-2024-13836.md new file mode 100644 index 0000000000..99351eeb6b --- /dev/null +++ b/2024/CVE-2024-13836.md @@ -0,0 +1,17 @@ +### [CVE-2024-13836](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13836) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Login%20Control&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/26c2026a-1490-4a0f-9d1d-54ee43c69f22/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13853.md b/2024/CVE-2024-13853.md new file mode 100644 index 0000000000..d57d44ad2e --- /dev/null +++ b/2024/CVE-2024-13853.md @@ -0,0 +1,17 @@ +### [CVE-2024-13853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13853) +![](https://img.shields.io/static/v1?label=Product&message=SEO%20Tools&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/52991dd9-41f7-4cf8-b8c9-56dd4e62bf0c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13862.md b/2024/CVE-2024-13862.md new file mode 100644 index 0000000000..70b749bccd --- /dev/null +++ b/2024/CVE-2024-13862.md @@ -0,0 +1,17 @@ +### [CVE-2024-13862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13862) +![](https://img.shields.io/static/v1?label=Product&message=S3Bubble%20Media%20Streaming%20(AWS%7CElementor%7CYouTube%7CVimeo%20Functionality)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7692b768-a33f-45a2-90f1-1f4258493979/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13863.md b/2024/CVE-2024-13863.md new file mode 100644 index 0000000000..8ad2ce86ee --- /dev/null +++ b/2024/CVE-2024-13863.md @@ -0,0 +1,17 @@ +### [CVE-2024-13863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13863) +![](https://img.shields.io/static/v1?label=Product&message=Stylish%20Google%20Sheet%20Reader%204.0&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Stylish Google Sheet Reader 4.0 WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a6161595-0934-4baa-9da6-73792f4b87fd/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13864.md b/2024/CVE-2024-13864.md new file mode 100644 index 0000000000..b7f6846947 --- /dev/null +++ b/2024/CVE-2024-13864.md @@ -0,0 +1,17 @@ +### [CVE-2024-13864](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13864) +![](https://img.shields.io/static/v1?label=Product&message=Countdown%20Timer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b95b32b6-218a-4d02-b294-ab13458006b2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13865.md b/2024/CVE-2024-13865.md new file mode 100644 index 0000000000..9312fbf702 --- /dev/null +++ b/2024/CVE-2024-13865.md @@ -0,0 +1,17 @@ +### [CVE-2024-13865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13865) +![](https://img.shields.io/static/v1?label=Product&message=S3Player&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9cc7c5cb-983f-4593-abc5-7e224b275a23/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13868.md b/2024/CVE-2024-13868.md new file mode 100644 index 0000000000..189271cf53 --- /dev/null +++ b/2024/CVE-2024-13868.md @@ -0,0 +1,17 @@ +### [CVE-2024-13868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13868) +![](https://img.shields.io/static/v1?label=Product&message=URL%20Shortener%20%7C%20Conversion%20Tracking%20%20%7C%20AB%20Testing%20%20%7C%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0bff1645-dd53-4416-a90f-7cf4a6b33c1a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13869.md b/2024/CVE-2024-13869.md new file mode 100644 index 0000000000..c9af39d436 --- /dev/null +++ b/2024/CVE-2024-13869.md @@ -0,0 +1,18 @@ +### [CVE-2024-13869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13869) +![](https://img.shields.io/static/v1?label=Product&message=Migration%2C%20Backup%2C%20Staging%20%E2%80%93%20WPvivid%20Backup%20%26%20Migration&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%200.9.112%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers. + +### POC + +#### Reference +- https://ryankozak.com/posts/cve-2024-13869/ + +#### Github +- https://github.com/d0n601/CVE-2024-13869 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-13874.md b/2024/CVE-2024-13874.md new file mode 100644 index 0000000000..70a9b3b4ac --- /dev/null +++ b/2024/CVE-2024-13874.md @@ -0,0 +1,17 @@ +### [CVE-2024-13874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13874) +![](https://img.shields.io/static/v1?label=Product&message=Feedify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/c808e7cf-3285-402b-ab4f-a40ab822b12e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13875.md b/2024/CVE-2024-13875.md new file mode 100644 index 0000000000..518471fe09 --- /dev/null +++ b/2024/CVE-2024-13875.md @@ -0,0 +1,17 @@ +### [CVE-2024-13875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13875) +![](https://img.shields.io/static/v1?label=Product&message=WP-PManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/82c54fb5-f1d9-4bae-a3de-d4335809b81c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13876.md b/2024/CVE-2024-13876.md new file mode 100644 index 0000000000..f6cfaf6170 --- /dev/null +++ b/2024/CVE-2024-13876.md @@ -0,0 +1,17 @@ +### [CVE-2024-13876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13876) +![](https://img.shields.io/static/v1?label=Product&message=mEintopf&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d80cd18a-065f-443b-b548-d780b785d68e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13877.md b/2024/CVE-2024-13877.md new file mode 100644 index 0000000000..6680bd61a9 --- /dev/null +++ b/2024/CVE-2024-13877.md @@ -0,0 +1,17 @@ +### [CVE-2024-13877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13877) +![](https://img.shields.io/static/v1?label=Product&message=Passbeemedia%20Web%20Push%20Notification&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0e8ce3cf-1598-4c5d-b119-99d5f676e619/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13878.md b/2024/CVE-2024-13878.md new file mode 100644 index 0000000000..69fdd747fa --- /dev/null +++ b/2024/CVE-2024-13878.md @@ -0,0 +1,17 @@ +### [CVE-2024-13878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13878) +![](https://img.shields.io/static/v1?label=Product&message=SpotBot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/882b2022-4ed6-4d9e-8b35-f48ea1580884/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13880.md b/2024/CVE-2024-13880.md new file mode 100644 index 0000000000..a79703502b --- /dev/null +++ b/2024/CVE-2024-13880.md @@ -0,0 +1,17 @@ +### [CVE-2024-13880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13880) +![](https://img.shields.io/static/v1?label=Product&message=My%20Quota&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/bee3b002-e808-4402-8bf6-4375ed7b3807/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13881.md b/2024/CVE-2024-13881.md new file mode 100644 index 0000000000..7d6ce21eea --- /dev/null +++ b/2024/CVE-2024-13881.md @@ -0,0 +1,17 @@ +### [CVE-2024-13881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13881) +![](https://img.shields.io/static/v1?label=Product&message=Link%20My%20Posts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/900fa2c6-0cac-4920-aef2-e8b94248b62e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13884.md b/2024/CVE-2024-13884.md new file mode 100644 index 0000000000..7abdcd078d --- /dev/null +++ b/2024/CVE-2024-13884.md @@ -0,0 +1,17 @@ +### [CVE-2024-13884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13884) +![](https://img.shields.io/static/v1?label=Product&message=Limit%20Bio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/759a60ac-c890-4961-91e4-53db5096eb3c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13885.md b/2024/CVE-2024-13885.md new file mode 100644 index 0000000000..a8577c33e4 --- /dev/null +++ b/2024/CVE-2024-13885.md @@ -0,0 +1,17 @@ +### [CVE-2024-13885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13885) +![](https://img.shields.io/static/v1?label=Product&message=WP%20e-Customers%20Beta&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b64d17d6-8416-476e-ad78-b7b9cb85b84f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13891.md b/2024/CVE-2024-13891.md new file mode 100644 index 0000000000..3d1a70d301 --- /dev/null +++ b/2024/CVE-2024-13891.md @@ -0,0 +1,17 @@ +### [CVE-2024-13891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13891) +![](https://img.shields.io/static/v1?label=Product&message=Schedule&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/58c8b73c-3a29-4a66-9b2e-f24b5c2769ac/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13892.md b/2024/CVE-2024-13892.md new file mode 100644 index 0000000000..d90e07eaa6 --- /dev/null +++ b/2024/CVE-2024-13892.md @@ -0,0 +1,18 @@ +### [CVE-2024-13892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13892) +![](https://img.shields.io/static/v1?label=Product&message=C724IP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=CIP-37210AT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly sanitized, what allows for command injection.The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-13893.md b/2024/CVE-2024-13893.md new file mode 100644 index 0000000000..213862c6f1 --- /dev/null +++ b/2024/CVE-2024-13893.md @@ -0,0 +1,18 @@ +### [CVE-2024-13893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13893) +![](https://img.shields.io/static/v1?label=Product&message=C724IP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=CIP-37210AT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1392%20Use%20of%20Default%20Credentials&color=brighgreen) + +### Description + +Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory.For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-13894.md b/2024/CVE-2024-13894.md new file mode 100644 index 0000000000..c40fdc52a0 --- /dev/null +++ b/2024/CVE-2024-13894.md @@ -0,0 +1,18 @@ +### [CVE-2024-13894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13894) +![](https://img.shields.io/static/v1?label=Product&message=C724IP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=CIP-37210AT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information.The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-13896.md b/2024/CVE-2024-13896.md new file mode 100644 index 0000000000..d915090ea8 --- /dev/null +++ b/2024/CVE-2024-13896.md @@ -0,0 +1,17 @@ +### [CVE-2024-13896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13896) +![](https://img.shields.io/static/v1?label=Product&message=WP-GeSHi-Highlight%20%E2%80%94%20rock-solid%20syntax%20highlighting%20for%20259%20languages&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b8b622ea-e090-45ad-8755-b050fc055231/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13903.md b/2024/CVE-2024-13903.md new file mode 100644 index 0000000000..58589c9e65 --- /dev/null +++ b/2024/CVE-2024-13903.md @@ -0,0 +1,18 @@ +### [CVE-2024-13903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13903) +![](https://img.shields.io/static/v1?label=Product&message=QuickJS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Memory%20Corruption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JairCodes/critical-threats-modern-systems + diff --git a/2024/CVE-2024-13918.md b/2024/CVE-2024-13918.md new file mode 100644 index 0000000000..0e41a4707f --- /dev/null +++ b/2024/CVE-2024-13918.md @@ -0,0 +1,17 @@ +### [CVE-2024-13918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13918) +![](https://img.shields.io/static/v1?label=Product&message=Laravel%20Framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=11.9.0%3C%3D%2011.35.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/defHawk-tech/CVEs + diff --git a/2024/CVE-2024-13925.md b/2024/CVE-2024-13925.md new file mode 100644 index 0000000000..ead4f9136f --- /dev/null +++ b/2024/CVE-2024-13925.md @@ -0,0 +1,17 @@ +### [CVE-2024-13925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13925) +![](https://img.shields.io/static/v1?label=Product&message=Klarna%20Checkout%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.13.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-c24579f24ef4/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13926.md b/2024/CVE-2024-13926.md new file mode 100644 index 0000000000..4c2351150d --- /dev/null +++ b/2024/CVE-2024-13926.md @@ -0,0 +1,17 @@ +### [CVE-2024-13926](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13926) +![](https://img.shields.io/static/v1?label=Product&message=WP-Syntax&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b5f0092e-7cd5-412f-a8ea-7bd4a8bf86d2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13944.md b/2024/CVE-2024-13944.md new file mode 100644 index 0000000000..b3620e6c79 --- /dev/null +++ b/2024/CVE-2024-13944.md @@ -0,0 +1,19 @@ +### [CVE-2024-13944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13944) +![](https://img.shields.io/static/v1?label=Product&message=CleanUp&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Norton%20Utilities%20Ultimate&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TuneUp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen) + +### Description + +Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. + +### POC + +#### Reference +- https://www.gendigital.com/us/en/contact-us/security-advisories/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13959.md b/2024/CVE-2024-13959.md new file mode 100644 index 0000000000..73ddb78675 --- /dev/null +++ b/2024/CVE-2024-13959.md @@ -0,0 +1,17 @@ +### [CVE-2024-13959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13959) +![](https://img.shields.io/static/v1?label=Product&message=TuneUp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory + +### POC + +#### Reference +- https://www.gendigital.com/us/en/contact-us/security-advisories/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13960.md b/2024/CVE-2024-13960.md new file mode 100644 index 0000000000..63ababef34 --- /dev/null +++ b/2024/CVE-2024-13960.md @@ -0,0 +1,18 @@ +### [CVE-2024-13960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13960) +![](https://img.shields.io/static/v1?label=Product&message=TuneUp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. + +### POC + +#### Reference +- https://www.gendigital.com/us/en/contact-us/security-advisories/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13961.md b/2024/CVE-2024-13961.md new file mode 100644 index 0000000000..b28c9f0f01 --- /dev/null +++ b/2024/CVE-2024-13961.md @@ -0,0 +1,18 @@ +### [CVE-2024-13961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13961) +![](https://img.shields.io/static/v1?label=Product&message=CleanUp%20Premium&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. + +### POC + +#### Reference +- https://www.gendigital.com/us/en/contact-us/security-advisories/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13962.md b/2024/CVE-2024-13962.md new file mode 100644 index 0000000000..11c0b8b819 --- /dev/null +++ b/2024/CVE-2024-13962.md @@ -0,0 +1,17 @@ +### [CVE-2024-13962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13962) +![](https://img.shields.io/static/v1?label=Product&message=CleanUp%20Premium&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. + +### POC + +#### Reference +- https://www.gendigital.com/us/en/contact-us/security-advisories/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-13966.md b/2024/CVE-2024-13966.md new file mode 100644 index 0000000000..317d0bf8c0 --- /dev/null +++ b/2024/CVE-2024-13966.md @@ -0,0 +1,17 @@ +### [CVE-2024-13966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13966) +![](https://img.shields.io/static/v1?label=Product&message=BioTime&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1393%20Use%20of%20Default%20Password&color=brighgreen) + +### Description + +ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value '123456'. Users should change their passwords (located under the Attendance Settings tab as "Self-Password"). + +### POC + +#### Reference +- https://krashconsulting.com/fury-of-fingers-biotime-rce/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1441.md b/2024/CVE-2024-1441.md index f9eb2d7c33..a1ea7f00db 100644 --- a/2024/CVE-2024-1441.md +++ b/2024/CVE-2024-1441.md @@ -19,6 +19,7 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/almkuznetsov/CVE-2024-1441 +- https://github.com/almkuznetsov/dast-labs - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-1442.md b/2024/CVE-2024-1442.md new file mode 100644 index 0000000000..dee58a4e33 --- /dev/null +++ b/2024/CVE-2024-1442.md @@ -0,0 +1,17 @@ +### [CVE-2024-1442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1442) +![](https://img.shields.io/static/v1?label=Product&message=Grafana&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.5.0%3C%209.5.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269&color=brighgreen) + +### Description + + A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *.Doing this will grant the user access to read, query, edit and delete all data sources within the organization. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/phanfivequ/xinminxuehui-milou-d46T7p3s8FIwKQp0 + diff --git a/2024/CVE-2024-1443.md b/2024/CVE-2024-1443.md index 65600bd1b5..6b19760d79 100644 --- a/2024/CVE-2024-1443.md +++ b/2024/CVE-2024-1443.md @@ -13,5 +13,6 @@ MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability No PoCs from references. #### Github +- https://github.com/Rydersel/PlaguewareCSGO_3.0 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1454.md b/2024/CVE-2024-1454.md index 5efbe0385b..76b404a46f 100644 --- a/2024/CVE-2024-1454.md +++ b/2024/CVE-2024-1454.md @@ -1,9 +1,7 @@ ### [CVE-2024-1454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1454) -![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=opensc&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) diff --git a/2024/CVE-2024-1459.md b/2024/CVE-2024-1459.md index e8ad6d0dc5..70e8e0f1f7 100644 --- a/2024/CVE-2024-1459.md +++ b/2024/CVE-2024-1459.md @@ -1,6 +1,7 @@ ### [CVE-2024-1459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1459) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%208&color=blue) @@ -10,7 +11,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208.0%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208.0%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%206&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) diff --git a/2024/CVE-2024-1460.md b/2024/CVE-2024-1460.md index e321a0e6fa..5585ca19c1 100644 --- a/2024/CVE-2024-1460.md +++ b/2024/CVE-2024-1460.md @@ -13,5 +13,6 @@ MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability - https://fluidattacks.com/advisories/mingus/ #### Github +- https://github.com/Rydersel/PlaguewareCSGO_3.0 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1488.md b/2024/CVE-2024-1488.md index a1b0c049ce..c258a9f892 100644 --- a/2024/CVE-2024-1488.md +++ b/2024/CVE-2024-1488.md @@ -14,7 +14,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=External%20Control%20of%20System%20or%20Configuration%20Setting&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Default%20Permissions&color=brighgreen) ### Description diff --git a/2024/CVE-2024-1512.md b/2024/CVE-2024-1512.md index ab1e3205a5..1e206ea582 100644 --- a/2024/CVE-2024-1512.md +++ b/2024/CVE-2024-1512.md @@ -13,7 +13,23 @@ The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/rat-c/CVE-2024-1512 - https://github.com/wy876/POC diff --git a/2024/CVE-2024-1520.md b/2024/CVE-2024-1520.md index 3228c6427e..b655769be2 100644 --- a/2024/CVE-2024-1520.md +++ b/2024/CVE-2024-1520.md @@ -13,5 +13,6 @@ An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint No PoCs from references. #### Github +- https://github.com/didik-snyk/eyeballvul - https://github.com/timothee-chauvin/eyeballvul diff --git a/2024/CVE-2024-1522.md b/2024/CVE-2024-1522.md index ee79ea98ca..05d78fbbb0 100644 --- a/2024/CVE-2024-1522.md +++ b/2024/CVE-2024-1522.md @@ -13,5 +13,6 @@ A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui p No PoCs from references. #### Github +- https://github.com/didik-snyk/eyeballvul - https://github.com/timothee-chauvin/eyeballvul diff --git a/2024/CVE-2024-1525.md b/2024/CVE-2024-1525.md index 318bf54033..c7cd43df24 100644 --- a/2024/CVE-2024-1525.md +++ b/2024/CVE-2024-1525.md @@ -1,7 +1,7 @@ ### [CVE-2024-1525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1525) ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=16.1%3C%2016.7.6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%3A%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) ### Description diff --git a/2024/CVE-2024-1544.md b/2024/CVE-2024-1544.md index 0138756aed..688516b900 100644 --- a/2024/CVE-2024-1544.md +++ b/2024/CVE-2024-1544.md @@ -13,6 +13,7 @@ Generating the ECDSA nonce k samples a random number r and then truncates this r No PoCs from references. #### Github +- https://github.com/mtolley/wolfssl - https://github.com/wolfSSL/Arduino-wolfSSL - https://github.com/wolfSSL/wolfssl diff --git a/2024/CVE-2024-1545.md b/2024/CVE-2024-1545.md index 7dd0b4f201..bf0bc414eb 100644 --- a/2024/CVE-2024-1545.md +++ b/2024/CVE-2024-1545.md @@ -15,7 +15,9 @@ No PoCs from references. #### Github - https://github.com/byan-2/wolfssl +- https://github.com/byan682/wolfssl - https://github.com/lego-pirates/wolfssl +- https://github.com/qursa-uc3m/wolfssl-liboqs - https://github.com/wolfSSL/Arduino-wolfSSL - https://github.com/wolfSSL/wolfssl diff --git a/2024/CVE-2024-1549.md b/2024/CVE-2024-1549.md index 7bdf012bb0..4d753814f5 100644 --- a/2024/CVE-2024-1549.md +++ b/2024/CVE-2024-1549.md @@ -13,7 +13,7 @@ If a website set a large custom cursor, portions of the cursor could have overla ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1833814 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1550.md b/2024/CVE-2024-1550.md index 35ee8899c3..9472922016 100644 --- a/2024/CVE-2024-1550.md +++ b/2024/CVE-2024-1550.md @@ -13,7 +13,7 @@ A malicious website could have used a combination of exiting fullscreen mode and ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1860065 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1551.md b/2024/CVE-2024-1551.md index 61ca98b506..d83138b29c 100644 --- a/2024/CVE-2024-1551.md +++ b/2024/CVE-2024-1551.md @@ -13,7 +13,7 @@ Set-Cookie response headers were being incorrectly honored in multipart HTTP res ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1864385 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1554.md b/2024/CVE-2024-1554.md index 394e5c2588..8ea27806a8 100644 --- a/2024/CVE-2024-1554.md +++ b/2024/CVE-2024-1554.md @@ -10,7 +10,7 @@ The `fetch()` API and navigation incorrectly shared the same cache, as the cache ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1816390 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1555.md b/2024/CVE-2024-1555.md index 8420803f93..5fc22ce4a5 100644 --- a/2024/CVE-2024-1555.md +++ b/2024/CVE-2024-1555.md @@ -10,7 +10,7 @@ When opening a website using the `firefox://` protocol handler, SameSite cookies ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1873223 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1561.md b/2024/CVE-2024-1561.md index b010b068ee..3e1a286da6 100644 --- a/2024/CVE-2024-1561.md +++ b/2024/CVE-2024-1561.md @@ -13,12 +13,33 @@ An issue was discovered in gradio-app/gradio, where the `/component_server` endp No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki - https://github.com/DiabloHTB/CVE-2024-1561 - https://github.com/DiabloHTB/Nuclei-Template-CVE-2024-1561 +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Threekiii/Awesome-POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nvn1729/advisories +- https://github.com/oLy0/Vulnerability +- https://github.com/opendr-io/causality - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-1563.md b/2024/CVE-2024-1563.md index 587feb23c2..ad4790c953 100644 --- a/2024/CVE-2024-1563.md +++ b/2024/CVE-2024-1563.md @@ -10,7 +10,7 @@ An attacker could have executed unauthorized scripts on top origin sites using a ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1863831 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1569.md b/2024/CVE-2024-1569.md index be9cb8734a..7ae9faf927 100644 --- a/2024/CVE-2024-1569.md +++ b/2024/CVE-2024-1569.md @@ -13,5 +13,6 @@ parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to u No PoCs from references. #### Github +- https://github.com/didik-snyk/eyeballvul - https://github.com/timothee-chauvin/eyeballvul diff --git a/2024/CVE-2024-1592.md b/2024/CVE-2024-1592.md new file mode 100644 index 0000000000..ef5416cdfd --- /dev/null +++ b/2024/CVE-2024-1592.md @@ -0,0 +1,17 @@ +### [CVE-2024-1592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1592) +![](https://img.shields.io/static/v1?label=Product&message=Complianz%20%E2%80%93%20GDPR%2FCCPA%20Cookie%20Consent&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%206.5.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/david-prv/vulnerable-wordpress-plugins + diff --git a/2024/CVE-2024-1597.md b/2024/CVE-2024-1597.md index 4488f69868..1da64c4027 100644 --- a/2024/CVE-2024-1597.md +++ b/2024/CVE-2024-1597.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/dbbaskette/ordersmcp - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-1600.md b/2024/CVE-2024-1600.md index 5e9884fd1c..e94f9fc11a 100644 --- a/2024/CVE-2024-1600.md +++ b/2024/CVE-2024-1600.md @@ -13,5 +13,6 @@ A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui a No PoCs from references. #### Github +- https://github.com/didik-snyk/eyeballvul - https://github.com/timothee-chauvin/eyeballvul diff --git a/2024/CVE-2024-1601.md b/2024/CVE-2024-1601.md index e3166101d7..b07baed64a 100644 --- a/2024/CVE-2024-1601.md +++ b/2024/CVE-2024-1601.md @@ -13,5 +13,6 @@ An SQL injection vulnerability exists in the `delete_discussion()` function of t No PoCs from references. #### Github +- https://github.com/didik-snyk/eyeballvul - https://github.com/timothee-chauvin/eyeballvul diff --git a/2024/CVE-2024-1604.md b/2024/CVE-2024-1604.md index 608d3c8452..e5e5a5c935 100644 --- a/2024/CVE-2024-1604.md +++ b/2024/CVE-2024-1604.md @@ -1,11 +1,11 @@ ### [CVE-2024-1604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1604) ![](https://img.shields.io/static/v1?label=Product&message=Control-M&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=9.0.20%3C%209.0.20.238%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) ### Description -Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. +Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate.Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. ### POC diff --git a/2024/CVE-2024-1605.md b/2024/CVE-2024-1605.md index 5e487c9f14..cfd0fd0cae 100644 --- a/2024/CVE-2024-1605.md +++ b/2024/CVE-2024-1605.md @@ -1,11 +1,11 @@ ### [CVE-2024-1605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1605) ![](https://img.shields.io/static/v1?label=Product&message=Control-M&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=9.0.20%3C%209.0.20.238%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) ### Description -BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. +BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. ### POC diff --git a/2024/CVE-2024-1621.md b/2024/CVE-2024-1621.md new file mode 100644 index 0000000000..114e2255a0 --- /dev/null +++ b/2024/CVE-2024-1621.md @@ -0,0 +1,17 @@ +### [CVE-2024-1621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1621) +![](https://img.shields.io/static/v1?label=Product&message=uniFLOW%20Online&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.1.0%20(including)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-940%3A%20Improper%20Verification%20of%20Source%20of%20a%20Communication%20Channel&color=brighgreen) + +### Description + +The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user. + +### POC + +#### Reference +- https://ntware.atlassian.net/wiki/spaces/SA/pages/12113215492/2024+Security+Advisory+Device+registration+susceptible+to+compromise + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1635.md b/2024/CVE-2024-1635.md index 0ccb2e414d..79831b9cdb 100644 --- a/2024/CVE-2024-1635.md +++ b/2024/CVE-2024-1635.md @@ -4,23 +4,26 @@ ![](https://img.shields.io/static/v1?label=Product&message=RHSSO%207.6.8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207.13.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.1%20EUS%20for%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20on%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%20Service%20Works%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204%20for%20Quarkus%203&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.4.1%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot%203&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=streams%20for%20Apache%20Kafka&color=blue) diff --git a/2024/CVE-2024-1646.md b/2024/CVE-2024-1646.md index 2bcf781358..804e44a8c4 100644 --- a/2024/CVE-2024-1646.md +++ b/2024/CVE-2024-1646.md @@ -13,5 +13,6 @@ parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient No PoCs from references. #### Github +- https://github.com/didik-snyk/eyeballvul - https://github.com/timothee-chauvin/eyeballvul diff --git a/2024/CVE-2024-1651.md b/2024/CVE-2024-1651.md index 11a087c8cc..b44d1afa2a 100644 --- a/2024/CVE-2024-1651.md +++ b/2024/CVE-2024-1651.md @@ -15,6 +15,8 @@ No PoCs from references. #### Github - https://github.com/Whiteh4tWolf/CVE-2024-1651-PoC - https://github.com/hy011121/CVE-2024-1651-exploit-RCE +- https://github.com/killukeren/cve-2024-1651 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/sharpicx/CVE-2024-1651-PoC diff --git a/2024/CVE-2024-1663.md b/2024/CVE-2024-1663.md new file mode 100644 index 0000000000..7426eb0565 --- /dev/null +++ b/2024/CVE-2024-1663.md @@ -0,0 +1,17 @@ +### [CVE-2024-1663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1663) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Noindex%20Nofollow%20Tool%20II&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/6d101f2b-e903-4e64-92cc-e550abb52d6f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1669.md b/2024/CVE-2024-1669.md index 9508c51279..e50d82d5a4 100644 --- a/2024/CVE-2024-1669.md +++ b/2024/CVE-2024-1669.md @@ -14,5 +14,7 @@ Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 all #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs - https://github.com/tanjiti/sec_profile +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-1681.md b/2024/CVE-2024-1681.md new file mode 100644 index 0000000000..e1c44f178c --- /dev/null +++ b/2024/CVE-2024-1681.md @@ -0,0 +1,17 @@ +### [CVE-2024-1681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1681) +![](https://img.shields.io/static/v1?label=Product&message=corydolphin%2Fflask-cors&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-117%20Improper%20Output%20Neutralization%20for%20Logs&color=brighgreen) + +### Description + +corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores + diff --git a/2024/CVE-2024-1682.md b/2024/CVE-2024-1682.md new file mode 100644 index 0000000000..1d958a3006 --- /dev/null +++ b/2024/CVE-2024-1682.md @@ -0,0 +1,17 @@ +### [CVE-2024-1682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1682) +![](https://img.shields.io/static/v1?label=Product&message=psf%2Frequests&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-840%20Business%20Logic%20Errors&color=brighgreen) + +### Description + +An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Gauravbhatia1211/portfolio + diff --git a/2024/CVE-2024-1698.md b/2024/CVE-2024-1698.md index da2c2b73a1..2d2ab6ad89 100644 --- a/2024/CVE-2024-1698.md +++ b/2024/CVE-2024-1698.md @@ -13,10 +13,30 @@ The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notific No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/codeb0ss/CVE-2024-1698-PoC +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/jesicatjan/WordPress-NotificationX-CVE-2024-1698 - https://github.com/kamranhasan/CVE-2024-1698-Exploit +- https://github.com/l0928h/kate +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/shanglyu/CVE-2024-1698 - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-1708.md b/2024/CVE-2024-1708.md index f3bffe96cc..52d7162647 100644 --- a/2024/CVE-2024-1708.md +++ b/2024/CVE-2024-1708.md @@ -13,6 +13,7 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulner - https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass #### Github +- https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit - https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE - https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -21,4 +22,5 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulner - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709 - https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc +- https://github.com/whiterabb17/Oeliander diff --git a/2024/CVE-2024-1709.md b/2024/CVE-2024-1709.md index 99df23fbe5..c29ffe6891 100644 --- a/2024/CVE-2024-1709.md +++ b/2024/CVE-2024-1709.md @@ -21,10 +21,15 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp - https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/ #### Github +- https://github.com/0xAj-Krishna/biggest-hack +- https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709 +- https://github.com/ChalkingCode/ExploitedDucks - https://github.com/GhostTroops/TOP +- https://github.com/GuiMatosInfra/explorer2sectool - https://github.com/HussainFathy/CVE-2024-1709 - https://github.com/Juan921030/sploitscan - https://github.com/Ostorlab/KEV +- https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit - https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE - https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708 - https://github.com/codeb0ss/CVE-2024-1709-PoC @@ -32,6 +37,7 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp - https://github.com/k3ppf0r/2024-PocLib - https://github.com/myseq/vcheck-cli - https://github.com/nitish778191/fitness_app +- https://github.com/nnay13/SploitScan - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass @@ -39,5 +45,7 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp - https://github.com/tr1pl3ight/CVE-2024-23113-POC - https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709 - https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc +- https://github.com/whiterabb17/Oeliander - https://github.com/xaitax/SploitScan +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-1710.md b/2024/CVE-2024-1710.md new file mode 100644 index 0000000000..507f6da93a --- /dev/null +++ b/2024/CVE-2024-1710.md @@ -0,0 +1,17 @@ +### [CVE-2024-1710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1710) +![](https://img.shields.io/static/v1?label=Product&message=Addon%20Library&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.3.76%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xAj-Krishna/biggest-hack + diff --git a/2024/CVE-2024-1727.md b/2024/CVE-2024-1727.md index b514a3c7cd..0fbfeb47d6 100644 --- a/2024/CVE-2024-1727.md +++ b/2024/CVE-2024-1727.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-1728.md b/2024/CVE-2024-1728.md new file mode 100644 index 0000000000..5af496e29a --- /dev/null +++ b/2024/CVE-2024-1728.md @@ -0,0 +1,18 @@ +### [CVE-2024-1728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1728) +![](https://img.shields.io/static/v1?label=Product&message=gradio-app%2Fgradio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%204.19.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/yuanmeng-MINGI/CVE-2024-1728 + diff --git a/2024/CVE-2024-1753.md b/2024/CVE-2024-1753.md index 32ca529202..6913bd4d3c 100644 --- a/2024/CVE-2024-1753.md +++ b/2024/CVE-2024-1753.md @@ -12,7 +12,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Privilege%20Management&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-1764.md b/2024/CVE-2024-1764.md new file mode 100644 index 0000000000..b412e02db4 --- /dev/null +++ b/2024/CVE-2024-1764.md @@ -0,0 +1,17 @@ +### [CVE-2024-1764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1764) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202023.3.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0002 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1780.md b/2024/CVE-2024-1780.md new file mode 100644 index 0000000000..c2a0d1fa53 --- /dev/null +++ b/2024/CVE-2024-1780.md @@ -0,0 +1,17 @@ +### [CVE-2024-1780](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1780) +![](https://img.shields.io/static/v1?label=Product&message=BizCalendar%20Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.1.0.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/calysteon/calysteon + diff --git a/2024/CVE-2024-1782.md b/2024/CVE-2024-1782.md index 312bfc2418..abd13c7c71 100644 --- a/2024/CVE-2024-1782.md +++ b/2024/CVE-2024-1782.md @@ -13,5 +13,6 @@ The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross No PoCs from references. #### Github +- https://github.com/calysteon/calysteon - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1783.md b/2024/CVE-2024-1783.md index 6f238d3c54..5d5c9d8d1c 100644 --- a/2024/CVE-2024-1783.md +++ b/2024/CVE-2024-1783.md @@ -13,5 +13,6 @@ A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0 No PoCs from references. #### Github +- https://github.com/attilaszia/linux-iot-cves - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1800.md b/2024/CVE-2024-1800.md index 4dd5b61231..dba410d8f8 100644 --- a/2024/CVE-2024-1800.md +++ b/2024/CVE-2024-1800.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/NaInSec/CVE-LIST - https://github.com/f0ur0four/Insecure-Deserialization - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/CVE-2024-4358 - https://github.com/sinsinology/CVE-2024-4358 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-1833.md b/2024/CVE-2024-1833.md index ff330c816e..a2cf2157b0 100644 --- a/2024/CVE-2024-1833.md +++ b/2024/CVE-2024-1833.md @@ -1,11 +1,12 @@ ### [CVE-2024-1833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1833) ![](https://img.shields.io/static/v1?label=Product&message=Employee%20Management%20System&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) ### Description -A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624. +A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername/txtphone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. ### POC diff --git a/2024/CVE-2024-1874.md b/2024/CVE-2024-1874.md index c1ef68c635..5c06558f16 100644 --- a/2024/CVE-2024-1874.md +++ b/2024/CVE-2024-1874.md @@ -14,6 +14,7 @@ In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, wh - https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 #### Github +- https://github.com/Tgcohce/CVE-2024-1874 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/michalsvoboda76/batbadbut - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-1882.md b/2024/CVE-2024-1882.md index 6760c2369d..a4a368f759 100644 --- a/2024/CVE-2024-1882.md +++ b/2024/CVE-2024-1882.md @@ -1,7 +1,7 @@ ### [CVE-2024-1882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1882) ![](https://img.shields.io/static/v1?label=Product&message=PaperCut%20NG%2C%20PaperCut%20MF&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-76%20Improper%20Neutralization%20of%20Equivalent%20Special%20Elements&color=brighgreen) ### Description diff --git a/2024/CVE-2024-1883.md b/2024/CVE-2024-1883.md index 52f329822b..268b2a9dc5 100644 --- a/2024/CVE-2024-1883.md +++ b/2024/CVE-2024-1883.md @@ -1,11 +1,11 @@ ### [CVE-2024-1883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1883) ![](https://img.shields.io/static/v1?label=Product&message=PaperCut%20NG%2C%20PaperCut%20MF&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-76%20Improper%20Neutralization%20of%20Equivalent%20Special%20Elements&color=brighgreen) ### Description -This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. +This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. ### POC diff --git a/2024/CVE-2024-1892.md b/2024/CVE-2024-1892.md index 0cc5d4e08a..d1db5c25b5 100644 --- a/2024/CVE-2024-1892.md +++ b/2024/CVE-2024-1892.md @@ -13,5 +13,5 @@ A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFe - https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b #### Github -No PoCs found on GitHub currently. +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-1898.md b/2024/CVE-2024-1898.md new file mode 100644 index 0000000000..4b0038d51c --- /dev/null +++ b/2024/CVE-2024-1898.md @@ -0,0 +1,17 @@ +### [CVE-2024-1898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1898) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202023.3.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0002 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1900.md b/2024/CVE-2024-1900.md new file mode 100644 index 0000000000..5c3c8f819c --- /dev/null +++ b/2024/CVE-2024-1900.md @@ -0,0 +1,17 @@ +### [CVE-2024-1900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1900) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202023.3.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The user will stay authenticated until the Devolutions Server token expiration. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0002 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1901.md b/2024/CVE-2024-1901.md new file mode 100644 index 0000000000..ab5741b595 --- /dev/null +++ b/2024/CVE-2024-1901.md @@ -0,0 +1,17 @@ +### [CVE-2024-1901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1901) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202023.3.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0002 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1931.md b/2024/CVE-2024-1931.md index cf3721e527..28c20b3f6b 100644 --- a/2024/CVE-2024-1931.md +++ b/2024/CVE-2024-1931.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/passer12/CVE-2024-1931-reproduction diff --git a/2024/CVE-2024-1936.md b/2024/CVE-2024-1936.md index 0a2520751a..916b540747 100644 --- a/2024/CVE-2024-1936.md +++ b/2024/CVE-2024-1936.md @@ -5,7 +5,7 @@ ### Description -The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. +The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. ### POC diff --git a/2024/CVE-2024-1939.md b/2024/CVE-2024-1939.md index 5572f42571..9b6dc3d233 100644 --- a/2024/CVE-2024-1939.md +++ b/2024/CVE-2024-1939.md @@ -13,7 +13,9 @@ Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote at No PoCs from references. #### Github +- https://github.com/f1lyyy/V8-Exploit-Collection - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/rycbar77/CVE-2024-1939 - https://github.com/rycbar77/V8Exploits diff --git a/2024/CVE-2024-1957.md b/2024/CVE-2024-1957.md index d1f159a866..e46bdfce7e 100644 --- a/2024/CVE-2024-1957.md +++ b/2024/CVE-2024-1957.md @@ -13,5 +13,6 @@ The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is No PoCs from references. #### Github +- https://github.com/Chocapikk/wpprobe - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-1968.md b/2024/CVE-2024-1968.md new file mode 100644 index 0000000000..2ca85947a0 --- /dev/null +++ b/2024/CVE-2024-1968.md @@ -0,0 +1,17 @@ +### [CVE-2024-1968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1968) +![](https://img.shields.io/static/v1?label=Product&message=scrapy%2Fscrapy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.11.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase + diff --git a/2024/CVE-2024-20003.md b/2024/CVE-2024-20003.md index b65c231d86..b28358f554 100644 --- a/2024/CVE-2024-20003.md +++ b/2024/CVE-2024-20003.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/Shangzewen/U-Fuzz - https://github.com/asset-group/5ghoul-5g-nr-attacks +- https://github.com/asset-group/Sni5Gect-5GNR-sniffing-and-exploitation - https://github.com/asset-group/U-Fuzz - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-20017.md b/2024/CVE-2024-20017.md index f4c5c9a313..b206a61263 100644 --- a/2024/CVE-2024-20017.md +++ b/2024/CVE-2024-20017.md @@ -13,7 +13,14 @@ In wlan service, there is a possible out of bounds write due to improper input v No PoCs from references. #### Github +- https://github.com/0xMarcio/cve +- https://github.com/0xor0ne/awesome-list +- https://github.com/Andromeda254/cve +- https://github.com/GhostTroops/TOP +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/mellow-hype/cve-2024-20017 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-20018.md b/2024/CVE-2024-20018.md index d9a46b470a..af77d6a0a7 100644 --- a/2024/CVE-2024-20018.md +++ b/2024/CVE-2024-20018.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2024/CVE-2024-20021.md b/2024/CVE-2024-20021.md index 9d2f5dec33..6a2bf89ea7 100644 --- a/2024/CVE-2024-20021.md +++ b/2024/CVE-2024-20021.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/quarkslab/samsung-bootchain-poc diff --git a/2024/CVE-2024-20024.md b/2024/CVE-2024-20024.md index dc8d9e7f21..cb810ccac6 100644 --- a/2024/CVE-2024-20024.md +++ b/2024/CVE-2024-20024.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ndouglas-cloudsmith/exploit-check diff --git a/2024/CVE-2024-20076.md b/2024/CVE-2024-20076.md new file mode 100644 index 0000000000..55165e8a95 --- /dev/null +++ b/2024/CVE-2024-20076.md @@ -0,0 +1,17 @@ +### [CVE-2024-20076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20076) +![](https://img.shields.io/static/v1?label=Product&message=MT2731%2C%20MT6739%2C%20MT6761%2C%20MT6762%2C%20MT6763%2C%20MT6765%2C%20MT6767%2C%20MT6768%2C%20MT6769%2C%20MT6771%2C%20MT8666%2C%20MT8667%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8786%2C%20MT8788&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Modem%20LR12A%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SysSec-KAIST/LLFuzz + diff --git a/2024/CVE-2024-20077.md b/2024/CVE-2024-20077.md new file mode 100644 index 0000000000..490b60ecc0 --- /dev/null +++ b/2024/CVE-2024-20077.md @@ -0,0 +1,17 @@ +### [CVE-2024-20077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20077) +![](https://img.shields.io/static/v1?label=Product&message=MT2731%2C%20MT6739%2C%20MT6761%2C%20MT6762%2C%20MT6763%2C%20MT6765%2C%20MT6767%2C%20MT6768%2C%20MT6769%2C%20MT6771%2C%20MT8666%2C%20MT8667%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8786%2C%20MT8788&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Modem%20LR12A%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SysSec-KAIST/LLFuzz + diff --git a/2024/CVE-2024-20088.md b/2024/CVE-2024-20088.md new file mode 100644 index 0000000000..bb5cbb5108 --- /dev/null +++ b/2024/CVE-2024-20088.md @@ -0,0 +1,17 @@ +### [CVE-2024-20088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20088) +![](https://img.shields.io/static/v1?label=Product&message=MT6765%2C%20MT6768%2C%20MT6781%2C%20MT6833%2C%20MT6835%2C%20MT6855%2C%20MT6877%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6886%2C%20MT6889%2C%20MT6893%2C%20MT6895%2C%20MT6897%2C%20MT6983%2C%20MT6985%2C%20MT6989%2C%20MT8321%2C%20MT8755%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8775%2C%20MT8781%2C%20MT8786%2C%20MT8788%2C%20MT8792%2C%20MT8796&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932099; Issue ID: MSV-1543. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-2009.md b/2024/CVE-2024-2009.md index 7cfa35204b..a2427eb96c 100644 --- a/2024/CVE-2024-2009.md +++ b/2024/CVE-2024-2009.md @@ -13,5 +13,6 @@ A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affec No PoCs from references. #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-20090.md b/2024/CVE-2024-20090.md new file mode 100644 index 0000000000..1ad22726fb --- /dev/null +++ b/2024/CVE-2024-20090.md @@ -0,0 +1,17 @@ +### [CVE-2024-20090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20090) +![](https://img.shields.io/static/v1?label=Product&message=MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6785%2C%20MT6853%2C%20MT6873%2C%20MT6885%2C%20MT8385%2C%20MT8666%2C%20MT8667%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8788%2C%20MT8789&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20091.md b/2024/CVE-2024-20091.md new file mode 100644 index 0000000000..ada63bbb61 --- /dev/null +++ b/2024/CVE-2024-20091.md @@ -0,0 +1,17 @@ +### [CVE-2024-20091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20091) +![](https://img.shields.io/static/v1?label=Product&message=MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6785%2C%20MT6853%2C%20MT6873%2C%20MT6885%2C%20MT8385%2C%20MT8666%2C%20MT8667%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8788%2C%20MT8789&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20092.md b/2024/CVE-2024-20092.md new file mode 100644 index 0000000000..4b6933287a --- /dev/null +++ b/2024/CVE-2024-20092.md @@ -0,0 +1,17 @@ +### [CVE-2024-20092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20092) +![](https://img.shields.io/static/v1?label=Product&message=MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6785%2C%20MT6853%2C%20MT6873%2C%20MT6885%2C%20MT8385%2C%20MT8666%2C%20MT8667%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8788%2C%20MT8789&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20093.md b/2024/CVE-2024-20093.md new file mode 100644 index 0000000000..f43bd96707 --- /dev/null +++ b/2024/CVE-2024-20093.md @@ -0,0 +1,17 @@ +### [CVE-2024-20093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20093) +![](https://img.shields.io/static/v1?label=Product&message=MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6785%2C%20MT6853%2C%20MT6873%2C%20MT6885%2C%20MT8385%2C%20MT8666%2C%20MT8667%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8788%2C%20MT8789&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20095.md b/2024/CVE-2024-20095.md new file mode 100644 index 0000000000..9f81ed7c43 --- /dev/null +++ b/2024/CVE-2024-20095.md @@ -0,0 +1,17 @@ +### [CVE-2024-20095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20095) +![](https://img.shields.io/static/v1?label=Product&message=MT6580%2C%20MT6739%2C%20MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6781%2C%20MT6785%2C%20MT6789%2C%20MT6833%2C%20MT6853%2C%20MT6855%2C%20MT6873%2C%20MT6877%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6889%2C%20MT6893%2C%20MT6895%2C%20MT6983%2C%20MT8666%2C%20MT8667%2C%20MT8673%2C%20MT8675%2C%20MT8678&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%2C%2015.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20096.md b/2024/CVE-2024-20096.md new file mode 100644 index 0000000000..ea77e9ae5b --- /dev/null +++ b/2024/CVE-2024-20096.md @@ -0,0 +1,17 @@ +### [CVE-2024-20096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20096) +![](https://img.shields.io/static/v1?label=Product&message=MT6580%2C%20MT6739%2C%20MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6781%2C%20MT6785%2C%20MT6789%2C%20MT6833%2C%20MT6853%2C%20MT6855%2C%20MT6873%2C%20MT6877%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6889%2C%20MT6893%2C%20MT6895%2C%20MT6983%2C%20MT8666%2C%20MT8667%2C%20MT8673%2C%20MT8675%2C%20MT8678&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%2C%2015.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20097.md b/2024/CVE-2024-20097.md new file mode 100644 index 0000000000..e0193c325d --- /dev/null +++ b/2024/CVE-2024-20097.md @@ -0,0 +1,17 @@ +### [CVE-2024-20097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20097) +![](https://img.shields.io/static/v1?label=Product&message=MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6785%2C%20MT6789%2C%20MT6853%2C%20MT6873%2C%20MT6885%2C%20MT8666%2C%20MT8667%2C%20MT8673%2C%20MT8675%2C%20MT8678&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20104.md b/2024/CVE-2024-20104.md new file mode 100644 index 0000000000..1c7f11b447 --- /dev/null +++ b/2024/CVE-2024-20104.md @@ -0,0 +1,17 @@ +### [CVE-2024-20104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20104) +![](https://img.shields.io/static/v1?label=Product&message=MT6781%2C%20MT6789%2C%20MT6835%2C%20MT6855%2C%20MT6878%2C%20MT6879%2C%20MT6880%2C%20MT6886%2C%20MT6890%2C%20MT6895%2C%20MT6897%2C%20MT6980%2C%20MT6983%2C%20MT6985%2C%20MT6989%2C%20MT6990%2C%20MT8188%2C%20MT8370%2C%20MT8390%2C%20MT8676&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%2C%2015.0%20%2F%20openWRT%2019.07%2C%2021.02%2C%2023.05%20%2F%20Yocto%204.0%20%2F%20%20RDK-B%2022Q3%2C%2024Q1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lgturatti/techdrops + diff --git a/2024/CVE-2024-20105.md b/2024/CVE-2024-20105.md new file mode 100644 index 0000000000..3360e1f240 --- /dev/null +++ b/2024/CVE-2024-20105.md @@ -0,0 +1,17 @@ +### [CVE-2024-20105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20105) +![](https://img.shields.io/static/v1?label=Product&message=MT6580%2C%20MT6739%2C%20MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6781%2C%20MT6785%2C%20MT6789%2C%20MT6833%2C%20MT6853%2C%20MT6855%2C%20MT6873%2C%20MT6877%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6889%2C%20MT6893%2C%20MT6895%2C%20MT6983%2C%20MT8666%2C%20MT8667%2C%20MT8673%2C%20MT8768&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%2C%2015.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20106.md b/2024/CVE-2024-20106.md new file mode 100644 index 0000000000..1074a25257 --- /dev/null +++ b/2024/CVE-2024-20106.md @@ -0,0 +1,17 @@ +### [CVE-2024-20106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20106) +![](https://img.shields.io/static/v1?label=Product&message=MT6739%2C%20MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6785%2C%20MT6853%2C%20MT6873%2C%20MT6885%2C%20MT8666%2C%20MT8667%2C%20MT8673%2C%20MT8678&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%2C%2015.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-843%20Type%20Confusion&color=brighgreen) + +### Description + +In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lgturatti/techdrops + diff --git a/2024/CVE-2024-20107.md b/2024/CVE-2024-20107.md new file mode 100644 index 0000000000..a58accea0a --- /dev/null +++ b/2024/CVE-2024-20107.md @@ -0,0 +1,17 @@ +### [CVE-2024-20107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20107) +![](https://img.shields.io/static/v1?label=Product&message=MT6781%2C%20MT6789%2C%20MT6835%2C%20MT6855%2C%20MT6878%2C%20MT6879%2C%20MT6880%2C%20MT6886%2C%20MT6890%2C%20MT6895%2C%20MT6897%2C%20MT6980%2C%20MT6983%2C%20MT6985%2C%20MT6989%2C%20MT6990%2C%20MT8188%2C%20MT8370%2C%20MT8390%2C%20MT8676&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%2C%2015.0%20%2F%20openWRT%2019.07%2C%2021.02%2C%2023.05%20%2F%20Yocto%204.0%20%2F%20RDK-B%2022Q3%2C%2024Q1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20116.md b/2024/CVE-2024-20116.md new file mode 100644 index 0000000000..a7feb71d0a --- /dev/null +++ b/2024/CVE-2024-20116.md @@ -0,0 +1,17 @@ +### [CVE-2024-20116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20116) +![](https://img.shields.io/static/v1?label=Product&message=MT6765%2C%20MT6768%2C%20MT6779%2C%20MT6781%2C%20MT6785%2C%20MT6789%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8771%2C%20MT8781%2C%20MT8786%2C%20MT8788%2C%20MT8789%2C%20MT8791T%2C%20MT8795T%2C%20MT8797%2C%20MT8798&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20130.md b/2024/CVE-2024-20130.md new file mode 100644 index 0000000000..f089a730e1 --- /dev/null +++ b/2024/CVE-2024-20130.md @@ -0,0 +1,17 @@ +### [CVE-2024-20130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20130) +![](https://img.shields.io/static/v1?label=Product&message=MT6739%2C%20MT6761%2C%20MT6765%2C%20MT6768%2C%20MT6781%2C%20MT6789%2C%20MT6833%2C%20MT6835%2C%20MT6853%2C%20MT6855%2C%20MT6877%2C%20MT6878%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6886%2C%20MT6889%2C%20MT6893%2C%20MT6895%2C%20MT6896%2C%20MT6897%2C%20MT6983%2C%20MT6985%2C%20MT6989%2C%20MT8195%2C%20MT8676%2C%20MT8678%2C%20MT8696%2C%20MT8796&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2014.0%2C%2015.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack%20Overflow&color=brighgreen) + +### Description + +In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Navaneethp007/Cyber_bot + diff --git a/2024/CVE-2024-20136.md b/2024/CVE-2024-20136.md new file mode 100644 index 0000000000..9c8a638b41 --- /dev/null +++ b/2024/CVE-2024-20136.md @@ -0,0 +1,17 @@ +### [CVE-2024-20136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20136) +![](https://img.shields.io/static/v1?label=Product&message=MT2737%2C%20MT6781%2C%20MT6789%2C%20MT6855%2C%20MT6878%2C%20MT6879%2C%20MT6880%2C%20MT6886%2C%20MT6890%2C%20MT6895%2C%20MT6897%2C%20MT6980%2C%20MT6983%2C%20MT6985%2C%20MT6989%2C%20MT6990%2C%20MT8195%2C%20MT8370%2C%20MT8390%2C%20MT8673%2C%20MT8676%2C%20MT8678%2C%20MT8755%2C%20MT8775%2C%20MT8781%2C%20MT8795T%2C%20MT8796%2C%20MT8798%2C%20MT8893&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%2C%2014.0%2C%2015.0%20%2F%20openWRT%2019.07%2C%2021.02%2C%2023.05%20%2F%20Yocto%204.0%20%2F%20RDK-B%2022Q3%2C%2024Q1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Resery/Resery + diff --git a/2024/CVE-2024-20137.md b/2024/CVE-2024-20137.md new file mode 100644 index 0000000000..f08ab767fb --- /dev/null +++ b/2024/CVE-2024-20137.md @@ -0,0 +1,17 @@ +### [CVE-2024-20137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20137) +![](https://img.shields.io/static/v1?label=Product&message=MT6890%2C%20MT7622%2C%20MT7915%2C%20MT7916%2C%20MT7981%2C%20MT7986&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20SDK%20release%207.4.0.1%20(MT7915)%20and%207.6.7.2%20(MT7916%2C%20MT798X)%20and%20before%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-248%20Uncaught%20Exception&color=brighgreen) + +### Description + +In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/takistmr/CVE-2024-20137 + diff --git a/2024/CVE-2024-2022.md b/2024/CVE-2024-2022.md index b47f71f05f..d47290a113 100644 --- a/2024/CVE-2024-2022.md +++ b/2024/CVE-2024-2022.md @@ -13,7 +13,24 @@ A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-20253.md b/2024/CVE-2024-20253.md new file mode 100644 index 0000000000..e345568cf3 --- /dev/null +++ b/2024/CVE-2024-20253.md @@ -0,0 +1,29 @@ +### [CVE-2024-20253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20253) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Packaged%20Contact%20Center%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Unified%20Communications%20Manager%20%2F%20Cisco%20Unity%20Connection&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Unified%20Communications%20Manager%20IM%20and%20Presence%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Unified%20Communications%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Unified%20Contact%20Center%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Unified%20Contact%20Center%20Express&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Unity%20Connection&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Virtualized%20Voice%20Browser&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.5(1)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.5(2)SU10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.0(1)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.0(1)SU1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.5(1)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EfstratiosLontzetidis/blogs_advisories_reports_papers + diff --git a/2024/CVE-2024-20269.md b/2024/CVE-2024-20269.md new file mode 100644 index 0000000000..df3ea6b954 --- /dev/null +++ b/2024/CVE-2024-20269.md @@ -0,0 +1,17 @@ +### [CVE-2024-20269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20269) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnanthapadmanabhanA/My-CVEs + diff --git a/2024/CVE-2024-20300.md b/2024/CVE-2024-20300.md new file mode 100644 index 0000000000..9a01ac8026 --- /dev/null +++ b/2024/CVE-2024-20300.md @@ -0,0 +1,17 @@ +### [CVE-2024-20300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20300) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnanthapadmanabhanA/My-CVEs + diff --git a/2024/CVE-2024-20338.md b/2024/CVE-2024-20338.md index 412d168757..669589878a 100644 --- a/2024/CVE-2024-20338.md +++ b/2024/CVE-2024-20338.md @@ -13,6 +13,7 @@ A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client f No PoCs from references. #### Github +- https://github.com/annmuor/CVE-2024-20338 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-20353.md b/2024/CVE-2024-20353.md index da882aad13..55fcb21b3c 100644 --- a/2024/CVE-2024-20353.md +++ b/2024/CVE-2024-20353.md @@ -15,6 +15,7 @@ A vulnerability in the management and VPN web servers for Cisco Adaptive Securit No PoCs from references. #### Github +- https://github.com/Rat5ak/Anatomy-of-a-Reconnaissance-Campaign-Deconstructing-Bullet-Proof-Host---AS401116-AS401120-AS215540 - https://github.com/Spl0stus/CVE-2024-20353-CiscoASAandFTD - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/toxyl/lscve diff --git a/2024/CVE-2024-20356.md b/2024/CVE-2024-20356.md index 15062036f3..6979c43908 100644 --- a/2024/CVE-2024-20356.md +++ b/2024/CVE-2024-20356.md @@ -15,7 +15,12 @@ A vulnerability in the web-based management interface of Cisco Integrated Manage - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/2303A51068/T103-Hackathon-2025 +- https://github.com/IamAlch3mist/Awesome-Embedded-Systems-Vulnerability-Research +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/SherllyNeo/CVE_2024_20356 +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/netlas-io/netlas-dorks - https://github.com/nettitude/CVE-2024-20356 diff --git a/2024/CVE-2024-20358.md b/2024/CVE-2024-20358.md index bf5d0060c8..05e7509ed0 100644 --- a/2024/CVE-2024-20358.md +++ b/2024/CVE-2024-20358.md @@ -16,4 +16,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jgamblin/CVE-MCP diff --git a/2024/CVE-2024-20365.md b/2024/CVE-2024-20365.md new file mode 100644 index 0000000000..0160f27293 --- /dev/null +++ b/2024/CVE-2024-20365.md @@ -0,0 +1,17 @@ +### [CVE-2024-20365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20365) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Unified%20Computing%20System%20(Managed)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1(2a)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/Redfish-CVE-lib + diff --git a/2024/CVE-2024-20377.md b/2024/CVE-2024-20377.md new file mode 100644 index 0000000000..425efc607b --- /dev/null +++ b/2024/CVE-2024-20377.md @@ -0,0 +1,17 @@ +### [CVE-2024-20377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20377) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to the web-based management interface not properly validating user-supplied input. An attacker could exploit this vulnerability by by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. + +### POC + +#### Reference +- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20387.md b/2024/CVE-2024-20387.md new file mode 100644 index 0000000000..4d5fc55bbd --- /dev/null +++ b/2024/CVE-2024-20387.md @@ -0,0 +1,17 @@ +### [CVE-2024-20387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20387) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device. + +### POC + +#### Reference +- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20388.md b/2024/CVE-2024-20388.md new file mode 100644 index 0000000000..83964c02aa --- /dev/null +++ b/2024/CVE-2024-20388.md @@ -0,0 +1,19 @@ +### [CVE-2024-20388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20388) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Threat%20Defense%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.6.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20Through%20Data%20Queries&color=brighgreen) + +### Description + +A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset. + +### POC + +#### Reference +- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-infodisc-RL4mJFer + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20399.md b/2024/CVE-2024-20399.md index 37c2833132..bd25ba3bb6 100644 --- a/2024/CVE-2024-20399.md +++ b/2024/CVE-2024-20399.md @@ -1,11 +1,11 @@ ### [CVE-2024-20399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20399) ![](https://img.shields.io/static/v1?label=Product&message=Cisco%20NX-OS%20Software&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%206.0(2)A6(1)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.2(5)%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) ### Description -A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. +A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. The following Cisco devices already allow administrative users to access the underlying operating system through the bash-shell feature, so, for these devices, this vulnerability does not grant any additional privileges: Nexus 3000 Series Switches Nexus 7000 Series Switches that are running Cisco NX-OS Software releases 8.1(1) and later Nexus 9000 Series Switches in standalone NX-OS mode ### POC @@ -13,5 +13,6 @@ A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, No PoCs from references. #### Github +- https://github.com/ChalkingCode/ExploitedDucks - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-20403.md b/2024/CVE-2024-20403.md new file mode 100644 index 0000000000..a75f7276bf --- /dev/null +++ b/2024/CVE-2024-20403.md @@ -0,0 +1,17 @@ +### [CVE-2024-20403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20403) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnanthapadmanabhanA/My-CVEs + diff --git a/2024/CVE-2024-20404.md b/2024/CVE-2024-20404.md index fb5e2eb8c4..a109acf7d2 100644 --- a/2024/CVE-2024-20404.md +++ b/2024/CVE-2024-20404.md @@ -19,4 +19,5 @@ No PoCs from references. #### Github - https://github.com/AbdElRahmanEzzat1995/CVE-2024-20404 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-20405.md b/2024/CVE-2024-20405.md index 32a41a06af..141600e5cf 100644 --- a/2024/CVE-2024-20405.md +++ b/2024/CVE-2024-20405.md @@ -19,4 +19,5 @@ No PoCs from references. #### Github - https://github.com/AbdElRahmanEzzat1995/CVE-2024-20405 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-20409.md b/2024/CVE-2024-20409.md new file mode 100644 index 0000000000..ef38edc78b --- /dev/null +++ b/2024/CVE-2024-20409.md @@ -0,0 +1,17 @@ +### [CVE-2024-20409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20409) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnanthapadmanabhanA/My-CVEs + diff --git a/2024/CVE-2024-20424.md b/2024/CVE-2024-20424.md new file mode 100644 index 0000000000..94514d285c --- /dev/null +++ b/2024/CVE-2024-20424.md @@ -0,0 +1,17 @@ +### [CVE-2024-20424](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20424) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Management%20Center&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jnzonzidi/Monitoring-for-Suspicious-HTTP-Requests + diff --git a/2024/CVE-2024-20433.md b/2024/CVE-2024-20433.md new file mode 100644 index 0000000000..472db87b0e --- /dev/null +++ b/2024/CVE-2024-20433.md @@ -0,0 +1,19 @@ +### [CVE-2024-20433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20433) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=IOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.0(24)S%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.7.0S%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crosswk/cisco-version-vulnerability-search + diff --git a/2024/CVE-2024-20434.md b/2024/CVE-2024-20434.md new file mode 100644 index 0000000000..a444ed4fe1 --- /dev/null +++ b/2024/CVE-2024-20434.md @@ -0,0 +1,17 @@ +### [CVE-2024-20434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20434) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crosswk/cisco-version-vulnerability-search + diff --git a/2024/CVE-2024-20439.md b/2024/CVE-2024-20439.md new file mode 100644 index 0000000000..d745649e4e --- /dev/null +++ b/2024/CVE-2024-20439.md @@ -0,0 +1,20 @@ +### [CVE-2024-20439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20439) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Smart%20License%20Utility&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Hidden%20Functionality&color=brighgreen) + +### Description + +A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-2044.md b/2024/CVE-2024-2044.md index ab149d34d2..c2b61b3d66 100644 --- a/2024/CVE-2024-2044.md +++ b/2024/CVE-2024-2044.md @@ -13,5 +13,17 @@ pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing - https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/ #### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/NaInSec/CVE-LIST +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 diff --git a/2024/CVE-2024-20440.md b/2024/CVE-2024-20440.md new file mode 100644 index 0000000000..cedeebd4c5 --- /dev/null +++ b/2024/CVE-2024-20440.md @@ -0,0 +1,17 @@ +### [CVE-2024-20440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20440) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Smart%20License%20Utility&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-20455.md b/2024/CVE-2024-20455.md new file mode 100644 index 0000000000..ea02c0befb --- /dev/null +++ b/2024/CVE-2024-20455.md @@ -0,0 +1,19 @@ +### [CVE-2024-20455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20455) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Catalyst%20SD-WAN&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2017.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2017.5.1a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=State%20Issues&color=brighgreen) + +### Description + +A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crosswk/cisco-version-vulnerability-search + diff --git a/2024/CVE-2024-20467.md b/2024/CVE-2024-20467.md new file mode 100644 index 0000000000..85d751b2a1 --- /dev/null +++ b/2024/CVE-2024-20467.md @@ -0,0 +1,17 @@ +### [CVE-2024-20467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20467) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2017.12.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Resource%20Management%20Errors&color=brighgreen) + +### Description + +A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/saler-cve/PoC-Exploit-CVE-2024-20467 + diff --git a/2024/CVE-2024-20469.md b/2024/CVE-2024-20469.md new file mode 100644 index 0000000000..f52a5c340b --- /dev/null +++ b/2024/CVE-2024-20469.md @@ -0,0 +1,17 @@ +### [CVE-2024-20469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20469) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Identity%20Services%20Engine%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. + +### POC + +#### Reference +- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-6kn9tSxm + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20481.md b/2024/CVE-2024-20481.md new file mode 100644 index 0000000000..905f80e1ba --- /dev/null +++ b/2024/CVE-2024-20481.md @@ -0,0 +1,19 @@ +### [CVE-2024-20481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20481) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Adaptive%20Security%20Appliance%20(ASA)%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Firepower%20Threat%20Defense%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.8.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Release%20of%20Resource%20after%20Effective%20Lifetime&color=brighgreen) + +### Description + +A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jgamblin/CVE-MCP + diff --git a/2024/CVE-2024-20515.md b/2024/CVE-2024-20515.md new file mode 100644 index 0000000000..cb76431959 --- /dev/null +++ b/2024/CVE-2024-20515.md @@ -0,0 +1,17 @@ +### [CVE-2024-20515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20515) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Identity%20Services%20Engine%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen) + +### Description + +A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Hashmire/Analysis_Tools + diff --git a/2024/CVE-2024-2053.md b/2024/CVE-2024-2053.md index 5165bb1cff..878ac5ffe1 100644 --- a/2024/CVE-2024-2053.md +++ b/2024/CVE-2024-2053.md @@ -14,5 +14,6 @@ The Artica Proxy administrative web application will deserialize arbitrary PHP o - https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt #### Github -No PoCs found on GitHub currently. +- https://github.com/b-L-x/CVE-2024-2053 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-20656.md b/2024/CVE-2024-20656.md index 4096f8742f..a7f81cad6d 100644 --- a/2024/CVE-2024-20656.md +++ b/2024/CVE-2024-20656.md @@ -23,13 +23,17 @@ Visual Studio Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/Ekitji/siem - https://github.com/GhostTroops/TOP - https://github.com/NaInSec/CVE-LIST +- https://github.com/SrcVme50/Compiled - https://github.com/Wh04m1001/CVE-2024-20656 - https://github.com/aneasystone/github-trending +- https://github.com/charlesgargasson/charlesgargasson - https://github.com/grgmrtn255/Links - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/suvani-ctrl/VAPT__sample - https://github.com/zengzzzzz/golang-trending-archive - https://github.com/zhaoxiaoha/github-trending diff --git a/2024/CVE-2024-20661.md b/2024/CVE-2024-20661.md index 642d237552..29045125bf 100644 --- a/2024/CVE-2024-20661.md +++ b/2024/CVE-2024-20661.md @@ -23,26 +23,25 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20402%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.6614%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5329%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.3930%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.3930%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2227%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2713%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3007%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3007%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.643%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22464%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.26910%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26910%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24664%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.21765%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.10240.0%3C%2010.0.10240.20402%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.14393.0%3C%2010.0.14393.6614%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.17763.0%3C%2010.0.17763.5329%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.19043.0%3C%2010.0.19044.3930%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.19045.0%3C%2010.0.19045.3930%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.20348.0%3C%2010.0.20348.2227%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.22621.0%3C%2010.0.22621.3007%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.22631.0%3C%2010.0.22631.3007%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.25398.0%3C%2010.0.25398.643%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.6003.0%3C%206.0.6003.22464%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.7601.0%3C%206.1.7601.26910%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.9200.0%3C%206.2.9200.24664%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.9600.0%3C%206.3.9600.21765%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) ### Description -Microsoft Message Queuing Denial of Service Vulnerability +Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability ### POC diff --git a/2024/CVE-2024-20666.md b/2024/CVE-2024-20666.md index 6789b1c6ad..aa7f1b336a 100644 --- a/2024/CVE-2024-20666.md +++ b/2024/CVE-2024-20666.md @@ -39,6 +39,7 @@ No PoCs from references. - https://github.com/HYZ3K/CVE-2024-20666 - https://github.com/MHimken/WinRE-Customization - https://github.com/NaInSec/CVE-LIST +- https://github.com/Yusuf-Homaid/programmatic-vulnerability-remediations - https://github.com/invaderslabs/CVE-2024-20666 - https://github.com/nnotwen/Script-For-CVE-2024-20666 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-20670.md b/2024/CVE-2024-20670.md index fa7186aac0..4422b2891c 100644 --- a/2024/CVE-2024-20670.md +++ b/2024/CVE-2024-20670.md @@ -13,5 +13,6 @@ Outlook for Windows Spoofing Vulnerability No PoCs from references. #### Github +- https://github.com/Jaysolex/vulnerabilty-scan - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-20671.md b/2024/CVE-2024-20671.md index 1b414ae7f6..87ec40fc4c 100644 --- a/2024/CVE-2024-20671.md +++ b/2024/CVE-2024-20671.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/ig-labs/EDR-ALPC-Block-POC +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-20674.md b/2024/CVE-2024-20674.md index 00d2fbadab..4dab9bd99a 100644 --- a/2024/CVE-2024-20674.md +++ b/2024/CVE-2024-20674.md @@ -51,4 +51,6 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/gpotter2/CVE-2024-20674 +- https://github.com/secdev/awesome-scapy diff --git a/2024/CVE-2024-20696.md b/2024/CVE-2024-20696.md index 68f2c4ccdf..56af9d95f8 100644 --- a/2024/CVE-2024-20696.md +++ b/2024/CVE-2024-20696.md @@ -30,7 +30,10 @@ Windows libarchive Remote Code Execution Vulnerability No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/NaInSec/CVE-LIST +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/clearbluejar/CVE-2024-20696 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-20698.md b/2024/CVE-2024-20698.md index 6c8701bab0..be749b640e 100644 --- a/2024/CVE-2024-20698.md +++ b/2024/CVE-2024-20698.md @@ -35,4 +35,5 @@ No PoCs from references. - https://github.com/RomanRybachek/RomanRybachek - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-20746.md b/2024/CVE-2024-20746.md index d025cc40f3..9a50ac9ac5 100644 --- a/2024/CVE-2024-20746.md +++ b/2024/CVE-2024-20746.md @@ -13,6 +13,7 @@ Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds No PoCs from references. #### Github +- https://github.com/GAP-dev/GAP-dev - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-20767.md b/2024/CVE-2024-20767.md index a622b8fa82..b1e16199f0 100644 --- a/2024/CVE-2024-20767.md +++ b/2024/CVE-2024-20767.md @@ -5,7 +5,7 @@ ### Description -ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. +ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet. ### POC @@ -13,17 +13,36 @@ ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Acce No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC - https://github.com/Chocapikk/CVE-2024-20767 +- https://github.com/DMW11525708/wiki - https://github.com/Hatcat123/my_stars +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/NaInSec/CVE-LIST - https://github.com/Ostorlab/KEV - https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion +- https://github.com/WhosGa/MyWiki - https://github.com/XRSec/AWVS-Update +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/alm6no5/CVE-2024-20767 +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/huyqa/cve-2024-20767 - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/m-cetin/CVE-2024-20767 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/packetinside/CISA_BOT - https://github.com/qiuluo-oss/Tiger - https://github.com/tanjiti/sec_profile - https://github.com/trganda/starrlist diff --git a/2024/CVE-2024-20820.md b/2024/CVE-2024-20820.md index 9b130fa4f9..4b6eb0d1d4 100644 --- a/2024/CVE-2024-20820.md +++ b/2024/CVE-2024-20820.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/quarkslab/samsung-bootchain-poc diff --git a/2024/CVE-2024-20832.md b/2024/CVE-2024-20832.md index b455e01cfd..f402e8411c 100644 --- a/2024/CVE-2024-20832.md +++ b/2024/CVE-2024-20832.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/quarkslab/samsung-bootchain-poc diff --git a/2024/CVE-2024-20865.md b/2024/CVE-2024-20865.md index af6cc8f93e..974fffba05 100644 --- a/2024/CVE-2024-20865.md +++ b/2024/CVE-2024-20865.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/quarkslab/samsung-bootchain-poc diff --git a/2024/CVE-2024-20889.md b/2024/CVE-2024-20889.md new file mode 100644 index 0000000000..80e24f6ebd --- /dev/null +++ b/2024/CVE-2024-20889.md @@ -0,0 +1,17 @@ +### [CVE-2024-20889](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20889) +![](https://img.shields.io/static/v1?label=Product&message=Samsung%20Mobile%20Devices&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SyNSec-den/Proteus + diff --git a/2024/CVE-2024-20890.md b/2024/CVE-2024-20890.md new file mode 100644 index 0000000000..027231e888 --- /dev/null +++ b/2024/CVE-2024-20890.md @@ -0,0 +1,17 @@ +### [CVE-2024-20890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20890) +![](https://img.shields.io/static/v1?label=Product&message=Samsung%20Mobile%20Devices&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SyNSec-den/Proteus + diff --git a/2024/CVE-2024-20918.md b/2024/CVE-2024-20918.md new file mode 100644 index 0000000000..9fca414d58 --- /dev/null +++ b/2024/CVE-2024-20918.md @@ -0,0 +1,17 @@ +### [CVE-2024-20918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20918) +![](https://img.shields.io/static/v1?label=Product&message=Java%20SE%20JDK%20and%20JRE&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Oracle%20Java%20SE%3A8u391%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20creation%2C%20deletion%20or%20modification%20access%20to%20critical%20data%20or%20all%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition%20accessible%20data%20as%20well%20as%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition%20accessible%20data.&color=brighgreen) + +### Description + +Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tmyymmt/docker-ansible-apache-tomcat-spring_boot + diff --git a/2024/CVE-2024-20919.md b/2024/CVE-2024-20919.md new file mode 100644 index 0000000000..72028b01a0 --- /dev/null +++ b/2024/CVE-2024-20919.md @@ -0,0 +1,17 @@ +### [CVE-2024-20919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20919) +![](https://img.shields.io/static/v1?label=Product&message=Java%20SE%20JDK%20and%20JRE&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Oracle%20Java%20SE%3A8u391%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20creation%2C%20deletion%20or%20modification%20access%20to%20critical%20data%20or%20all%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition%20accessible%20data.&color=brighgreen) + +### Description + +Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/software-engineering-and-security/TypeConfusionStats + diff --git a/2024/CVE-2024-20921.md b/2024/CVE-2024-20921.md new file mode 100644 index 0000000000..0bb487debe --- /dev/null +++ b/2024/CVE-2024-20921.md @@ -0,0 +1,17 @@ +### [CVE-2024-20921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20921) +![](https://img.shields.io/static/v1?label=Product&message=Java%20SE%20JDK%20and%20JRE&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Oracle%20Java%20SE%3A8u391%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20Java%20SE%2C%20Oracle%20GraalVM%20for%20JDK%2C%20Oracle%20GraalVM%20Enterprise%20Edition%20accessible%20data.&color=brighgreen) + +### Description + +Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/software-engineering-and-security/TypeConfusionStats + diff --git a/2024/CVE-2024-20931.md b/2024/CVE-2024-20931.md index 21bd1a1485..48bd448e2d 100644 --- a/2024/CVE-2024-20931.md +++ b/2024/CVE-2024-20931.md @@ -13,22 +13,41 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/0xPThree/WebLogic +- https://github.com/12442RF/POC - https://github.com/ATonysan/CVE-2024-20931_weblogic +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki - https://github.com/GhostTroops/TOP - https://github.com/GlassyAmadeus/CVE-2024-20931 - https://github.com/Leocodefocus/CVE-2024-20931-Poc +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Marco-zcl/POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs - https://github.com/ZonghaoLi777/githubTrending +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/aneasystone/github-trending +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/dinosn/CVE-2024-20931 +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fireinrain/github-trending - https://github.com/gobysec/Goby +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending - https://github.com/k3ppf0r/2024-PocLib - https://github.com/labesterOct/CVE-2024-20931 +- https://github.com/laoa1573/wy876 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/nullcult/CVE_2024_209321 +- https://github.com/oLy0/Vulnerability - https://github.com/sampsonv/github-trending - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc diff --git a/2024/CVE-2024-20953.md b/2024/CVE-2024-20953.md index b89f2c5324..520b9b289e 100644 --- a/2024/CVE-2024-20953.md +++ b/2024/CVE-2024-20953.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/packetinside/CISA_BOT diff --git a/2024/CVE-2024-21006.md b/2024/CVE-2024-21006.md index 679c793a85..c38055a166 100644 --- a/2024/CVE-2024-21006.md +++ b/2024/CVE-2024-21006.md @@ -13,11 +13,33 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://www.oracle.com/security-alerts/cpuapr2024.html #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/0xPThree/WebLogic +- https://github.com/12442RF/POC - https://github.com/20142995/sectool +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/bright-angel/sec-repos +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/d3fudd/CVE-2024-21006_POC +- https://github.com/dadvlingd/CVE-2024-21006 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/lightr3d/CVE-2024-21006_jar - https://github.com/momika233/CVE-2024-21006 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC - https://github.com/wy876/wiki +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-21011.md b/2024/CVE-2024-21011.md index 0f953f1232..3877607d4c 100644 --- a/2024/CVE-2024-21011.md +++ b/2024/CVE-2024-21011.md @@ -13,5 +13,6 @@ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente - https://www.oracle.com/security-alerts/cpuapr2024.html #### Github +- https://github.com/D4ncg2510/Tarea_scann2 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21012.md b/2024/CVE-2024-21012.md index 5d802f44bf..7b319b19b9 100644 --- a/2024/CVE-2024-21012.md +++ b/2024/CVE-2024-21012.md @@ -13,5 +13,6 @@ Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente - https://www.oracle.com/security-alerts/cpuapr2024.html #### Github +- https://github.com/D4ncg2510/Tarea_scann2 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21096.md b/2024/CVE-2024-21096.md index 1b5f532ac2..63eadea6c7 100644 --- a/2024/CVE-2024-21096.md +++ b/2024/CVE-2024-21096.md @@ -13,5 +13,6 @@ Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: my - https://www.oracle.com/security-alerts/cpuapr2024.html #### Github -No PoCs found on GitHub currently. +- https://github.com/OzNetNerd/CheckovOutputProcessor +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21182.md b/2024/CVE-2024-21182.md new file mode 100644 index 0000000000..c61b93717f --- /dev/null +++ b/2024/CVE-2024-21182.md @@ -0,0 +1,19 @@ +### [CVE-2024-21182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21182) +![](https://img.shields.io/static/v1?label=Product&message=WebLogic%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.2.1.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20T3%2C%20IIOP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20WebLogic%20Server%20accessible%20data.&color=brighgreen) + +### Description + +Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/k4it0k1d/CVE-2024-21182 +- https://github.com/kursadalsan/CVE-2024-21182 +- https://github.com/yulate/yulate + diff --git a/2024/CVE-2024-21193.md b/2024/CVE-2024-21193.md new file mode 100644 index 0000000000..7b124857dc --- /dev/null +++ b/2024/CVE-2024-21193.md @@ -0,0 +1,17 @@ +### [CVE-2024-21193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21193) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21194.md b/2024/CVE-2024-21194.md new file mode 100644 index 0000000000..51f992f09f --- /dev/null +++ b/2024/CVE-2024-21194.md @@ -0,0 +1,17 @@ +### [CVE-2024-21194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21194) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21196.md b/2024/CVE-2024-21196.md new file mode 100644 index 0000000000..a2b344d981 --- /dev/null +++ b/2024/CVE-2024-21196.md @@ -0,0 +1,17 @@ +### [CVE-2024-21196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21196) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20low%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21197.md b/2024/CVE-2024-21197.md new file mode 100644 index 0000000000..5ea1dc36ef --- /dev/null +++ b/2024/CVE-2024-21197.md @@ -0,0 +1,17 @@ +### [CVE-2024-21197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21197) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21198.md b/2024/CVE-2024-21198.md new file mode 100644 index 0000000000..a271d5c548 --- /dev/null +++ b/2024/CVE-2024-21198.md @@ -0,0 +1,17 @@ +### [CVE-2024-21198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21198) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21199.md b/2024/CVE-2024-21199.md new file mode 100644 index 0000000000..f70f3e03e0 --- /dev/null +++ b/2024/CVE-2024-21199.md @@ -0,0 +1,17 @@ +### [CVE-2024-21199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21199) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21201.md b/2024/CVE-2024-21201.md new file mode 100644 index 0000000000..12fdb721ee --- /dev/null +++ b/2024/CVE-2024-21201.md @@ -0,0 +1,17 @@ +### [CVE-2024-21201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21201) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21212.md b/2024/CVE-2024-21212.md new file mode 100644 index 0000000000..d812062898 --- /dev/null +++ b/2024/CVE-2024-21212.md @@ -0,0 +1,17 @@ +### [CVE-2024-21212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21212) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21213.md b/2024/CVE-2024-21213.md new file mode 100644 index 0000000000..acfc1b605b --- /dev/null +++ b/2024/CVE-2024-21213.md @@ -0,0 +1,17 @@ +### [CVE-2024-21213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21213) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20logon%20to%20the%20infrastructure%20where%20MySQL%20Server%20executes%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20require%20human%20interaction%20from%20a%20person%20other%20than%20the%20attacker.%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21216.md b/2024/CVE-2024-21216.md new file mode 100644 index 0000000000..d43576ad32 --- /dev/null +++ b/2024/CVE-2024-21216.md @@ -0,0 +1,17 @@ +### [CVE-2024-21216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21216) +![](https://img.shields.io/static/v1?label=Product&message=Oracle%20WebLogic%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.2.1.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20T3%2C%20IIOP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20takeover%20of%20Oracle%20WebLogic%20Server.&color=brighgreen) + +### Description + +Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/yulate/yulate + diff --git a/2024/CVE-2024-21219.md b/2024/CVE-2024-21219.md new file mode 100644 index 0000000000..f9a65e4796 --- /dev/null +++ b/2024/CVE-2024-21219.md @@ -0,0 +1,17 @@ +### [CVE-2024-21219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21219) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21230.md b/2024/CVE-2024-21230.md new file mode 100644 index 0000000000..0ff820d9ce --- /dev/null +++ b/2024/CVE-2024-21230.md @@ -0,0 +1,19 @@ +### [CVE-2024-21230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21230) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Cluster&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.5.35%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20low%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Cluster.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Cluster.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21231.md b/2024/CVE-2024-21231.md new file mode 100644 index 0000000000..ad2019f761 --- /dev/null +++ b/2024/CVE-2024-21231.md @@ -0,0 +1,17 @@ +### [CVE-2024-21231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21231) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20low%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20partial%20denial%20of%20service%20(partial%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21236.md b/2024/CVE-2024-21236.md new file mode 100644 index 0000000000..dd6b34e2b7 --- /dev/null +++ b/2024/CVE-2024-21236.md @@ -0,0 +1,17 @@ +### [CVE-2024-21236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21236) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21237.md b/2024/CVE-2024-21237.md new file mode 100644 index 0000000000..43e4816aa5 --- /dev/null +++ b/2024/CVE-2024-21237.md @@ -0,0 +1,17 @@ +### [CVE-2024-21237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21237) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20partial%20denial%20of%20service%20(partial%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21239.md b/2024/CVE-2024-21239.md new file mode 100644 index 0000000000..3e2239b3ce --- /dev/null +++ b/2024/CVE-2024-21239.md @@ -0,0 +1,17 @@ +### [CVE-2024-21239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21239) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21241.md b/2024/CVE-2024-21241.md new file mode 100644 index 0000000000..716273118c --- /dev/null +++ b/2024/CVE-2024-21241.md @@ -0,0 +1,17 @@ +### [CVE-2024-21241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21241) +![](https://img.shields.io/static/v1?label=Product&message=MySQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%208.0.39%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20multiple%20protocols%20to%20compromise%20MySQL%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20hang%20or%20frequently%20repeatable%20crash%20(complete%20DOS)%20of%20MySQL%20Server.&color=brighgreen) + +### Description + +Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-21287.md b/2024/CVE-2024-21287.md new file mode 100644 index 0000000000..3a63727547 --- /dev/null +++ b/2024/CVE-2024-21287.md @@ -0,0 +1,18 @@ +### [CVE-2024-21287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21287) +![](https://img.shields.io/static/v1?label=Product&message=Oracle%20Agile%20PLM%20Framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20Agile%20PLM%20Framework.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20Agile%20PLM%20Framework%20accessible%20data.&color=brighgreen) + +### Description + +Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-21302.md b/2024/CVE-2024-21302.md index 6c8679a170..ce8b1d8dc6 100644 --- a/2024/CVE-2024-21302.md +++ b/2024/CVE-2024-21302.md @@ -30,7 +30,7 @@ ### Description -Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this... +Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.Update: August 13, 2024Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562.Details:A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.Microsoft is developing a security... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302 ### POC @@ -38,5 +38,6 @@ Summary:Microsoft was notified that an elevation of privilege vulnerability exis No PoCs from references. #### Github +- https://github.com/RaphaelEjike/Mitigating_CVEs - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21305.md b/2024/CVE-2024-21305.md index 0300e49e51..e7644a96e3 100644 --- a/2024/CVE-2024-21305.md +++ b/2024/CVE-2024-21305.md @@ -30,7 +30,10 @@ Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/NaInSec/CVE-LIST +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tandasat/CVE-2024-21305 diff --git a/2024/CVE-2024-21306.md b/2024/CVE-2024-21306.md index 4e49ac1353..cacf01e040 100644 --- a/2024/CVE-2024-21306.md +++ b/2024/CVE-2024-21306.md @@ -26,6 +26,8 @@ Microsoft Bluetooth Driver Spoofing Vulnerability No PoCs from references. #### Github +- https://github.com/CerberusMrX/Advanced-Bluetooth-Penetration-Testing-Tool +- https://github.com/Danyw24/blueXploit - https://github.com/NaInSec/CVE-LIST - https://github.com/PhucHauDeveloper/BadBlue - https://github.com/PhucHauDeveloper/BadbBlue @@ -35,4 +37,5 @@ No PoCs from references. - https://github.com/marcnewlin/hi_my_name_is_keyboard - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/shirin-ehtiram/hi_my_name_is_keyboard +- https://github.com/xG3nesis/RustyInjector diff --git a/2024/CVE-2024-21310.md b/2024/CVE-2024-21310.md index 842aff215f..912cfb0a66 100644 --- a/2024/CVE-2024-21310.md +++ b/2024/CVE-2024-21310.md @@ -30,6 +30,9 @@ Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/NaInSec/CVE-LIST +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21319.md b/2024/CVE-2024-21319.md index 2f0203ae76..057adff10b 100644 --- a/2024/CVE-2024-21319.md +++ b/2024/CVE-2024-21319.md @@ -35,6 +35,8 @@ No PoCs from references. #### Github - https://github.com/Finbuckle/Finbuckle.MultiTenant +- https://github.com/Invoices-Manager/Invoices-Manager-API - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21320.md b/2024/CVE-2024-21320.md index 3b0ee105da..b4a0cc5d61 100644 --- a/2024/CVE-2024-21320.md +++ b/2024/CVE-2024-21320.md @@ -42,5 +42,7 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/sxyrxyy/CVE-2024-21320-POC - https://github.com/tomerpeled92/CVE +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-21338.md b/2024/CVE-2024-21338.md index 5c44e66f78..578a6f0690 100644 --- a/2024/CVE-2024-21338.md +++ b/2024/CVE-2024-21338.md @@ -31,19 +31,33 @@ Windows Kernel Elevation of Privilege Vulnerability #### Github - https://github.com/0xMarcio/cve +- https://github.com/Andromeda254/cve +- https://github.com/BlackTom900131/awesome-game-security +- https://github.com/CHDevSec/RedPhaton +- https://github.com/Crowdfense/CVE-2024-21338 - https://github.com/GhostTroops/TOP - https://github.com/UMU618/CVE-2024-21338 +- https://github.com/WindowsGuy-code/Windows11-Kernel-Rootkit - https://github.com/Zombie-Kaiser/CVE-2024-21338-x64-build- - https://github.com/Zombie-Kaiser/Zombie-Kaiser - https://github.com/aneasystone/github-trending - https://github.com/crackmapEZec/CVE-2024-21338-POC - https://github.com/fireinrain/github-trending - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ghostbyt3/WinDriver-EXP +- https://github.com/giriaryan694-a11y/exposed-win-zero-days +- https://github.com/gmh5225/awesome-game-security - https://github.com/gogobuster/CVE-2024-21338-POC +- https://github.com/hackyboiz/kcfg-bypass - https://github.com/hakaioffsec/CVE-2024-21338 - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/trevor0106/game-security - https://github.com/tykawaii98/CVE-2024-21338_PoC +- https://github.com/tylzars/awesome-vrre-writeups - https://github.com/varwara/CVE-2024-21338 +- https://github.com/wusijie/CVE-2024-21338-1 +- https://github.com/ycdxsb/WindowsPrivilegeEscalation +- https://github.com/youcannotseemeagain/ele diff --git a/2024/CVE-2024-21345.md b/2024/CVE-2024-21345.md index 9f91b2e4ce..5f12ec4ee0 100644 --- a/2024/CVE-2024-21345.md +++ b/2024/CVE-2024-21345.md @@ -23,4 +23,5 @@ No PoCs from references. - https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-21386.md b/2024/CVE-2024-21386.md index ed540aae14..766c5a71c9 100644 --- a/2024/CVE-2024-21386.md +++ b/2024/CVE-2024-21386.md @@ -24,4 +24,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21403.md b/2024/CVE-2024-21403.md new file mode 100644 index 0000000000..0ad23ca39a --- /dev/null +++ b/2024/CVE-2024-21403.md @@ -0,0 +1,17 @@ +### [CVE-2024-21403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21403) +![](https://img.shields.io/static/v1?label=Product&message=Azure%20Kubernetes%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%200.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%3A%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) + +### Description + +Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/rajtalukder159/CyberSecurity-Project + diff --git a/2024/CVE-2024-21409.md b/2024/CVE-2024-21409.md new file mode 100644 index 0000000000..7104b41a9f --- /dev/null +++ b/2024/CVE-2024-21409.md @@ -0,0 +1,44 @@ +### [CVE-2024-21409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21409) +![](https://img.shields.io/static/v1?label=Product&message=.NET%206.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=.NET%207.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=.NET%208.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.7.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.8.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6.2%2F4.7%2F4.7.1%2F4.7.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%208.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.0%3C%2017.9.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.4.0%3C%2017.4.18%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.7.0%3C%204.7.4092.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.8.0%3C%204.8.4718.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.8.1%3C%204.8.9236.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.29%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.0.0%3C%207.0.18%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%207.2.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.3.0%3C%207.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%207.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vkairy/cve-2024-21409-repro + diff --git a/2024/CVE-2024-21412.md b/2024/CVE-2024-21412.md index 9d62fcb75c..fd2f8f2fb7 100644 --- a/2024/CVE-2024-21412.md +++ b/2024/CVE-2024-21412.md @@ -34,6 +34,8 @@ No PoCs from references. - https://github.com/GarethPullen/Powershell-Scripts - https://github.com/Sploitus/CVE-2024-29988-exploit - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/hackermexico/chacal +- https://github.com/ishwardeepp/CVE-2025-0411-MoTW-PoC - https://github.com/lsr00ter/CVE-2024-21412_Water-Hydra - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/wr00t/CVE-2024-21412_Water-Hydra diff --git a/2024/CVE-2024-21413.md b/2024/CVE-2024-21413.md index d267a04f12..11f4a601a9 100644 --- a/2024/CVE-2024-21413.md +++ b/2024/CVE-2024-21413.md @@ -19,38 +19,98 @@ Microsoft Outlook Remote Code Execution Vulnerability #### Github - https://github.com/0xMarcio/cve +- https://github.com/0xfke/500-free-TryHackMe-rooms +- https://github.com/5thphlame/Free-Rooms-TryHackMe +- https://github.com/ARESHAmohanad/THM +- https://github.com/ARESHAmohanad/tryhackme - https://github.com/Aijoo100/Aijoo100 +- https://github.com/Andromeda254/cve +- https://github.com/Anomaly-8/ZPOZAS_lab2 +- https://github.com/ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413 - https://github.com/BEPb/tryhackme +- https://github.com/BP-Eineir/tryhackme-progress +- https://github.com/CHDevSec/RedPhaton - https://github.com/CMNatic/CVE-2024-21413 +- https://github.com/Cyber-Trambon/CVE-2024-21413-exploit +- https://github.com/D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB +- https://github.com/D1se0/D1se0 - https://github.com/DevAkabari/CVE-2024-21413 +- https://github.com/Dh4v4l8/TRYHACKME-ROOMS +- https://github.com/FirikiIntelligence/Courses - https://github.com/GhostTroops/TOP +- https://github.com/GuiMatosInfra/explorer2sectool +- https://github.com/HaroldFinchIFT/vuln-nist-mcp-server +- https://github.com/Hunterdii/TryHackMe-Roadmap +- https://github.com/MQKGitHub/Exploitation-Basics +- https://github.com/MQKGitHub/Moniker-Link-CVE-2024-21413 - https://github.com/MSeymenD/CVE-2024-21413 +- https://github.com/ManasR21/TryHackMe - https://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability +- https://github.com/MinLouisCyber/500-free-TryHackMe-rooms - https://github.com/Ostorlab/KEV +- https://github.com/PanagiotisNitis/TryHackMe-Jr-PenTest +- https://github.com/PolarisXSec/CVE-2024-21413 +- https://github.com/PuddinCat/GithubRepoSpider +- https://github.com/R0B0GAMEIR/Try-Hack-Me-Journal +- https://github.com/Redfox-Security/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape +- https://github.com/Sarath-S-cyber/Cybersecurity-101-TryHackme-Lab +- https://github.com/Shayanschakravarthy/tryhackme-free-rooms +- https://github.com/Shinbatsu/tryhackme-awesome +- https://github.com/ShubhamKanhere307/CVE-2024-21413 +- https://github.com/ThemeHackers/CVE-2024-21413 - https://github.com/Threekiii/CVE - https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit +- https://github.com/Yassinehadri/HTB-Mailing-Writeup-Walkthrough +- https://github.com/YuchaoZheng88/HTB-prepare - https://github.com/ZonghaoLi777/githubTrending +- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database - https://github.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability +- https://github.com/alaamjadi/TryHackMe-Workspace - https://github.com/aneasystone/github-trending - https://github.com/bkzk/cisco-email-filters +- https://github.com/colinlyons29/redteam-walkthroughs +- https://github.com/cr7799/tryhackme-roadmap +- https://github.com/dasarivarunreddy/free-rooms-tryhackme - https://github.com/dshabani96/CVE-2024-21413 - https://github.com/duy-31/CVE-2024-21413 - https://github.com/eddmen2812/lab_hacking +- https://github.com/edwinantony1995/Tryhackme - https://github.com/fireinrain/github-trending +- https://github.com/ganbuan/VulnerabilityNotes - https://github.com/hktalent/bug-bounty - https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending - https://github.com/josephalan42/CTFs-Infosec-Witeups +- https://github.com/krazystar55/tryhackme - https://github.com/labesterOct/CVE-2024-21413 - https://github.com/madret/KQL +- https://github.com/marThing/TryHackMe-Cybersecurity-101-Path +- https://github.com/md-hisyam/md-hisyam +- https://github.com/nanasarpong024/tryhackme +- https://github.com/nnay13/SploitScan - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ochysbliss/My-Tryhackme- +- https://github.com/olebris/CVE-2024-21413 +- https://github.com/omeatai/SECURITY-LABS-IFEANYI +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT +- https://github.com/pentestfunctions/thm-room-points +- https://github.com/pkieszek/TryHackMe-CTFs +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/r00tb1t/CVE-2024-21413-POC +- https://github.com/saba-gere/moniker-link - https://github.com/sampsonv/github-trending - https://github.com/securitycipher/daily-bugbounty-writeups +- https://github.com/spamegg1/tryhackme +- https://github.com/strikoder/oscp-toolkit - https://github.com/tanjiti/sec_profile - https://github.com/th3Hellion/CVE-2024-21413 +- https://github.com/thmrevenant/tryhackme - https://github.com/tib36/PhishingBook - https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability - https://github.com/xaitax/SploitScan +- https://github.com/yass2400012/Email-exploit-Moniker-Link-CVE-2024-21413- +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoxiaoha/github-trending +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-21431.md b/2024/CVE-2024-21431.md index 66e5e19b0d..d531ca93a3 100644 --- a/2024/CVE-2024-21431.md +++ b/2024/CVE-2024-21431.md @@ -27,4 +27,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/pawan-shivarkar/List-of-CVE-s- diff --git a/2024/CVE-2024-21447.md b/2024/CVE-2024-21447.md index d53f2d3e52..17e9672a28 100644 --- a/2024/CVE-2024-21447.md +++ b/2024/CVE-2024-21447.md @@ -28,4 +28,5 @@ No PoCs from references. #### Github - https://github.com/Wh04m1001/UserManagerEoP - https://github.com/Wh04m1001/UserManager_Read +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-21455.md b/2024/CVE-2024-21455.md new file mode 100644 index 0000000000..445fd41f03 --- /dev/null +++ b/2024/CVE-2024-21455.md @@ -0,0 +1,17 @@ +### [CVE-2024-21455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21455) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20QAM8295P%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-822%20Untrusted%20Pointer%20Dereference&color=brighgreen) + +### Description + +Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-21483.md b/2024/CVE-2024-21483.md index 8223b05a89..b4d0bb71ef 100644 --- a/2024/CVE-2024-21483.md +++ b/2024/CVE-2024-21483.md @@ -3,12 +3,12 @@ ![](https://img.shields.io/static/v1?label=Product&message=SENTRON%207KM%20PAC3120%20DC&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SENTRON%207KM%20PAC3220%20AC%2FDC&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SENTRON%207KM%20PAC3220%20DC&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=V3.2.3%3C%20V3.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=V3.2.3%3C%20V3.2.4%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) ### Description -A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. +A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. ### POC diff --git a/2024/CVE-2024-21489.md b/2024/CVE-2024-21489.md new file mode 100644 index 0000000000..ac344d3202 --- /dev/null +++ b/2024/CVE-2024-21489.md @@ -0,0 +1,17 @@ +### [CVE-2024-21489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21489) +![](https://img.shields.io/static/v1?label=Product&message=uplot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.31%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Prototype%20Pollution&color=brighgreen) + +### Description + +Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-UPLOT-6209224 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21490.md b/2024/CVE-2024-21490.md index 3796d3308e..4dad96f225 100644 --- a/2024/CVE-2024-21490.md +++ b/2024/CVE-2024-21490.md @@ -18,6 +18,7 @@ This affects versions of the package angular from 1.3.0. A regular expression us - https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS #### Github +- https://github.com/eleni1029/250714_Weakness_Scan - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/patrikx3/redis-ui diff --git a/2024/CVE-2024-21503.md b/2024/CVE-2024-21503.md index 07e8c2c20b..a4b3389c24 100644 --- a/2024/CVE-2024-21503.md +++ b/2024/CVE-2024-21503.md @@ -14,5 +14,6 @@ Versions of the package black before 24.3.0 are vulnerable to Regular Expression #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/dreammusic2011/selenium-python-framework - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21505.md b/2024/CVE-2024-21505.md index be237606d0..b9e5320f37 100644 --- a/2024/CVE-2024-21505.md +++ b/2024/CVE-2024-21505.md @@ -14,4 +14,5 @@ Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Poll #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21506.md b/2024/CVE-2024-21506.md index b1c5859c4a..eab526980f 100644 --- a/2024/CVE-2024-21506.md +++ b/2024/CVE-2024-21506.md @@ -15,4 +15,5 @@ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21510.md b/2024/CVE-2024-21510.md new file mode 100644 index 0000000000..5ec4c8859c --- /dev/null +++ b/2024/CVE-2024-21510.md @@ -0,0 +1,17 @@ +### [CVE-2024-21510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21510) +![](https://img.shields.io/static/v1?label=Product&message=sinatra&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Reliance%20on%20Untrusted%20Inputs%20in%20a%20Security%20Decision&color=brighgreen) + +### Description + +Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-RUBY-SINATRA-6483832 + +#### Github +- https://github.com/dasch/avro_turf + diff --git a/2024/CVE-2024-21512.md b/2024/CVE-2024-21512.md index 5c67fc4590..8276bbe81c 100644 --- a/2024/CVE-2024-21512.md +++ b/2024/CVE-2024-21512.md @@ -16,6 +16,23 @@ Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollutio - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580 #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-21513.md b/2024/CVE-2024-21513.md index d369e64e86..5bc6e25bc6 100644 --- a/2024/CVE-2024-21513.md +++ b/2024/CVE-2024-21513.md @@ -13,5 +13,8 @@ Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are - https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAINEXPERIMENTAL-7278171 #### Github -No PoCs found on GitHub currently. +- https://github.com/Kwaai-AI-Lab/OpenAI-Petal +- https://github.com/SavageSanta11/Reproduce-CVE-2024-21513 +- https://github.com/nskath/CVE-2024-21513 +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-21516.md b/2024/CVE-2024-21516.md index 49db3f85c7..5b0332f23d 100644 --- a/2024/CVE-2024-21516.md +++ b/2024/CVE-2024-21516.md @@ -1,11 +1,11 @@ ### [CVE-2024-21516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21516) ![](https://img.shields.io/static/v1?label=Product&message=opencart%2Fopencart&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=4.0.0.0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.0.0.0%3C%204.1.0.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Reflected%20Cross-site%20Scripting&color=brighgreen) ### Description -This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality. **Notes:** 1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it. 2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already. +This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login and redirected again upon authentication with the payload automatically executing. If the attacked user has admin privileges, this vulnerability could be used as the start of a chain of exploits like Zip Slip or arbitrary file write vulnerabilities in the admin functionality. **Notes:** 1) This is only exploitable if the attacker knows the name or path of the admin directory. The name of the directory is "admin" by default but there is a pop-up in the dashboard warning users to rename it. 2) The fix for this vulnerability is incomplete. The redirect is removed so that it is not possible for an attacker to control the redirect post admin login anymore, but it is still possible to exploit this issue in admin if the user is authenticated as an admin already. ### POC diff --git a/2024/CVE-2024-21528.md b/2024/CVE-2024-21528.md new file mode 100644 index 0000000000..8622849c95 --- /dev/null +++ b/2024/CVE-2024-21528.md @@ -0,0 +1,17 @@ +### [CVE-2024-21528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21528) +![](https://img.shields.io/static/v1?label=Product&message=node-gettext&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Prototype%20Pollution&color=brighgreen) + +### Description + +All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-NODEGETTEXT-6100943 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21529.md b/2024/CVE-2024-21529.md new file mode 100644 index 0000000000..71903c2ccd --- /dev/null +++ b/2024/CVE-2024-21529.md @@ -0,0 +1,17 @@ +### [CVE-2024-21529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21529) +![](https://img.shields.io/static/v1?label=Product&message=dset&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Prototype%20Pollution&color=brighgreen) + +### Description + +Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-DSET-7116691 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21530.md b/2024/CVE-2024-21530.md new file mode 100644 index 0000000000..328901347a --- /dev/null +++ b/2024/CVE-2024-21530.md @@ -0,0 +1,17 @@ +### [CVE-2024-21530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21530) +![](https://img.shields.io/static/v1?label=Product&message=cocoon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Reusing%20a%20Nonce%2C%20Key%20Pair%20in%20Encryption&color=brighgreen) + +### Description + +Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-RUST-COCOON-6028364 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21531.md b/2024/CVE-2024-21531.md new file mode 100644 index 0000000000..0e0de0f79c --- /dev/null +++ b/2024/CVE-2024-21531.md @@ -0,0 +1,17 @@ +### [CVE-2024-21531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21531) +![](https://img.shields.io/static/v1?label=Product&message=git-shallow-clone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20injection&color=brighgreen) + +### Description + +All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-GITSHALLOWCLONE-3253853 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21532.md b/2024/CVE-2024-21532.md new file mode 100644 index 0000000000..49056464d3 --- /dev/null +++ b/2024/CVE-2024-21532.md @@ -0,0 +1,19 @@ +### [CVE-2024-21532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21532) +![](https://img.shields.io/static/v1?label=Product&message=ggit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Injection&color=brighgreen) + +### Description + +All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-GGIT-5731320 + +#### Github +- https://github.com/lirantal/CVE-2024-21532-PoC-ggit +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-21533.md b/2024/CVE-2024-21533.md new file mode 100644 index 0000000000..f38c479c45 --- /dev/null +++ b/2024/CVE-2024-21533.md @@ -0,0 +1,19 @@ +### [CVE-2024-21533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21533) +![](https://img.shields.io/static/v1?label=Product&message=ggit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20Argument%20Injection&color=brighgreen) + +### Description + +All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-GGIT-5731319 + +#### Github +- https://github.com/lirantal/CVE-2024-21533-PoC-ggit +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-21534.md b/2024/CVE-2024-21534.md new file mode 100644 index 0000000000..1a67f34650 --- /dev/null +++ b/2024/CVE-2024-21534.md @@ -0,0 +1,25 @@ +### [CVE-2024-21534](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21534) +![](https://img.shields.io/static/v1?label=Product&message=jsonpath-plus&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=org.webjars.npm%3Ajsonpath-plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen) + +### Description + +All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226). + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019 +- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884 + +#### Github +- https://github.com/EQSTLab/CVE-2025-1302 +- https://github.com/XiaomingX/cve-2024-21534-poc +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pabloopez/CVE-2024-21534 +- https://github.com/verylazytech/cve-2024-21534 +- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024 +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-21535.md b/2024/CVE-2024-21535.md new file mode 100644 index 0000000000..c2fb0dc189 --- /dev/null +++ b/2024/CVE-2024-21535.md @@ -0,0 +1,17 @@ +### [CVE-2024-21535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21535) +![](https://img.shields.io/static/v1?label=Product&message=markdown-to-jsx&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21536.md b/2024/CVE-2024-21536.md new file mode 100644 index 0000000000..bec174c99e --- /dev/null +++ b/2024/CVE-2024-21536.md @@ -0,0 +1,17 @@ +### [CVE-2024-21536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21536) +![](https://img.shields.io/static/v1?label=Product&message=http-proxy-middleware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) + +### Description + +Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21537.md b/2024/CVE-2024-21537.md new file mode 100644 index 0000000000..ed08df6cf8 --- /dev/null +++ b/2024/CVE-2024-21537.md @@ -0,0 +1,17 @@ +### [CVE-2024-21537](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21537) +![](https://img.shields.io/static/v1?label=Product&message=lilconfig&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.1.0%3C%203.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20Code%20Execution&color=brighgreen) + +### Description + +Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-LILCONFIG-6263789 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21538.md b/2024/CVE-2024-21538.md new file mode 100644 index 0000000000..ffbae52be6 --- /dev/null +++ b/2024/CVE-2024-21538.md @@ -0,0 +1,42 @@ +### [CVE-2024-21538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21538) +![](https://img.shields.io/static/v1?label=Product&message=cross-spawn&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=org.webjars.npm%3Across-spawn&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Regular%20Expression%20Denial%20of%20Service%20(ReDoS)&color=brighgreen) + +### Description + +Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349 +- https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 + +#### Github +- https://github.com/233063/task-tracker-ci +- https://github.com/FezanMuhammadAli/trivy-devops-project +- https://github.com/Goroza7/Devops-Final +- https://github.com/GrzemoTLM/zadanie1_pawcho +- https://github.com/HB313/WIK-DPS-TP02 +- https://github.com/Kirill552/esg-lite +- https://github.com/MichuMGW/PAwChO_Zadanie_1 +- https://github.com/MichuMGW/PAwChO_Zadanie_2 +- https://github.com/PRom03/z1-docker- +- https://github.com/ReDSE-ISSTA2025/ReDSE +- https://github.com/Rishi5520/simplenodapp +- https://github.com/RodrigoLeee/Seguranca-iot-sala +- https://github.com/Telooss/TP-WIK-DPS-TP02 +- https://github.com/XiaomingX/weekly +- https://github.com/alicja82/zadanie2 +- https://github.com/anuaimi/dependabot-scanner +- https://github.com/cfvalenzuela-vidal/safenotes +- https://github.com/gecaa1/Zadanie2 +- https://github.com/hugomyb/tp-veille-docker +- https://github.com/krisinfosec/slowest_cve_aggregator +- https://github.com/priyanshijat/nodejs-demo +- https://github.com/rahulry26/secure-microservice +- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024 + diff --git a/2024/CVE-2024-21539.md b/2024/CVE-2024-21539.md new file mode 100644 index 0000000000..81696a74bf --- /dev/null +++ b/2024/CVE-2024-21539.md @@ -0,0 +1,17 @@ +### [CVE-2024-21539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21539) +![](https://img.shields.io/static/v1?label=Product&message=%40eslint%2Fplugin-kit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Regular%20Expression%20Denial%20of%20Service%20(ReDoS)&color=brighgreen) + +### Description + +Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-ESLINTPLUGINKIT-8340627 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21541.md b/2024/CVE-2024-21541.md new file mode 100644 index 0000000000..0bbdb0f033 --- /dev/null +++ b/2024/CVE-2024-21541.md @@ -0,0 +1,20 @@ +### [CVE-2024-21541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21541) +![](https://img.shields.io/static/v1?label=Product&message=dom-iterator&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=org.webjars.npm%3Adom-iterator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20Code%20Execution&color=brighgreen) + +### Description + +Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166 +- https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21542.md b/2024/CVE-2024-21542.md new file mode 100644 index 0000000000..a0990f046e --- /dev/null +++ b/2024/CVE-2024-21542.md @@ -0,0 +1,17 @@ +### [CVE-2024-21542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21542) +![](https://img.shields.io/static/v1?label=Product&message=luigi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20File%20Write%20via%20Archive%20Extraction%20(Zip%20Slip)&color=brighgreen) + +### Description + +Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PYTHON-LUIGI-7830489 + +#### Github +- https://github.com/L3ster1337/Poc-CVE-2024-21542 + diff --git a/2024/CVE-2024-21543.md b/2024/CVE-2024-21543.md new file mode 100644 index 0000000000..9dc997e7a6 --- /dev/null +++ b/2024/CVE-2024-21543.md @@ -0,0 +1,17 @@ +### [CVE-2024-21543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21543) +![](https://img.shields.io/static/v1?label=Product&message=djoser&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authentication%20Bypass&color=brighgreen) + +### Description + +Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21544.md b/2024/CVE-2024-21544.md new file mode 100644 index 0000000000..f9034403e5 --- /dev/null +++ b/2024/CVE-2024-21544.md @@ -0,0 +1,17 @@ +### [CVE-2024-21544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21544) +![](https://img.shields.io/static/v1?label=Product&message=spatie%2Fbrowsershot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation&color=brighgreen) + +### Description + +Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21546.md b/2024/CVE-2024-21546.md new file mode 100644 index 0000000000..36f4ed0d8e --- /dev/null +++ b/2024/CVE-2024-21546.md @@ -0,0 +1,18 @@ +### [CVE-2024-21546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21546) +![](https://img.shields.io/static/v1?label=Product&message=unisharp%2Flaravel-filemanager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen) + +### Description + +Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-7210316 + +#### Github +- https://github.com/ajdumanhug/CVE-2024-21546 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-21547.md b/2024/CVE-2024-21547.md new file mode 100644 index 0000000000..d8952dfd3a --- /dev/null +++ b/2024/CVE-2024-21547.md @@ -0,0 +1,17 @@ +### [CVE-2024-21547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21547) +![](https://img.shields.io/static/v1?label=Product&message=spatie%2Fbrowsershot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Directory%20Traversal&color=brighgreen) + +### Description + +Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8501858 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21548.md b/2024/CVE-2024-21548.md new file mode 100644 index 0000000000..11ac268659 --- /dev/null +++ b/2024/CVE-2024-21548.md @@ -0,0 +1,17 @@ +### [CVE-2024-21548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21548) +![](https://img.shields.io/static/v1?label=Product&message=bun&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Prototype%20Pollution&color=brighgreen) + +### Description + +Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-BUN-8499549 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21549.md b/2024/CVE-2024-21549.md new file mode 100644 index 0000000000..30ca615d1e --- /dev/null +++ b/2024/CVE-2024-21549.md @@ -0,0 +1,17 @@ +### [CVE-2024-21549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21549) +![](https://img.shields.io/static/v1?label=Product&message=spatie%2Fbrowsershot&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation&color=brighgreen) + +### Description + +Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745). + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21591.md b/2024/CVE-2024-21591.md new file mode 100644 index 0000000000..004e79fc94 --- /dev/null +++ b/2024/CVE-2024-21591.md @@ -0,0 +1,17 @@ +### [CVE-2024-21591](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21591) +![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2020.4R3-S9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device.This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/andsopwn/LXC-Threat-API-Mapping + diff --git a/2024/CVE-2024-21610.md b/2024/CVE-2024-21610.md index 8ab00be00b..213f5032d6 100644 --- a/2024/CVE-2024-21610.md +++ b/2024/CVE-2024-21610.md @@ -2,11 +2,10 @@ ![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%2020.4R3-S9%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-755%20Improper%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) ### Description -An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.Stuck mgd processes can be monitored by executing the following command:  user@host> show system processes extensive | match mgd | match sbwaitThis issue affects Juniper Networks Junos OS on MX Series:All versions earlier than 20.4R3-S9;21.2 versions earlier than 21.2R3-S7;21.3 versions earlier than 21.3R3-S5;21.4 versions earlier than 21.4R3-S5;22.1 versions earlier than 22.1R3-S4;22.2 versions earlier than 22.2R3-S3;22.3 versions earlier than 22.3R3-S2;22.4 versions earlier than 22.4R3;23.2 versions earlier than 23.2R1-S2, 23.2R2. +An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).In a scaled CoS scenario with 1000s of interfaces, when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached, new sessions can't be established anymore. A similar behavior will be seen for telnet etc.Stuck mgd processes can be monitored by executing the following command:  user@host> show system processes extensive | match mgd | match sbwaitThis issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. ### POC diff --git a/2024/CVE-2024-21626.md b/2024/CVE-2024-21626.md index 7d64792f99..d373012998 100644 --- a/2024/CVE-2024-21626.md +++ b/2024/CVE-2024-21626.md @@ -15,22 +15,33 @@ runc is a CLI tool for spawning and running containers on Linux according to the #### Github - https://github.com/20142995/sectool +- https://github.com/AMH-glitch/CHWA-LB-IDSDATASET +- https://github.com/DrAmmarMoustafa/CHASE-LB-Container-IDS-Dataset - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/FlojBoj/CVE-2024-21626 - https://github.com/GhostTroops/TOP - https://github.com/KubernetesBachelor/CVE-2024-21626 +- https://github.com/Maissacrement/cyber_sec_master_spv +- https://github.com/Metarget/metarget - https://github.com/NitroCao/CVE-2024-21626 - https://github.com/R3DRUN3/R3DRUN3 +- https://github.com/R4mbb/CVE-2024-21626-PoC - https://github.com/Sk3pper/CVE-2024-21626 +- https://github.com/Sk3pper/CVE-2024-21626-old-docker-versions - https://github.com/SrcVme50/Runner - https://github.com/Threekiii/CVE - https://github.com/V0WKeep3r/CVE-2024-21626-runcPOC - https://github.com/Wall1e/CVE-2024-21626-POC - https://github.com/abian2/CVE-2024-21626 +- https://github.com/adaammmeeee/little-joke - https://github.com/alban/runc-vuln-detector - https://github.com/alban/runc-vuln-gadget - https://github.com/aneasystone/github-trending +- https://github.com/anik-chy/Final-project-6130 - https://github.com/bfengj/Cloud-Security - https://github.com/cdxiaodong/CVE-2024-21626 +- https://github.com/chrisregy23/A-Comprehensive-Approach-to-Container-Security +- https://github.com/chrisregy23/Container-Security - https://github.com/dorser/cve-2024-21626 - https://github.com/ecomtech-oss/pisc - https://github.com/fireinrain/github-trending @@ -41,8 +52,11 @@ runc is a CLI tool for spawning and running containers on Linux according to the - https://github.com/laysakura/CVE-2024-21626-demo - https://github.com/laysakura/resume-jp - https://github.com/mightysai1997/leaky-vessels-dynamic-detector +- https://github.com/mmedhat1910/masters-testing-apps +- https://github.com/nclsbayona/leaky-vessels - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/opencontainers-sec/go-containersec +- https://github.com/rpinuaga/atomic-container - https://github.com/samokat-oss/pisc - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/snyk/leaky-vessels-dynamic-detector @@ -52,6 +66,8 @@ runc is a CLI tool for spawning and running containers on Linux according to the - https://github.com/tanjiti/sec_profile - https://github.com/tarihub/offlinepost - https://github.com/zhangguanzhang/CVE-2024-21626 +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoolee/garss - https://github.com/zpxlz/CVE-2024-21626-POC +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-21650.md b/2024/CVE-2024-21650.md index a45c18c29b..2ae5aed31a 100644 --- a/2024/CVE-2024-21650.md +++ b/2024/CVE-2024-21650.md @@ -13,5 +13,6 @@ XWiki Platform is a generic wiki platform offering runtime services for applicat No PoCs from references. #### Github +- https://github.com/felixsta/Using_CVSS - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2166.md b/2024/CVE-2024-2166.md new file mode 100644 index 0000000000..5f2c0be089 --- /dev/null +++ b/2024/CVE-2024-2166.md @@ -0,0 +1,17 @@ +### [CVE-2024-2166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2166) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Security&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/felixsta/Using_CVSS + diff --git a/2024/CVE-2024-21683.md b/2024/CVE-2024-21683.md index b5754dfedb..a8cc395a71 100644 --- a/2024/CVE-2024-21683.md +++ b/2024/CVE-2024-21683.md @@ -13,20 +13,39 @@ This High severity RCE (Remote Code Execution) vulnerability was introduced in v No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC - https://github.com/Arbeys/CVE-2024-21683-PoC +- https://github.com/DMW11525708/wiki - https://github.com/GhostTroops/TOP +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Threekiii/CVE - https://github.com/W01fh4cker/CVE-2024-21683-RCE +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/cve-2024-21683-rce +- https://github.com/Yuan08o/pocs - https://github.com/ZonghaoLi777/githubTrending - https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/aneasystone/github-trending +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote - https://github.com/fireinrain/github-trending +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hsvhora/research_blogs - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC - https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/phucrio/CVE-2024-21683-RCE - https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server - https://github.com/sampsonv/github-trending diff --git a/2024/CVE-2024-21689.md b/2024/CVE-2024-21689.md index 29fb152da2..2ff7de5cef 100644 --- a/2024/CVE-2024-21689.md +++ b/2024/CVE-2024-21689.md @@ -14,5 +14,7 @@ This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689  wa No PoCs from references. #### Github +- https://github.com/Threekiii/CVE - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/salvadornakamura/CVE-2024-21689 diff --git a/2024/CVE-2024-2169.md b/2024/CVE-2024-2169.md index bdccd5197c..93abe73bf7 100644 --- a/2024/CVE-2024-2169.md +++ b/2024/CVE-2024-2169.md @@ -21,4 +21,5 @@ Implementations of UDP application protocol are vulnerable to network loops. A - https://github.com/NaInSec/CVE-LIST - https://github.com/douglasbuzatto/G3-Loop-DoS - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/renancesarr/G3-Loop-DoS diff --git a/2024/CVE-2024-21733.md b/2024/CVE-2024-21733.md index b520428428..1054a84990 100644 --- a/2024/CVE-2024-21733.md +++ b/2024/CVE-2024-21733.md @@ -13,14 +13,34 @@ Generation of Error Message Containing Sensitive Information vulnerability in Ap - http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC - https://github.com/1N3/1N3 +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/LtmThink/CVE-2024-21733 - https://github.com/Marco-zcl/POC - https://github.com/Ostorlab/KEV +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/qiuluo-oss/Tiger - https://github.com/tanjiti/sec_profile +- https://github.com/turn1tup/Writings - https://github.com/versio-io/product-lifecycle-security-api - https://github.com/wjlin0/poc-doc +- https://github.com/wm-team/WMCTF-2024 - https://github.com/wy876/POC diff --git a/2024/CVE-2024-21742.md b/2024/CVE-2024-21742.md index ec8dcc7b5d..dfc4cefd90 100644 --- a/2024/CVE-2024-21742.md +++ b/2024/CVE-2024-21742.md @@ -1,7 +1,7 @@ ### [CVE-2024-21742](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21742) ![](https://img.shields.io/static/v1?label=Product&message=Apache%20James%20Mime4J&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%200.8.9%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-21754.md b/2024/CVE-2024-21754.md index 99da9c798e..d072966be6 100644 --- a/2024/CVE-2024-21754.md +++ b/2024/CVE-2024-21754.md @@ -15,5 +15,7 @@ A use of password hash with insufficient computational effort vulnerability [CWE No PoCs from references. #### Github +- https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-21762.md b/2024/CVE-2024-21762.md index b911cc588b..5db63deb19 100644 --- a/2024/CVE-2024-21762.md +++ b/2024/CVE-2024-21762.md @@ -14,37 +14,64 @@ A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 th No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve +- https://github.com/0xor0ne/awesome-list +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC - https://github.com/AlexLondan/CVE-2024-21762-Fortinet-RCE-ALLWORK - https://github.com/BetterCzz/CVE-2024-20291-POC - https://github.com/BishopFox/cve-2024-21762-check - https://github.com/CERT-Polska/Artemis-modules-extra - https://github.com/Codeb3af/Cve-2024-21762- +- https://github.com/DMW11525708/wiki - https://github.com/Gh71m/CVE-2024-21762-POC - https://github.com/GhostTroops/TOP - https://github.com/Instructor-Team8/CVE-2024-20291-POC +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/JohnHormond/CVE-2024-21762-Fortinet-RCE-WORK - https://github.com/KaitaoQiu/security_llm +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/MrCyberSec/CVE-2024-21762-Fortinet-RCE-ALLWORK - https://github.com/Ostorlab/KEV - https://github.com/RequestXss/CVE-2024-21762-Exploit-POC - https://github.com/S0SkiPlosK1/CVE-2024-21762-POC +- https://github.com/Sincan2/fortinet - https://github.com/TheRedDevil1/CVE-2024-21762 +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/cve-2024-21762-poc +- https://github.com/Yuan08o/pocs +- https://github.com/abrewer251/CVE-2024-21762_FortiNet_PoC +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/c0d3b3af/CVE-2024-21762-Exploit - https://github.com/c0d3b3af/CVE-2024-21762-POC - https://github.com/c0d3b3af/CVE-2024-21762-RCE-exploit +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/cleverg0d/CVE-2024-21762-Checker +- https://github.com/cleverg0d/CVEs - https://github.com/cvefeed/cvefeed.io - https://github.com/d0rb/CVE-2024-21762 +- https://github.com/deFr0ggy/CVE-2024-21762-Checker +- https://github.com/eeeeeeeeee-code/POC - https://github.com/f1tao/awesome-iot-security-resource - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/greandfather/CVE-2024-20291-POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/h4x0r-dz/CVE-2024-21762 +- https://github.com/iemotion/POC - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/laoa1573/wy876 - https://github.com/lolminerxmrig/multicheck_CVE-2024-21762 - https://github.com/lore-is-already-taken/multicheck_CVE-2024-21762 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check +- https://github.com/rdoix/cve-2024-21762-checker - https://github.com/redCode001/CVE-2024-21762-POC - https://github.com/t4ril/CVE-2024-21762-PoC - https://github.com/tanjiti/sec_profile @@ -53,5 +80,6 @@ No PoCs from references. - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki +- https://github.com/zulloper/cve-poc - https://github.com/zzcentury/FortiGate-CVE-2024-21762 diff --git a/2024/CVE-2024-21775.md b/2024/CVE-2024-21775.md index 2cb7db6042..e70dc0087b 100644 --- a/2024/CVE-2024-21775.md +++ b/2024/CVE-2024-21775.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/minhgalaxy/CVE +- https://github.com/minhgalaxy/minhgalaxy diff --git a/2024/CVE-2024-21791.md b/2024/CVE-2024-21791.md new file mode 100644 index 0000000000..a044116a23 --- /dev/null +++ b/2024/CVE-2024-21791.md @@ -0,0 +1,17 @@ +### [CVE-2024-21791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21791) +![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207271%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nhienit2010/nhienit2010 + diff --git a/2024/CVE-2024-21793.md b/2024/CVE-2024-21793.md index 5d934d4d7c..7635d6cd1b 100644 --- a/2024/CVE-2024-21793.md +++ b/2024/CVE-2024-21793.md @@ -13,8 +13,25 @@ An OData injection vulnerability exists in the BIG-IP Next Central Manager API ( No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki - https://github.com/FeatherStark/CVE-2024-21793 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-21798.md b/2024/CVE-2024-21798.md index 0aac23f476..7662753b66 100644 --- a/2024/CVE-2024-21798.md +++ b/2024/CVE-2024-21798.md @@ -2,13 +2,17 @@ ![](https://img.shields.io/static/v1?label=Product&message=WMC-X1800GST-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GS2-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GS2H-B&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GST2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2-W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2V-B&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GST2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-G01-W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-X3200GST3-B&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.24%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.25%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.30%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.32%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.41%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.62%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.67%20and%20earlier%20&color=brighgreen) diff --git a/2024/CVE-2024-21799.md b/2024/CVE-2024-21799.md new file mode 100644 index 0000000000..b4ead605a1 --- /dev/null +++ b/2024/CVE-2024-21799.md @@ -0,0 +1,18 @@ +### [CVE-2024-21799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21799) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Extension%20for%20Transformers%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%201.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20traversal&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sunriseXu/sunriseXu + diff --git a/2024/CVE-2024-21803.md b/2024/CVE-2024-21803.md new file mode 100644 index 0000000000..eae9a4aa1b --- /dev/null +++ b/2024/CVE-2024-21803.md @@ -0,0 +1,18 @@ +### [CVE-2024-21803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21803) +![](https://img.shields.io/static/v1?label=Product&message=Linux%20kernel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=v2.6.12-rc2%3C%20v6.8-rc1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-2188.md b/2024/CVE-2024-2188.md index f050e3e376..f2a6209cd6 100644 --- a/2024/CVE-2024-2188.md +++ b/2024/CVE-2024-2188.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/hacefresko/CVE-2024-2188 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21887.md b/2024/CVE-2024-21887.md index 58605f8ef1..e137a79168 100644 --- a/2024/CVE-2024-21887.md +++ b/2024/CVE-2024-21887.md @@ -14,31 +14,54 @@ A command injection vulnerability in web components of Ivanti Connect Secure (9. - http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/0xAj-Krishna/biggest-hack +- https://github.com/12442RF/POC - https://github.com/20142995/sectool +- https://github.com/AboSteam/POPC - https://github.com/Chocapikk/CVE-2024-21887 - https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887 +- https://github.com/DMW11525708/wiki - https://github.com/GhostTroops/TOP - https://github.com/H4lo/awesome-IoT-security-article +- https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser - https://github.com/HiS3/Ivanti-ICT-Snapshot-decryption +- https://github.com/JanRooduijn/pgadmin4-REL-6_16 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Marco-zcl/POC - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV - https://github.com/TheRedDevil1/Check-Vulns-Script +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/awslabs/Chatbot-to-help-security-teams-perform-vulnerability-assessments +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887 +- https://github.com/eeeeeeeeee-code/POC - https://github.com/emo-crab/attackerkb-api-rs - https://github.com/farukokutan/Threat-Intelligence-Research-Reports - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/gobysec/Goby +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/imhunterand/CVE-2024-21887 - https://github.com/inguardians/ivanti-VPN-issues-2024-research - https://github.com/jake-44/Research - https://github.com/jamesfed/0DayMitigations - https://github.com/jaredfolkins/5min-cyber-notes +- https://github.com/laoa1573/wy876 - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped +- https://github.com/mikhirurg/tutorial-radboud - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/oways/ivanti-CVE-2024-21887 +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887 - https://github.com/rxwx/pulse-meter - https://github.com/seajaysec/Ivanti-Connect-Around-Scan diff --git a/2024/CVE-2024-21890.md b/2024/CVE-2024-21890.md index f984543337..d180cb62ac 100644 --- a/2024/CVE-2024-21890.md +++ b/2024/CVE-2024-21890.md @@ -13,5 +13,6 @@ The Node.js Permission Model does not clarify in the documentation that wildcard No PoCs from references. #### Github +- https://github.com/Ki1shan/-Basic-Vulnerability-Scan - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21891.md b/2024/CVE-2024-21891.md index aade575685..eff5b11371 100644 --- a/2024/CVE-2024-21891.md +++ b/2024/CVE-2024-21891.md @@ -13,5 +13,9 @@ Node.js depends on multiple built-in utility functions to normalize paths provid No PoCs from references. #### Github +- https://github.com/Cybervixy/Vulnerability-Management +- https://github.com/Ki1shan/-Basic-Vulnerability-Scan +- https://github.com/Oju-kwu/Vulnerability-Management-Lab +- https://github.com/Teedico/Nessus_Vulnerability_Assessment - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21892.md b/2024/CVE-2024-21892.md index 3c0b965c92..d44d4ca25c 100644 --- a/2024/CVE-2024-21892.md +++ b/2024/CVE-2024-21892.md @@ -13,6 +13,19 @@ On Linux, Node.js ignores certain environment variables if those may have been s No PoCs from references. #### Github +- https://github.com/Aashini4001/Elevate-labs-task-3 +- https://github.com/Cybervixy/Vulnerability-Management +- https://github.com/Ki1shan/-Basic-Vulnerability-Scan +- https://github.com/KshitijPatil08/Elevate-Task3 - https://github.com/NaInSec/CVE-LIST +- https://github.com/Oju-kwu/Vulnerability-Management-Lab +- https://github.com/Oluwaseun-Joseph/Credentialed-Vulnerability-Assessment-Lab +- https://github.com/PrasannaSrinivasK/Task-3 +- https://github.com/Sarath-P-2/vulnerability-scan +- https://github.com/Teedico/Nessus_Vulnerability_Assessment +- https://github.com/Vikrantxo/elevate-cybersecurity-task3 +- https://github.com/ark074/Elevate-Labs-task_3 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/omkalyankar/Elevate-Labs-Task-3 +- https://github.com/rhythmsingh2709/Task3_ElevateLabs diff --git a/2024/CVE-2024-21893.md b/2024/CVE-2024-21893.md index de3b6a3ac4..1bce06a1d3 100644 --- a/2024/CVE-2024-21893.md +++ b/2024/CVE-2024-21893.md @@ -14,19 +14,25 @@ A server-side request forgery vulnerability in the SAML component of Ivanti Conn No PoCs from references. #### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/AllenLu112220/KaliVM-Attack-Cyber-Intrusions - https://github.com/Chocapikk/CVE-2024-21893-to-CVE-2024-21887 - https://github.com/GhostTroops/TOP - https://github.com/H4lo/awesome-IoT-security-article +- https://github.com/Ki1shan/-Basic-Vulnerability-Scan - https://github.com/Ostorlab/KEV - https://github.com/afonsovitorio/cve_sandbox - https://github.com/cve-sandbox-bot/cve_sandbox - https://github.com/farukokutan/Threat-Intelligence-Research-Reports - https://github.com/gobysec/Goby - https://github.com/h4x0r-dz/CVE-2024-21893.py +- https://github.com/hsvhora/research_blogs - https://github.com/inguardians/ivanti-VPN-issues-2024-research - https://github.com/k3ppf0r/2024-PocLib - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/seajaysec/Ivanti-Connect-Around-Scan - https://github.com/tanjiti/sec_profile - https://github.com/toxyl/lscve +- https://github.com/zaveribrijesh/cve_sandbox diff --git a/2024/CVE-2024-21896.md b/2024/CVE-2024-21896.md index ececf87a3a..bf8031ea07 100644 --- a/2024/CVE-2024-21896.md +++ b/2024/CVE-2024-21896.md @@ -13,5 +13,8 @@ The permission model protects itself against path traversal attacks by calling p No PoCs from references. #### Github +- https://github.com/KshitijPatil08/Elevate-Task3 +- https://github.com/Sarath-P-2/vulnerability-scan +- https://github.com/darkweb1663/Network-Vulnerability-Project - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21899.md b/2024/CVE-2024-21899.md index 97f1b7ea42..12217bb5b4 100644 --- a/2024/CVE-2024-21899.md +++ b/2024/CVE-2024-21899.md @@ -19,6 +19,7 @@ No PoCs from references. #### Github - https://github.com/JohnHormond/CVE-2024-21899-RCE-exploit - https://github.com/Oxdestiny/CVE-2024-21899-RCE-POC +- https://github.com/VulnExpo/ExploitHunter - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21907.md b/2024/CVE-2024-21907.md index ba8d5759be..228ba80778 100644 --- a/2024/CVE-2024-21907.md +++ b/2024/CVE-2024-21907.md @@ -15,4 +15,7 @@ Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptiona #### Github - https://github.com/aargenveldt/SbomTest +- https://github.com/cavecafe-cc/sparrow-cert +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase +- https://github.com/luciano-balmaceda-stenn/sec-NetVulnerableApp diff --git a/2024/CVE-2024-21908.md b/2024/CVE-2024-21908.md index 6135f5bc11..9a9502c9f9 100644 --- a/2024/CVE-2024-21908.md +++ b/2024/CVE-2024-21908.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21909.md b/2024/CVE-2024-21909.md index b9040e2dbe..33bfc41c07 100644 --- a/2024/CVE-2024-21909.md +++ b/2024/CVE-2024-21909.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21910.md b/2024/CVE-2024-21910.md index a1d2ac47fb..bd5e897910 100644 --- a/2024/CVE-2024-21910.md +++ b/2024/CVE-2024-21910.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21911.md b/2024/CVE-2024-21911.md index a9463d89c4..94d7e85401 100644 --- a/2024/CVE-2024-21911.md +++ b/2024/CVE-2024-21911.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-21937.md b/2024/CVE-2024-21937.md new file mode 100644 index 0000000000..8147aa28c0 --- /dev/null +++ b/2024/CVE-2024-21937.md @@ -0,0 +1,21 @@ +### [CVE-2024-21937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21937) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20Software%3A%20Adrenalin%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20Software%3A%20Cloud%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20Software%3A%20PRO%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2024.10.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2024.6.1%20(24.10.21.01)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2024.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) + +### Description + +Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-2194.md b/2024/CVE-2024-2194.md index 162da6ab6a..6f3dde6782 100644 --- a/2024/CVE-2024-2194.md +++ b/2024/CVE-2024-2194.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV +- https://github.com/medxpy/wp-scanner diff --git a/2024/CVE-2024-21957.md b/2024/CVE-2024-21957.md new file mode 100644 index 0000000000..61c06bed38 --- /dev/null +++ b/2024/CVE-2024-21957.md @@ -0,0 +1,17 @@ +### [CVE-2024-21957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21957) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20Management%20Console&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) + +### Description + +Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-21958.md b/2024/CVE-2024-21958.md new file mode 100644 index 0000000000..ce2a16a8f6 --- /dev/null +++ b/2024/CVE-2024-21958.md @@ -0,0 +1,17 @@ +### [CVE-2024-21958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21958) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20Provisioning%20Console%20(APC)%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.0.408%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) + +### Description + +Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-21960.md b/2024/CVE-2024-21960.md new file mode 100644 index 0000000000..3aedc0f827 --- /dev/null +++ b/2024/CVE-2024-21960.md @@ -0,0 +1,17 @@ +### [CVE-2024-21960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21960) +![](https://img.shields.io/static/v1?label=Product&message=AMD%20Optimizing%20CPU%20Libraries%20(AOCL)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) + +### Description + +Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-2201.md b/2024/CVE-2024-2201.md new file mode 100644 index 0000000000..ba4d78f3f6 --- /dev/null +++ b/2024/CVE-2024-2201.md @@ -0,0 +1,17 @@ +### [CVE-2024-2201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201) +![](https://img.shields.io/static/v1?label=Product&message=Xen&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20advisory%20%22x86%3A%20Native%20Branch%20History%20Injection%22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1423&color=brighgreen) + +### Description + +A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. + +### POC + +#### Reference +- https://www.kb.cert.org/vuls/id/155143 + +#### Github +- https://github.com/EGI-Federation/SVG-advisories + diff --git a/2024/CVE-2024-22017.md b/2024/CVE-2024-22017.md index 559103defe..1a753ff6e9 100644 --- a/2024/CVE-2024-22017.md +++ b/2024/CVE-2024-22017.md @@ -13,6 +13,8 @@ setuid() does not affect libuv's internal io_uring operations if initialized bef No PoCs from references. #### Github +- https://github.com/Ki1shan/-Basic-Vulnerability-Scan - https://github.com/NaInSec/CVE-LIST +- https://github.com/SpiralBL0CK/cve-2024-22017_to_test - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-22019.md b/2024/CVE-2024-22019.md index 04131ab46c..da1ae4530c 100644 --- a/2024/CVE-2024-22019.md +++ b/2024/CVE-2024-22019.md @@ -13,5 +13,13 @@ A vulnerability in Node.js HTTP servers allows an attacker to send a specially c No PoCs from references. #### Github +- https://github.com/Aashini4001/Elevate-labs-task-3 +- https://github.com/KshitijPatil08/Elevate-Task3 +- https://github.com/PrasannaSrinivasK/Task-3 +- https://github.com/Sarath-P-2/vulnerability-scan +- https://github.com/Vikrantxo/elevate-cybersecurity-task3 +- https://github.com/ark074/Elevate-Labs-task_3 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/omkalyankar/Elevate-Labs-Task-3 +- https://github.com/rhythmsingh2709/Task3_ElevateLabs diff --git a/2024/CVE-2024-22024.md b/2024/CVE-2024-22024.md index 2cf07f6aa0..4744f46c40 100644 --- a/2024/CVE-2024-22024.md +++ b/2024/CVE-2024-22024.md @@ -15,10 +15,26 @@ No PoCs from references. #### Github - https://github.com/0dteam/CVE-2024-22024 +- https://github.com/12442RF/POC +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Lester1968/evaluacion-informes-ciberseguridad +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/inguardians/ivanti-VPN-issues-2024-research - https://github.com/labesterOct/CVE-2024-22024 +- https://github.com/laoa1573/wy876 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/opendr-io/causality +- https://github.com/plbplbp/loudong001 +- https://github.com/tequilasunsh1ne/ivanti_CVE_2024_22024 diff --git a/2024/CVE-2024-22029.md b/2024/CVE-2024-22029.md new file mode 100644 index 0000000000..49452e29ea --- /dev/null +++ b/2024/CVE-2024-22029.md @@ -0,0 +1,40 @@ +### [CVE-2024-22029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22029) +![](https://img.shields.io/static/v1?label=Product&message=Container%20suse%2Fmanager%2F5.0%2Fx86_64%2Fserver%3A5.0.0-beta1.2.122&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Enterprise%20Storage%207.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2015%20SP5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%2015%20SP6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SUSE%20Manager%20Server%204.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=openSUSE%20Leap%2015.5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=openSUSE%20Tumbleweed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3F%3C%209.0.85-150200.57.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3F%3C%209.0.85-3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%3A%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root + +### POC + +#### Reference +- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22043.md b/2024/CVE-2024-22043.md new file mode 100644 index 0000000000..caa533afc0 --- /dev/null +++ b/2024/CVE-2024-22043.md @@ -0,0 +1,19 @@ +### [CVE-2024-22043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22043) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V35.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V35.1&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V35.0.251%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V35.1.170%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-22047.md b/2024/CVE-2024-22047.md index 28010f97e3..5d70abc6b3 100644 --- a/2024/CVE-2024-22047.md +++ b/2024/CVE-2024-22047.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-22048.md b/2024/CVE-2024-22048.md index 785bb04da6..2dffa9f6c5 100644 --- a/2024/CVE-2024-22048.md +++ b/2024/CVE-2024-22048.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-22049.md b/2024/CVE-2024-22049.md index c64234f013..25e27010dd 100644 --- a/2024/CVE-2024-22049.md +++ b/2024/CVE-2024-22049.md @@ -15,4 +15,5 @@ httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulne #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-22050.md b/2024/CVE-2024-22050.md new file mode 100644 index 0000000000..e158c1407e --- /dev/null +++ b/2024/CVE-2024-22050.md @@ -0,0 +1,17 @@ +### [CVE-2024-22050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22050) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase + diff --git a/2024/CVE-2024-22051.md b/2024/CVE-2024-22051.md index a3fa3f46fd..38df2d62d6 100644 --- a/2024/CVE-2024-22051.md +++ b/2024/CVE-2024-22051.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-22102.md b/2024/CVE-2024-22102.md new file mode 100644 index 0000000000..ef4a571760 --- /dev/null +++ b/2024/CVE-2024-22102.md @@ -0,0 +1,17 @@ +### [CVE-2024-22102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22102) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22103.md b/2024/CVE-2024-22103.md new file mode 100644 index 0000000000..ecdc319e64 --- /dev/null +++ b/2024/CVE-2024-22103.md @@ -0,0 +1,17 @@ +### [CVE-2024-22103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22103) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22104.md b/2024/CVE-2024-22104.md new file mode 100644 index 0000000000..55738aa63d --- /dev/null +++ b/2024/CVE-2024-22104.md @@ -0,0 +1,17 @@ +### [CVE-2024-22104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22104) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22105.md b/2024/CVE-2024-22105.md new file mode 100644 index 0000000000..f2df498bd5 --- /dev/null +++ b/2024/CVE-2024-22105.md @@ -0,0 +1,17 @@ +### [CVE-2024-22105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22106.md b/2024/CVE-2024-22106.md new file mode 100644 index 0000000000..6086720c53 --- /dev/null +++ b/2024/CVE-2024-22106.md @@ -0,0 +1,17 @@ +### [CVE-2024-22106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22106) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22120.md b/2024/CVE-2024-22120.md index 8cfd0b32b6..3aae01e188 100644 --- a/2024/CVE-2024-22120.md +++ b/2024/CVE-2024-22120.md @@ -13,18 +13,52 @@ Zabbix server can perform command execution for configured scripts. After comman - https://support.zabbix.com/browse/ZBX-24505 #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally +- https://github.com/DMW11525708/wiki - https://github.com/GhostTroops/TOP +- https://github.com/Godde3s/Exploit +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/POC-2025/nuclei - https://github.com/Threekiii/CVE - https://github.com/W01fh4cker/CVE-2024-22120-RCE +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs - https://github.com/ZonghaoLi777/githubTrending +- https://github.com/a1batr0ssG/VulhubExpand +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/aneasystone/github-trending +- https://github.com/binana354/nuclei +- https://github.com/byt3n33dl3/thc-Nuclei +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/dashmeet2023/Automated-Vulnerability-Checker +- https://github.com/dev-thefirewall/nuclei-test +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote - https://github.com/fireinrain/github-trending +- https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/isPique/CVE-2024-22120-RCE-with-gopher - https://github.com/johe123qwe/github-trending +- https://github.com/laoa1573/wy876 +- https://github.com/mitigatesh/nuclei +- https://github.com/niphon-sn/Vulnerability-Scanning-Tools - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/projectdiscovery/nuclei +- https://github.com/runZeroInc/nuclei - https://github.com/sampsonv/github-trending +- https://github.com/snakesec/nuclei - https://github.com/tanjiti/sec_profile +- https://github.com/test-org-appsec/nuclei +- https://github.com/testuser4040-coder/nuclei - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-22127.md b/2024/CVE-2024-22127.md index ca52a1cc09..d90a9df5cd 100644 --- a/2024/CVE-2024-22127.md +++ b/2024/CVE-2024-22127.md @@ -1,7 +1,7 @@ ### [CVE-2024-22127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22127) ![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20AS%20Java%20(Administrator%20Log%20Viewer%20plug-in)&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%207.50%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-2218.md b/2024/CVE-2024-2218.md index a1f94bbe2b..6f39660326 100644 --- a/2024/CVE-2024-2218.md +++ b/2024/CVE-2024-2218.md @@ -15,4 +15,5 @@ The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise a #### Github - https://github.com/DojoSecurity/DojoSecurity - https://github.com/afine-com/research +- https://github.com/vemusx/vemusx diff --git a/2024/CVE-2024-22195.md b/2024/CVE-2024-22195.md index 956d8a9e41..4db36f242c 100644 --- a/2024/CVE-2024-22195.md +++ b/2024/CVE-2024-22195.md @@ -14,4 +14,7 @@ No PoCs from references. #### Github - https://github.com/Its-Yayo/f-test +- https://github.com/furmidgeuk/snyk-scan-action +- https://github.com/ranjith16/renovate_test +- https://github.com/rsys-fchaliss/hebe diff --git a/2024/CVE-2024-22198.md b/2024/CVE-2024-22198.md index 2d9e9853c4..bcda9394c3 100644 --- a/2024/CVE-2024-22198.md +++ b/2024/CVE-2024-22198.md @@ -14,4 +14,5 @@ Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/xiw1ll/CVE-2024-22198_Checker diff --git a/2024/CVE-2024-22208.md b/2024/CVE-2024-22208.md index 800c2d5499..95a002aaea 100644 --- a/2024/CVE-2024-22208.md +++ b/2024/CVE-2024-22208.md @@ -13,5 +13,5 @@ phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQ - https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg #### Github -No PoCs found on GitHub currently. +- https://github.com/gotr00t0day/spyhunt diff --git a/2024/CVE-2024-2222.md b/2024/CVE-2024-2222.md index d1d614f5b5..7a6d664f0c 100644 --- a/2024/CVE-2024-2222.md +++ b/2024/CVE-2024-2222.md @@ -13,5 +13,8 @@ The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to u No PoCs from references. #### Github +- https://github.com/Indrani-19/vulnerability-scanner +- https://github.com/Saumya-Suvarna/vulnerability_scanner - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sagarnayar/Vul_Scanner diff --git a/2024/CVE-2024-22234.md b/2024/CVE-2024-22234.md index 611de36177..6f53eb5853 100644 --- a/2024/CVE-2024-22234.md +++ b/2024/CVE-2024-22234.md @@ -13,6 +13,8 @@ In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6. No PoCs from references. #### Github +- https://github.com/IES-Rafael-Alberti/Proyecto1_CybersecurityConsulting +- https://github.com/SMCallan/SSDLC-Security-Throughout-Development - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-22235.md b/2024/CVE-2024-22235.md index 1bda030d9b..7de14c4fbc 100644 --- a/2024/CVE-2024-22235.md +++ b/2024/CVE-2024-22235.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/thiscodecc/thiscodecc diff --git a/2024/CVE-2024-22243.md b/2024/CVE-2024-22243.md index 5ab7d7c424..d71e3e758d 100644 --- a/2024/CVE-2024-22243.md +++ b/2024/CVE-2024-22243.md @@ -14,7 +14,9 @@ No PoCs from references. #### Github - https://github.com/CllmsyK/YYBaby-Spring_Scan +- https://github.com/Reivap/CVE-2024-22243 - https://github.com/SeanPesce/CVE-2024-22243 +- https://github.com/diegopacheco/Smith - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hinat0y/Dataset1 - https://github.com/hinat0y/Dataset10 @@ -29,6 +31,8 @@ No PoCs from references. - https://github.com/hinat0y/Dataset8 - https://github.com/hinat0y/Dataset9 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/shastyblinksmartin/ashley - https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-22252.md b/2024/CVE-2024-22252.md index a8ec1a7549..0d6683f04a 100644 --- a/2024/CVE-2024-22252.md +++ b/2024/CVE-2024-22252.md @@ -20,4 +20,5 @@ No PoCs from references. #### Github - https://github.com/crackmapEZec/CVE-2024-22252-POC +- https://github.com/mythmax/ESXi670-202403001-standart-customized diff --git a/2024/CVE-2024-22253.md b/2024/CVE-2024-22253.md new file mode 100644 index 0000000000..0dc129d1d5 --- /dev/null +++ b/2024/CVE-2024-22253.md @@ -0,0 +1,23 @@ +### [CVE-2024-22253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22253) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Fusion&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workstation&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=13.x%3C%2013.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.x%3C%2017.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8.0%3C%20ESXi80U2sb-23305545%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mythmax/ESXi670-202403001-standart-customized + diff --git a/2024/CVE-2024-22254.md b/2024/CVE-2024-22254.md index c6252e80c9..3e07eeff85 100644 --- a/2024/CVE-2024-22254.md +++ b/2024/CVE-2024-22254.md @@ -16,4 +16,5 @@ No PoCs from references. #### Github - https://github.com/crackmapEZec/CVE-2024-22252-POC +- https://github.com/mythmax/ESXi670-202403001-standart-customized diff --git a/2024/CVE-2024-22255.md b/2024/CVE-2024-22255.md new file mode 100644 index 0000000000..8f3b0ef5f8 --- /dev/null +++ b/2024/CVE-2024-22255.md @@ -0,0 +1,23 @@ +### [CVE-2024-22255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22255) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Fusion&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workstation&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=13.x%3C%2013.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.x%3C%2017.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8.0%20%3C%20ESXi80U2sb-23305545%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.   + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mythmax/ESXi670-202403001-standart-customized + diff --git a/2024/CVE-2024-22259.md b/2024/CVE-2024-22259.md index 787d3d38a8..3f514a0224 100644 --- a/2024/CVE-2024-22259.md +++ b/2024/CVE-2024-22259.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/NaInSec/CVE-LIST - https://github.com/SeanPesce/CVE-2024-22243 - https://github.com/ashrafsarhan/order-service +- https://github.com/diegopacheco/Smith - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-22262.md b/2024/CVE-2024-22262.md index 8f595d9840..8408cf9860 100644 --- a/2024/CVE-2024-22262.md +++ b/2024/CVE-2024-22262.md @@ -13,7 +13,9 @@ Applications that use UriComponentsBuilder to parse an externally provided URL No PoCs from references. #### Github +- https://github.com/Performant-Labs/CVE-2024-22262 - https://github.com/SeanPesce/CVE-2024-22243 +- https://github.com/diegopacheco/Smith - https://github.com/hinat0y/Dataset1 - https://github.com/hinat0y/Dataset10 - https://github.com/hinat0y/Dataset11 @@ -26,5 +28,7 @@ No PoCs from references. - https://github.com/hinat0y/Dataset7 - https://github.com/hinat0y/Dataset8 - https://github.com/hinat0y/Dataset9 +- https://github.com/john911120/yuru-archive +- https://github.com/shastyblinksmartin/ashley - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-22263.md b/2024/CVE-2024-22263.md index 6f9e67ed21..34d4e711bf 100644 --- a/2024/CVE-2024-22263.md +++ b/2024/CVE-2024-22263.md @@ -14,6 +14,11 @@ No PoCs from references. #### Github - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/crisprss/CVEs +- https://github.com/ismailmazumder/SL7CVELabsBuilder - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/securelayer7/CVE-2024-22263_Scanner +- https://github.com/securelayer7/Research - https://github.com/tanjiti/sec_profile +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-22268.md b/2024/CVE-2024-22268.md new file mode 100644 index 0000000000..ff32d9ac74 --- /dev/null +++ b/2024/CVE-2024-22268.md @@ -0,0 +1,19 @@ +### [CVE-2024-22268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22268) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Fusion&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workstation&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=13.x%3C%2013.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.x%3C%2017.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap%20buffer-overflow%20vulnerability&color=brighgreen) + +### Description + +VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pwn2carr/pwn2carr + diff --git a/2024/CVE-2024-22274.md b/2024/CVE-2024-22274.md index 651cda1f1f..3ca7952a19 100644 --- a/2024/CVE-2024-22274.md +++ b/2024/CVE-2024-22274.md @@ -15,5 +15,10 @@ The vCenter Server contains an authenticated remote code execution vulnerability No PoCs from references. #### Github +- https://github.com/Mustafa1986/CVE-2024-22274-RCE +- https://github.com/UGF0aWVudF9aZXJv/VMWare-Pentesting +- https://github.com/l0n3m4n/CVE-2024-22274-RCE +- https://github.com/mbadanoiu/CVE-2024-22274 +- https://github.com/ninhpn1337/CVE-2024-22274 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22275.md b/2024/CVE-2024-22275.md index 3de1262bee..72191bbc25 100644 --- a/2024/CVE-2024-22275.md +++ b/2024/CVE-2024-22275.md @@ -15,5 +15,6 @@ The vCenter Server contains a partial file read vulnerability. A malicious acto No PoCs from references. #### Github +- https://github.com/mbadanoiu/CVE-2024-22275 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-2236.md b/2024/CVE-2024-2236.md index 7923368d2a..5a17c88eaf 100644 --- a/2024/CVE-2024-2236.md +++ b/2024/CVE-2024-2236.md @@ -3,6 +3,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.4%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20Timing%20Discrepancy&color=brighgreen) @@ -16,10 +18,15 @@ A timing-based side-channel flaw was found in libgcrypt's RSA implementation. Th No PoCs from references. #### Github +- https://github.com/Dariani223/DevOpsFinal - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/Myash-New/05-virt-04-docker-in-practice +- https://github.com/Telooss/TP-WIK-DPS-TP02 - https://github.com/TimoTielens/TwT.Docker.Aspnet - https://github.com/TimoTielens/httpd-security - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/ardhiatno/ubimicro-fluentbit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list +- https://github.com/mmbazm/secure_license_server diff --git a/2024/CVE-2024-22365.md b/2024/CVE-2024-22365.md index df2d7a78d8..7edd811dc2 100644 --- a/2024/CVE-2024-22365.md +++ b/2024/CVE-2024-22365.md @@ -13,7 +13,14 @@ linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of ser No PoCs from references. #### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/Dariani223/DevOpsFinal - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/Myash-New/05-virt-04-docker-in-practice +- https://github.com/OzNetNerd/CheckovOutputProcessor +- https://github.com/Telooss/TP-WIK-DPS-TP02 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list +- https://github.com/mmbazm/secure_license_server +- https://github.com/w4zu/Debian_security diff --git a/2024/CVE-2024-22371.md b/2024/CVE-2024-22371.md new file mode 100644 index 0000000000..dfd765bdc7 --- /dev/null +++ b/2024/CVE-2024-22371.md @@ -0,0 +1,19 @@ +### [CVE-2024-22371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22371) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Camel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20sensitive%20data%20by%20by%20crafting%20a%20malicious%20EventFactory%20and%20providing%20a%20custom%20ExchangeCreatedEvent%20that%20exposes%20sensitive%20data.&color=brighgreen) + +### Description + +Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/vishalborkar7/POC_for_-CVE-2024-22371 +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-22376.md b/2024/CVE-2024-22376.md new file mode 100644 index 0000000000..710b3e61d7 --- /dev/null +++ b/2024/CVE-2024-22376.md @@ -0,0 +1,18 @@ +### [CVE-2024-22376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22376) +![](https://img.shields.io/static/v1?label=Product&message=installation%20software%20for%20Intel(R)%20Ethernet%20Adapter%20Driver%20Pack&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%2028.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20search%20path%20element&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-22399.md b/2024/CVE-2024-22399.md new file mode 100644 index 0000000000..0de5afaced --- /dev/null +++ b/2024/CVE-2024-22399.md @@ -0,0 +1,28 @@ +### [CVE-2024-22399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22399) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Seata&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol.This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0.Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 + diff --git a/2024/CVE-2024-2241.md b/2024/CVE-2024-2241.md index f907a94cf5..8637b259cb 100644 --- a/2024/CVE-2024-2241.md +++ b/2024/CVE-2024-2241.md @@ -10,7 +10,7 @@ Improper access control in the user interface in Devolutions Workspace 2024.1.0 ### POC #### Reference -No PoCs from references. +- https://devolutions.net/security/advisories/DEVO-2024-0003 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-22412.md b/2024/CVE-2024-22412.md index 515c411f6a..ffea9f64c5 100644 --- a/2024/CVE-2024-22412.md +++ b/2024/CVE-2024-22412.md @@ -14,4 +14,5 @@ ClickHouse is an open-source column-oriented database management system. A bug e #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/adegoodyer/kubernetes-admin-toolkit diff --git a/2024/CVE-2024-22419.md b/2024/CVE-2024-22419.md index 53580c6b31..7adc211315 100644 --- a/2024/CVE-2024-22419.md +++ b/2024/CVE-2024-22419.md @@ -1,11 +1,11 @@ ### [CVE-2024-22419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22419) ![](https://img.shields.io/static/v1?label=Product&message=vyper&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.3.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.4.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%3A%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) ### Description -Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible. +Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in 0.4.0. ### POC diff --git a/2024/CVE-2024-2242.md b/2024/CVE-2024-2242.md index 254b54d922..5cf4aa7114 100644 --- a/2024/CVE-2024-2242.md +++ b/2024/CVE-2024-2242.md @@ -13,5 +13,9 @@ The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Sc No PoCs from references. #### Github +- https://github.com/BharatCyberForce/wp-hunter +- https://github.com/RandomRobbieBF/CVE-2024-2242 +- https://github.com/Zzl0y/bugs-and-arts - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22452.md b/2024/CVE-2024-22452.md index 2adc1a1286..b861864bd8 100644 --- a/2024/CVE-2024-22452.md +++ b/2024/CVE-2024-22452.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/pwn2carr/pwn2carr diff --git a/2024/CVE-2024-22526.md b/2024/CVE-2024-22526.md index 4f8e227d2d..917c2630b8 100644 --- a/2024/CVE-2024-22526.md +++ b/2024/CVE-2024-22526.md @@ -13,5 +13,7 @@ Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attacker - https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3 #### Github +- https://github.com/200101WhoAmI/CVE-2024-22526 +- https://github.com/GAP-dev/GAP-dev - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22529.md b/2024/CVE-2024-22529.md index 24020da847..e2d857f381 100644 --- a/2024/CVE-2024-22529.md +++ b/2024/CVE-2024-22529.md @@ -13,5 +13,5 @@ TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability - https://github.com/unpWn4bL3/iot-security/blob/main/29.md #### Github -No PoCs found on GitHub currently. +- https://github.com/attilaszia/linux-iot-cves diff --git a/2024/CVE-2024-22547.md b/2024/CVE-2024-22547.md index 68afa551e9..53c436294c 100644 --- a/2024/CVE-2024-22547.md +++ b/2024/CVE-2024-22547.md @@ -13,5 +13,7 @@ WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2257.md b/2024/CVE-2024-2257.md index 9dafdd26ac..a0f770305c 100644 --- a/2024/CVE-2024-2257.md +++ b/2024/CVE-2024-2257.md @@ -13,5 +13,6 @@ This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; No PoCs from references. #### Github +- https://github.com/Redfox-Security/Digisol-DG-GR1321-s-Password-Policy-Bypass-CVE-2024-2257 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22637.md b/2024/CVE-2024-22637.md index 8416877378..047a4337fe 100644 --- a/2024/CVE-2024-22637.md +++ b/2024/CVE-2024-22637.md @@ -13,5 +13,6 @@ Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XS - https://packetstormsecurity.com/files/176403/Form-Tools-3.1.1-Cross-Site-Scripting.html #### Github +- https://github.com/Anogota/Server-side-Template-Injection - https://github.com/capture0x/My-CVE diff --git a/2024/CVE-2024-22722.md b/2024/CVE-2024-22722.md index e76b118994..f5f301b397 100644 --- a/2024/CVE-2024-22722.md +++ b/2024/CVE-2024-22722.md @@ -13,5 +13,5 @@ Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows a - https://hakaisecurity.io/error-404-your-security-not-found-tales-of-web-vulnerabilities/ #### Github -No PoCs found on GitHub currently. +- https://github.com/terribledactyl/Form-Tools-3.1.1-RCE diff --git a/2024/CVE-2024-22733.md b/2024/CVE-2024-22733.md new file mode 100644 index 0000000000..987d4a9ccc --- /dev/null +++ b/2024/CVE-2024-22733.md @@ -0,0 +1,17 @@ +### [CVE-2024-22733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22733) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. + +### POC + +#### Reference +- https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22734.md b/2024/CVE-2024-22734.md index c3708722ca..5c1ca2de29 100644 --- a/2024/CVE-2024-22734.md +++ b/2024/CVE-2024-22734.md @@ -13,5 +13,5 @@ An issue was discovered in AMCS Group Trux Waste Management Software before vers - https://www.redlinecybersecurity.com/blog/cve-2024-22734 #### Github -No PoCs found on GitHub currently. +- https://github.com/securekomodo/CVE-2024-22734 diff --git a/2024/CVE-2024-22773.md b/2024/CVE-2024-22773.md index 52b42ab51f..12c044fd8f 100644 --- a/2024/CVE-2024-22773.md +++ b/2024/CVE-2024-22773.md @@ -10,6 +10,7 @@ Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2. ### POC #### Reference +- https://medium.com/%40wagneralves_87750/poc-cve-2024-22773-febf0d3a5433 - https://medium.com/@wagneralves_87750/poc-cve-2024-22773-febf0d3a5433 - https://www.youtube.com/watch?v=-r0TWJq55DU&t=7s diff --git a/2024/CVE-2024-22851.md b/2024/CVE-2024-22851.md index 7dcccb87a8..8557b9d15d 100644 --- a/2024/CVE-2024-22851.md +++ b/2024/CVE-2024-22851.md @@ -10,6 +10,7 @@ Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote a ### POC #### Reference +- https://raeph123.github.io/BlogPosts/LiveConfig/LiveConfig_Advisory_CVE-2024-22851_en.html - https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851 #### Github diff --git a/2024/CVE-2024-22853.md b/2024/CVE-2024-22853.md index 59c136a339..a765b12fed 100644 --- a/2024/CVE-2024-22853.md +++ b/2024/CVE-2024-22853.md @@ -13,7 +13,24 @@ D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alph - https://www.dlink.com/en/security-bulletin/ #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/FaLLenSKiLL1/CVE-2024-22853 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/wy876/POC diff --git a/2024/CVE-2024-22871.md b/2024/CVE-2024-22871.md index c471dce342..022344b8c4 100644 --- a/2024/CVE-2024-22871.md +++ b/2024/CVE-2024-22871.md @@ -10,6 +10,7 @@ An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a ### POC #### Reference +- https://hackmd.io/%40fe1w0/rymmJGida - https://hackmd.io/@fe1w0/rymmJGida #### Github diff --git a/2024/CVE-2024-22891.md b/2024/CVE-2024-22891.md index bcfe7c204d..d459c40a9a 100644 --- a/2024/CVE-2024-22891.md +++ b/2024/CVE-2024-22891.md @@ -14,5 +14,6 @@ Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnera #### Github - https://github.com/CS-EVAL/CS-Eval +- https://github.com/EQSTLab/CVE-2024-22891 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-22894.md b/2024/CVE-2024-22894.md index ef86fa014c..1f1e9189c6 100644 --- a/2024/CVE-2024-22894.md +++ b/2024/CVE-2024-22894.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability - https://github.com/Jaarden/CVE-2024-22894 +- https://github.com/Jaarden/luxtronic-glt-licensetool - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22899.md b/2024/CVE-2024-22899.md index 1e633d60dc..9d7e22732a 100644 --- a/2024/CVE-2024-22899.md +++ b/2024/CVE-2024-22899.md @@ -17,4 +17,5 @@ Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote - https://github.com/Chocapikk/Chocapikk - https://github.com/Chocapikk/My-CVEs - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-22902.md b/2024/CVE-2024-22902.md index f84856a8ed..c0a7f60b49 100644 --- a/2024/CVE-2024-22902.md +++ b/2024/CVE-2024-22902.md @@ -15,4 +15,6 @@ Vinchin Backup & Recovery v7.2 was discovered to be configured with default root #### Github - https://github.com/Chocapikk/CVE-2024-22899-to-22903-ExploitChain - https://github.com/Chocapikk/My-CVEs +- https://github.com/kaif9711/Strengthened-Security-on-Metasploitable-3 +- https://github.com/kaif9711/metasploitable3-vulnerability-assessment diff --git a/2024/CVE-2024-22922.md b/2024/CVE-2024-22922.md index 8726367a86..9f195263f3 100644 --- a/2024/CVE-2024-22922.md +++ b/2024/CVE-2024-22922.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/keru6k/CVE-2024-22922 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pwnpwnpur1n/CVE-2024-22922 diff --git a/2024/CVE-2024-22983.md b/2024/CVE-2024-22983.md index 9f838021cf..532b1148a6 100644 --- a/2024/CVE-2024-22983.md +++ b/2024/CVE-2024-22983.md @@ -16,4 +16,5 @@ SQL injection vulnerability in Projectworlds Visitor Management System in PHP v. - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/keru6k/CVE-2024-22983 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pwnpwnpur1n/CVE-2024-22983 diff --git a/2024/CVE-2024-23052.md b/2024/CVE-2024-23052.md index 7d5b0d9f8c..14760339c3 100644 --- a/2024/CVE-2024-23052.md +++ b/2024/CVE-2024-23052.md @@ -13,6 +13,23 @@ An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote at - https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28 #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-23091.md b/2024/CVE-2024-23091.md index b17fe9cd08..117eddaed5 100644 --- a/2024/CVE-2024-23091.md +++ b/2024/CVE-2024-23091.md @@ -13,5 +13,6 @@ Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows No PoCs from references. #### Github +- https://github.com/cnetsec/hacktiba-ht-ai--pulse00-2025 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-23113.md b/2024/CVE-2024-23113.md index d5f653b1e8..e9682c1be2 100644 --- a/2024/CVE-2024-23113.md +++ b/2024/CVE-2024-23113.md @@ -18,11 +18,25 @@ A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 No PoCs from references. #### Github +- https://github.com/CheckCve2/CVE-2024-23113 +- https://github.com/MAVRICK-1/cve-2024-23113-test-env +- https://github.com/Ostorlab/KEV +- https://github.com/SkyGodling/exploit-cve-2024-47575 +- https://github.com/XiaomingX/awesome-cve-exp-poc +- https://github.com/XiaomingX/cve-2024-23113-exp +- https://github.com/XiaomingX/cve-2024-23113-poc - https://github.com/cvedayprotech/CVE-2024-23113 - https://github.com/cvedayprotech3s/cve-2024-23113 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/foxymoxxy/CVE-2024-23113-POC - https://github.com/labesterOct/CVE-2024-23113 +- https://github.com/nickjeffrey/check_fortios - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/p33d/CVE-2024-23113 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/puckiestyle/CVE-2024-23113 - https://github.com/tr1pl3ight/CVE-2024-23113-POC +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/valornode/CVE-2024-23113 +- https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575 diff --git a/2024/CVE-2024-23120.md b/2024/CVE-2024-23120.md index 1c9706cf5c..cef69a90cc 100644 --- a/2024/CVE-2024-23120.md +++ b/2024/CVE-2024-23120.md @@ -1,11 +1,19 @@ ### [CVE-2024-23120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23120) -![](https://img.shields.io/static/v1?label=Product&message=Autodesk%20applications&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) ### Description -A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll and through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23121.md b/2024/CVE-2024-23121.md index 41deb28ce0..7f2709b756 100644 --- a/2024/CVE-2024-23121.md +++ b/2024/CVE-2024-23121.md @@ -1,11 +1,19 @@ ### [CVE-2024-23121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23121) -![](https://img.shields.io/static/v1?label=Product&message=Autodesk%20applications&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) ### Description -A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23122.md b/2024/CVE-2024-23122.md index 9acdb5bc13..37f3adadac 100644 --- a/2024/CVE-2024-23122.md +++ b/2024/CVE-2024-23122.md @@ -1,11 +1,19 @@ ### [CVE-2024-23122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23122) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) ### Description -A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23123.md b/2024/CVE-2024-23123.md index d336dddd76..399648fcab 100644 --- a/2024/CVE-2024-23123.md +++ b/2024/CVE-2024-23123.md @@ -1,11 +1,19 @@ ### [CVE-2024-23123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23123) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) ### Description -A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23124.md b/2024/CVE-2024-23124.md index fa1159f643..b55f6f0441 100644 --- a/2024/CVE-2024-23124.md +++ b/2024/CVE-2024-23124.md @@ -1,11 +1,19 @@ ### [CVE-2024-23124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23124) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) ### Description -A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23125.md b/2024/CVE-2024-23125.md index 753652699e..4ef4917f65 100644 --- a/2024/CVE-2024-23125.md +++ b/2024/CVE-2024-23125.md @@ -1,11 +1,19 @@ ### [CVE-2024-23125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23125) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) ### Description -A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23126.md b/2024/CVE-2024-23126.md index e8070ce6e1..e31c1351fc 100644 --- a/2024/CVE-2024-23126.md +++ b/2024/CVE-2024-23126.md @@ -1,11 +1,19 @@ ### [CVE-2024-23126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23126) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) ### Description -A maliciously crafted CATPART file in CC5Dll.dll when parsed through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. +A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23130.md b/2024/CVE-2024-23130.md index 0d54886a99..4425aa4bff 100644 --- a/2024/CVE-2024-23130.md +++ b/2024/CVE-2024-23130.md @@ -1,6 +1,14 @@ ### [CVE-2024-23130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23130) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption%20-%20Generic&color=brighgreen) ### Description diff --git a/2024/CVE-2024-23131.md b/2024/CVE-2024-23131.md index 9179211496..070642acc7 100644 --- a/2024/CVE-2024-23131.md +++ b/2024/CVE-2024-23131.md @@ -1,6 +1,14 @@ ### [CVE-2024-23131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23131) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption%20-%20Generic&color=brighgreen) ### Description diff --git a/2024/CVE-2024-23132.md b/2024/CVE-2024-23132.md index 711be5d4a2..21bc44d0ca 100644 --- a/2024/CVE-2024-23132.md +++ b/2024/CVE-2024-23132.md @@ -1,11 +1,19 @@ ### [CVE-2024-23132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23132) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption%20-%20Generic&color=brighgreen) ### Description -A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. +A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. ### POC diff --git a/2024/CVE-2024-23133.md b/2024/CVE-2024-23133.md index 1bffeeedb5..5e17af76c9 100644 --- a/2024/CVE-2024-23133.md +++ b/2024/CVE-2024-23133.md @@ -1,11 +1,19 @@ ### [CVE-2024-23133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23133) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption%20-%20Generic&color=brighgreen) ### Description -A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. +A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. ### POC diff --git a/2024/CVE-2024-23135.md b/2024/CVE-2024-23135.md index 4de33f644f..ff19988a2b 100644 --- a/2024/CVE-2024-23135.md +++ b/2024/CVE-2024-23135.md @@ -1,11 +1,19 @@ ### [CVE-2024-23135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23135) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) ### Description -A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. +A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. ### POC diff --git a/2024/CVE-2024-23136.md b/2024/CVE-2024-23136.md index 4277a1e1d3..5f5e058fc7 100644 --- a/2024/CVE-2024-23136.md +++ b/2024/CVE-2024-23136.md @@ -1,11 +1,19 @@ ### [CVE-2024-23136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23136) -![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%2C%20Advance%20Steel%20and%20Civil%203D&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202024%2C%202023%2C%202022%2C%202021%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2025%3C%202025.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-822%3A%20Untrusted%20Pointer%20Dereference&color=brighgreen) ### Description -A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. +A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. ### POC diff --git a/2024/CVE-2024-23138.md b/2024/CVE-2024-23138.md index 93485b430c..bd37a36d58 100644 --- a/2024/CVE-2024-23138.md +++ b/2024/CVE-2024-23138.md @@ -1,6 +1,18 @@ ### [CVE-2024-23138](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23138) +![](https://img.shields.io/static/v1?label=Product&message=Advance%20Steel&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Architecture&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Electrical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20LT%20for%20Mac&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20LT&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MAP%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20MEP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mac&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Mechanical&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD%20Plant%203D&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=AutoCAD&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Civil%203D&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=DWG%20TrueView&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%202023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=2024%3C%202024.1.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) ### Description diff --git a/2024/CVE-2024-23139.md b/2024/CVE-2024-23139.md index d80c660976..388e3ce637 100644 --- a/2024/CVE-2024-23139.md +++ b/2024/CVE-2024-23139.md @@ -1,11 +1,11 @@ ### [CVE-2024-23139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23139) ![](https://img.shields.io/static/v1?label=Product&message=FBX%20Review&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1.5.3.0%3C%201.5.4.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) ### Description -An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code “ABC” files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. +A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. ### POC diff --git a/2024/CVE-2024-23226.md b/2024/CVE-2024-23226.md new file mode 100644 index 0000000000..589f0a48d8 --- /dev/null +++ b/2024/CVE-2024-23226.md @@ -0,0 +1,24 @@ +### [CVE-2024-23226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23226) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2010.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20web%20content%20may%20lead%20to%20arbitrary%20code%20execution&color=brighgreen) + +### Description + +The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pwn2carr/pwn2carr + diff --git a/2024/CVE-2024-23296.md b/2024/CVE-2024-23296.md index 9bdb41ff4d..739698f8db 100644 --- a/2024/CVE-2024-23296.md +++ b/2024/CVE-2024-23296.md @@ -13,5 +13,6 @@ A memory corruption issue was addressed with improved validation. This issue is No PoCs from references. #### Github +- https://github.com/eznisula/fastcve-dashboard - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-23298.md b/2024/CVE-2024-23298.md index 494f53266c..a7782acaf1 100644 --- a/2024/CVE-2024-23298.md +++ b/2024/CVE-2024-23298.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/p1tsi/CVE-2024-23298.app diff --git a/2024/CVE-2024-2330.md b/2024/CVE-2024-2330.md index 342df5b43a..cde0576a8d 100644 --- a/2024/CVE-2024-2330.md +++ b/2024/CVE-2024-2330.md @@ -13,7 +13,24 @@ A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. - https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-23309.md b/2024/CVE-2024-23309.md new file mode 100644 index 0000000000..4929b9133a --- /dev/null +++ b/2024/CVE-2024-23309.md @@ -0,0 +1,17 @@ +### [CVE-2024-23309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23309) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6012&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R0.40e6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-291%3A%20Reliance%20on%20IP%20Address%20for%20Authentication&color=brighgreen) + +### Description + +The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-23321.md b/2024/CVE-2024-23321.md new file mode 100644 index 0000000000..e050de0630 --- /dev/null +++ b/2024/CVE-2024-23321.md @@ -0,0 +1,17 @@ +### [CVE-2024-23321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23321) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20RocketMQ&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4.5.2%3C%3D%205.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions.An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list.To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Threekiii/CVE + diff --git a/2024/CVE-2024-23331.md b/2024/CVE-2024-23331.md index 5c8708097e..d5e767c4bb 100644 --- a/2024/CVE-2024-23331.md +++ b/2024/CVE-2024-23331.md @@ -15,6 +15,7 @@ Vite is a frontend tooling framework for javascript. The Vite dev server option - https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw #### Github +- https://github.com/dhushyanth-h-m/PetFinder - https://github.com/seal-community/patches - https://github.com/vignesh7701/CodeEditor-Beta diff --git a/2024/CVE-2024-23334.md b/2024/CVE-2024-23334.md index c135718db4..e99b51b6c1 100644 --- a/2024/CVE-2024-23334.md +++ b/2024/CVE-2024-23334.md @@ -13,18 +13,54 @@ aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. - https://github.com/aio-libs/aiohttp/pull/8079 #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/Arc4he/CVE-2024-23334-PoC +- https://github.com/BestDevOfc/CVE-2024-23334-PoC +- https://github.com/Betan423/CVE-2024-23334-PoC +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV +- https://github.com/Pylonet/CVE-2024-23334 +- https://github.com/Seby26Dev/-HTB-Chemistry - https://github.com/SecureDoughnut/Tinkoff-CTF-2024-lohness +- https://github.com/TheRedP4nther/LFI-aiohttp-CVE-2024-23334-PoC +- https://github.com/Threekiii/Awesome-POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/anneelv/htb-chemistry +- https://github.com/binaryninja/CVE-2024-23334 - https://github.com/brian-edgar-re/poc-cve-2024-23334 +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/darkushhhh/Penetration-Testing-Report +- https://github.com/eeeeeeeeee-code/POC - https://github.com/ggPonchik/Tinkoff-CTF-2024-lohness +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hacker-gpt/hacker-gpt - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC +- https://github.com/igorbf495/writeup-chemistry-htb - https://github.com/jhonnybonny/CVE-2024-23334 - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/laoa1573/wy876 - https://github.com/marl-ot/DevSecOps-2024 - https://github.com/netlas-io/netlas-dorks +- https://github.com/nn0nkey/mytools - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/ox1111/CVE-2024-23334 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/rsys-fchaliss/hebe +- https://github.com/s4botai/CVE-2024-23334-PoC - https://github.com/sxyrxyy/aiohttp-exploit-CVE-2024-23334-certstream +- https://github.com/unknownperson89800/Chemistry-CTF-HTB +- https://github.com/wizarddos/CVE-2024-23334 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/z3rObyte/CVE-2024-23334-PoC diff --git a/2024/CVE-2024-23339.md b/2024/CVE-2024-23339.md index 355de18bd9..824ef53c81 100644 --- a/2024/CVE-2024-23339.md +++ b/2024/CVE-2024-23339.md @@ -13,6 +13,8 @@ hoolock is a suite of lightweight utilities designed to maintain a small footpri No PoCs from references. #### Github +- https://github.com/200101WhoAmI/CVE-2024-23339 +- https://github.com/GAP-dev/GAP-dev - https://github.com/d3ng03/PP-Auto-Detector - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-23342.md b/2024/CVE-2024-23342.md index a42380331e..e6e042248b 100644 --- a/2024/CVE-2024-23342.md +++ b/2024/CVE-2024-23342.md @@ -16,4 +16,5 @@ The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve #### Github - https://github.com/memphis-tools/dummy_fastapi_flask_blog_app +- https://github.com/tomassaldana966/visor-urbano diff --git a/2024/CVE-2024-23346.md b/2024/CVE-2024-23346.md index 8e8dcca049..aecef1b92b 100644 --- a/2024/CVE-2024-23346.md +++ b/2024/CVE-2024-23346.md @@ -13,5 +13,12 @@ Pymatgen (Python Materials Genomics) is an open-source Python library for materi - https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f #### Github -No PoCs found on GitHub currently. +- https://github.com/9carlo6/CVE-2024-23346 +- https://github.com/DAVIDAROCA27/CVE-2024-23346-exploit +- https://github.com/MAWK0235/CVE-2024-23346 +- https://github.com/Sanity-Archive/CVE-2024-23346 +- https://github.com/anneelv/htb-chemistry +- https://github.com/igorbf495/writeup-chemistry-htb +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/szyth/CVE-2024-23346-rust-exploit diff --git a/2024/CVE-2024-23372.md b/2024/CVE-2024-23372.md new file mode 100644 index 0000000000..a73ac7f99e --- /dev/null +++ b/2024/CVE-2024-23372.md @@ -0,0 +1,17 @@ +### [CVE-2024-23372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23372) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20FastConnect%206200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-23373.md b/2024/CVE-2024-23373.md new file mode 100644 index 0000000000..6a171b4b4a --- /dev/null +++ b/2024/CVE-2024-23373.md @@ -0,0 +1,17 @@ +### [CVE-2024-23373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23373) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-23380.md b/2024/CVE-2024-23380.md new file mode 100644 index 0000000000..876b5f51aa --- /dev/null +++ b/2024/CVE-2024-23380.md @@ -0,0 +1,17 @@ +### [CVE-2024-23380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23380) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20FastConnect%206200%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Memory corruption while handling user packets during VBO bind operation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-23385.md b/2024/CVE-2024-23385.md new file mode 100644 index 0000000000..b618821070 --- /dev/null +++ b/2024/CVE-2024-23385.md @@ -0,0 +1,17 @@ +### [CVE-2024-23385](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23385) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20APQ8017%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-617%20Reachable%20Assertion&color=brighgreen) + +### Description + +Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SysSec-KAIST/LLFuzz + diff --git a/2024/CVE-2024-2340.md b/2024/CVE-2024-2340.md new file mode 100644 index 0000000000..9370adc26a --- /dev/null +++ b/2024/CVE-2024-2340.md @@ -0,0 +1,17 @@ +### [CVE-2024-2340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2340) +![](https://img.shields.io/static/v1?label=Product&message=Avada%20%7C%20Website%20Builder%20For%20WordPress%20%26%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.11.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-548%20Information%20Exposure%20Through%20Directory%20Listing&color=brighgreen) + +### Description + +The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/t3l3machus/t3l3machus + diff --git a/2024/CVE-2024-23443.md b/2024/CVE-2024-23443.md new file mode 100644 index 0000000000..7f6d2c66e1 --- /dev/null +++ b/2024/CVE-2024-23443.md @@ -0,0 +1,17 @@ +### [CVE-2024-23443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23443) +![](https://img.shields.io/static/v1?label=Product&message=Kibana&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhazhalove/osquery_cve-2024-23443 + diff --git a/2024/CVE-2024-23450.md b/2024/CVE-2024-23450.md index 668e785283..11f6cd3705 100644 --- a/2024/CVE-2024-23450.md +++ b/2024/CVE-2024-23450.md @@ -13,5 +13,5 @@ A flaw was discovered in Elasticsearch, where processing a document in a deeply - https://www.elastic.co/community/security #### Github -No PoCs found on GitHub currently. +- https://github.com/Bhanunamikaze/VaktScan diff --git a/2024/CVE-2024-23556.md b/2024/CVE-2024-23556.md new file mode 100644 index 0000000000..75477adf8d --- /dev/null +++ b/2024/CVE-2024-23556.md @@ -0,0 +1,17 @@ +### [CVE-2024-23556](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23556) +![](https://img.shields.io/static/v1?label=Product&message=BigFix%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.5%20-%209.5.24%2C%2010%20-%2010.0.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tiagof21/imunex-browser + diff --git a/2024/CVE-2024-2359.md b/2024/CVE-2024-2359.md new file mode 100644 index 0000000000..5c2b1fdda9 --- /dev/null +++ b/2024/CVE-2024-2359.md @@ -0,0 +1,17 @@ +### [CVE-2024-2359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2359) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command&color=brighgreen) + +### Description + +A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, which lacks proper access control, to modify the `host` configuration at runtime. By changing the `host` setting to an attacker-controlled value, the restriction on the `/execute_code` endpoint can be bypassed, leading to remote code execution. This vulnerability is due to improper neutralization of special elements used in an OS command (`Improper Neutralization of Special Elements used in an OS Command`). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nhienit2010/nhienit2010 + diff --git a/2024/CVE-2024-23594.md b/2024/CVE-2024-23594.md new file mode 100644 index 0000000000..023d6df654 --- /dev/null +++ b/2024/CVE-2024-23594.md @@ -0,0 +1,17 @@ +### [CVE-2024-23594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23594) +![](https://img.shields.io/static/v1?label=Product&message=Windows%207%20and%208%20PC%20Preloads&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A buffer overflow vulnerability was reportedin a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SlashHasher/Nmap_Wireshark + diff --git a/2024/CVE-2024-23609.md b/2024/CVE-2024-23609.md index 3e54c32b1e..059d707e49 100644 --- a/2024/CVE-2024-23609.md +++ b/2024/CVE-2024-23609.md @@ -1,7 +1,7 @@ ### [CVE-2024-23609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23609) ![](https://img.shields.io/static/v1?label=Product&message=LabVIEW&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024%20Q1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-755%20Improper%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1285%20Improper%20Validation%20of%20Specified%20Index%2C%20Position%2C%20or%20Offset%20in%20Input&color=brighgreen) ### Description diff --git a/2024/CVE-2024-23612.md b/2024/CVE-2024-23612.md index e3434d9ba7..bae88a28a3 100644 --- a/2024/CVE-2024-23612.md +++ b/2024/CVE-2024-23612.md @@ -1,7 +1,7 @@ ### [CVE-2024-23612](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23612) ![](https://img.shields.io/static/v1?label=Product&message=LabVIEW&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024%20Q1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-755%20Improper%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1285%20Improper%20Validation%20of%20Specified%20Index%2C%20Position%2C%20or%20Offset%20in%20Input&color=brighgreen) ### Description diff --git a/2024/CVE-2024-2362.md b/2024/CVE-2024-2362.md new file mode 100644 index 0000000000..aeaaece8cd --- /dev/null +++ b/2024/CVE-2024-2362.md @@ -0,0 +1,17 @@ +### [CVE-2024-2362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2362) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-36%20Absolute%20Path%20Traversal&color=brighgreen) + +### Description + +A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nhienit2010/nhienit2010 + diff --git a/2024/CVE-2024-2363.md b/2024/CVE-2024-2363.md index 18df63e29b..33a66c519f 100644 --- a/2024/CVE-2024-2363.md +++ b/2024/CVE-2024-2363.md @@ -10,8 +10,9 @@ ### POC #### Reference -No PoCs from references. +- https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt #### Github +- https://github.com/cnetsec/south-america-cve-hall - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-23650.md b/2024/CVE-2024-23650.md new file mode 100644 index 0000000000..7c2f7ae613 --- /dev/null +++ b/2024/CVE-2024-23650.md @@ -0,0 +1,18 @@ +### [CVE-2024-23650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650) +![](https://img.shields.io/static/v1?label=Product&message=buildkit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.12.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-754%3A%20Improper%20Check%20for%20Unusual%20or%20Exceptional%20Conditions&color=brighgreen) + +### Description + +BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ctrsploit/ctrsploit +- https://github.com/ssst0n3/docker_archive + diff --git a/2024/CVE-2024-23651.md b/2024/CVE-2024-23651.md index 3d98806c86..b8ab00f936 100644 --- a/2024/CVE-2024-23651.md +++ b/2024/CVE-2024-23651.md @@ -14,6 +14,8 @@ No PoCs from references. #### Github - https://github.com/mightysai1997/leaky-vessels-dynamic-detector +- https://github.com/nclsbayona/leaky-vessels +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/snyk/leaky-vessels-dynamic-detector - https://github.com/snyk/leaky-vessels-static-detector diff --git a/2024/CVE-2024-23652.md b/2024/CVE-2024-23652.md index 948d2d4557..2e2d6dd92a 100644 --- a/2024/CVE-2024-23652.md +++ b/2024/CVE-2024-23652.md @@ -15,7 +15,9 @@ No PoCs from references. #### Github - https://github.com/abian2/CVE-2024-23652 - https://github.com/mightysai1997/leaky-vessels-dynamic-detector +- https://github.com/nclsbayona/leaky-vessels - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/snyk/leaky-vessels-dynamic-detector - https://github.com/snyk/leaky-vessels-static-detector diff --git a/2024/CVE-2024-23653.md b/2024/CVE-2024-23653.md index 7553793b53..2d195fafb9 100644 --- a/2024/CVE-2024-23653.md +++ b/2024/CVE-2024-23653.md @@ -13,7 +13,11 @@ BuildKit is a toolkit for converting source code to build artifacts in an effici No PoCs from references. #### Github +- https://github.com/666asd/CVE-2024-23653 +- https://github.com/DrAmmarMoustafa/CHASE-LB-Container-IDS-Dataset - https://github.com/mightysai1997/leaky-vessels-dynamic-detector +- https://github.com/nclsbayona/leaky-vessels +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/snyk/leaky-vessels-dynamic-detector - https://github.com/snyk/leaky-vessels-static-detector diff --git a/2024/CVE-2024-23656.md b/2024/CVE-2024-23656.md index 021bf720f0..a1c9d04ddd 100644 --- a/2024/CVE-2024-23656.md +++ b/2024/CVE-2024-23656.md @@ -15,5 +15,5 @@ Dex is an identity service that uses OpenID Connect to drive authentication for - https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r #### Github -No PoCs found on GitHub currently. +- https://github.com/PS-RANASINGHE/Crypto-Ex---7 diff --git a/2024/CVE-2024-23660.md b/2024/CVE-2024-23660.md index 7c9e1533ec..a406919ee4 100644 --- a/2024/CVE-2024-23660.md +++ b/2024/CVE-2024-23660.md @@ -13,5 +13,6 @@ The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a0 - https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/ #### Github +- https://github.com/8891689/Trust-Wallet-Vulnerability - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-23666.md b/2024/CVE-2024-23666.md new file mode 100644 index 0000000000..095842c2e2 --- /dev/null +++ b/2024/CVE-2024-23666.md @@ -0,0 +1,19 @@ +### [CVE-2024-23666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23666) +![](https://img.shields.io/static/v1?label=Product&message=FortiAnalyzer&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control&color=brighgreen) + +### Description + +A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/synacktiv/CVE-2023-42791_CVE-2024-23666 + diff --git a/2024/CVE-2024-23672.md b/2024/CVE-2024-23672.md index 5c57a79176..480b65f93b 100644 --- a/2024/CVE-2024-23672.md +++ b/2024/CVE-2024-23672.md @@ -13,5 +13,7 @@ Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was No PoCs from references. #### Github +- https://github.com/diegopacheco/Smith - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/m3n0sd0n4ld/uCVE diff --git a/2024/CVE-2024-23673.md b/2024/CVE-2024-23673.md index ee85ad9ead..0ba4c48797 100644 --- a/2024/CVE-2024-23673.md +++ b/2024/CVE-2024-23673.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/shoucheng3/apache__sling-org-apache-sling-servlets-resolver_CVE-2024-23673_2-10-0 diff --git a/2024/CVE-2024-23692.md b/2024/CVE-2024-23692.md index a4f90419a9..31ca5a386a 100644 --- a/2024/CVE-2024-23692.md +++ b/2024/CVE-2024-23692.md @@ -14,17 +14,49 @@ - https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/ #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0x20c/CVE-2024-23692-EXP +- https://github.com/0x20c/CVE-2024-38856-EXP +- https://github.com/12442RF/POC +- https://github.com/999gawkboyy/CVE-2024-23692_Exploit +- https://github.com/AboSteam/POPC +- https://github.com/BBD-YZZ/CVE-2024-23692 +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Mr-r00t11/CVE-2024-23692 +- https://github.com/NanoWraith/CVE-2024-23692 +- https://github.com/NingXin2002/HFS2.3_poc - https://github.com/Ostorlab/KEV - https://github.com/Threekiii/CVE - https://github.com/TrojanAZhen/Self_Back +- https://github.com/Tupler/CVE-2024-23692-exp +- https://github.com/WanLiChangChengWanLiChang/CVE-2024-23692-RCE +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/cve-2024-23692-poc +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cihan-atas/cyberexam-rooms +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/ggfzx/HFS_RCE +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/onewinner/POCS - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main +- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692 - https://github.com/tanjiti/sec_profile - https://github.com/vanboomqi/CVE-2024-23692 +- https://github.com/verylazytech/CVE-2024-23692 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-23708.md b/2024/CVE-2024-23708.md index 022a367b46..c318c9570a 100644 --- a/2024/CVE-2024-23708.md +++ b/2024/CVE-2024-23708.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/uthrasri/CVE-2024-23708 diff --git a/2024/CVE-2024-23709.md b/2024/CVE-2024-23709.md index a2c1f4bea0..b1324ee5b9 100644 --- a/2024/CVE-2024-23709.md +++ b/2024/CVE-2024-23709.md @@ -13,5 +13,6 @@ In multiple locations, there is a possible out of bounds write due to a heap buf - https://android.googlesource.com/platform/external/sonivox/+/3f798575d2d39cd190797427d13471d6e7ceae4c #### Github +- https://github.com/AbrarKhan/external_sonivox_CVE-2024-23709 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-23710.md b/2024/CVE-2024-23710.md new file mode 100644 index 0000000000..5c769ca363 --- /dev/null +++ b/2024/CVE-2024-23710.md @@ -0,0 +1,17 @@ +### [CVE-2024-23710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23710) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/dipa96/daysbeyond-archive + diff --git a/2024/CVE-2024-23722.md b/2024/CVE-2024-23722.md index a1b7b44a30..11cca6f622 100644 --- a/2024/CVE-2024-23722.md +++ b/2024/CVE-2024-23722.md @@ -10,6 +10,7 @@ In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via ### POC #### Reference +- https://medium.com/%40adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00 - https://medium.com/@adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00 #### Github diff --git a/2024/CVE-2024-23724.md b/2024/CVE-2024-23724.md index 9350a27d8d..ef14c4653d 100644 --- a/2024/CVE-2024-23724.md +++ b/2024/CVE-2024-23724.md @@ -14,4 +14,8 @@ #### Github - https://github.com/RhinoSecurityLabs/CVEs +- https://github.com/Youssefdds/CVE-2024-23724 +- https://github.com/gl1tch0x1/Ghost-CMS-Exploit +- https://github.com/ibrahmsql/Ghostscan +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-23733.md b/2024/CVE-2024-23733.md new file mode 100644 index 0000000000..980cc75422 --- /dev/null +++ b/2024/CVE-2024-23733.md @@ -0,0 +1,17 @@ +### [CVE-2024-23733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23733) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ekcrsm/CVE-2024-23733 + diff --git a/2024/CVE-2024-23739.md b/2024/CVE-2024-23739.md index f2af83cc9b..97a20b1fc4 100644 --- a/2024/CVE-2024-23739.md +++ b/2024/CVE-2024-23739.md @@ -13,6 +13,7 @@ An issue in Discord for macOS version 0.0.291 and before, allows remote attacker No PoCs from references. #### Github +- https://github.com/Karmaz95/Credits - https://github.com/V3x0r/CVE-2024-23739 - https://github.com/V3x0r/CVE-2024-23740 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-23744.md b/2024/CVE-2024-23744.md index 897fca331e..30d3444a21 100644 --- a/2024/CVE-2024-23744.md +++ b/2024/CVE-2024-23744.md @@ -13,5 +13,6 @@ An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial No PoCs from references. #### Github +- https://github.com/PS-RANASINGHE/Crypto-Ex---7 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2379.md b/2024/CVE-2024-2379.md index 0d7f5a482f..6b6c84d095 100644 --- a/2024/CVE-2024-2379.md +++ b/2024/CVE-2024-2379.md @@ -14,5 +14,6 @@ libcurl skips the certificate verification for a QUIC connection under certain c - http://seclists.org/fulldisclosure/2024/Jul/19 #### Github -No PoCs found on GitHub currently. +- https://github.com/Dariani223/DevOpsFinal +- https://github.com/x9nico/Exam_Docker diff --git a/2024/CVE-2024-23829.md b/2024/CVE-2024-23829.md index 3b4f79cd41..df2690fb55 100644 --- a/2024/CVE-2024-23829.md +++ b/2024/CVE-2024-23829.md @@ -14,5 +14,5 @@ aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. - https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 #### Github -No PoCs found on GitHub currently. +- https://github.com/rsys-fchaliss/hebe diff --git a/2024/CVE-2024-2383.md b/2024/CVE-2024-2383.md new file mode 100644 index 0000000000..93c09f799e --- /dev/null +++ b/2024/CVE-2024-2383.md @@ -0,0 +1,17 @@ +### [CVE-2024-2383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2383) +![](https://img.shields.io/static/v1?label=Product&message=zenml-io%2Fzenml&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.56.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1021%20Improper%20Restriction%20of%20Rendered%20UI%20Layers%20or%20Frames&color=brighgreen) + +### Description + +A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sonalvijit/cve + diff --git a/2024/CVE-2024-23831.md b/2024/CVE-2024-23831.md new file mode 100644 index 0000000000..5077af9537 --- /dev/null +++ b/2024/CVE-2024-23831.md @@ -0,0 +1,17 @@ +### [CVE-2024-23831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23831) +![](https://img.shields.io/static/v1?label=Product&message=LedgerSMB&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.10.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mmedhat1910/masters-testing-apps + diff --git a/2024/CVE-2024-2387.md b/2024/CVE-2024-2387.md index a9253d3006..e0c454ceaf 100644 --- a/2024/CVE-2024-2387.md +++ b/2024/CVE-2024-2387.md @@ -14,4 +14,7 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/RandomRobbieBF/CVE-2024-2387 +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-2389.md b/2024/CVE-2024-2389.md index a005a5bed6..f9321b6768 100644 --- a/2024/CVE-2024-2389.md +++ b/2024/CVE-2024-2389.md @@ -13,15 +13,35 @@ In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command inj No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV - https://github.com/RhinoSecurityLabs/CVEs +- https://github.com/WhosGa/MyWiki - https://github.com/YN1337/exploit +- https://github.com/Yuan08o/pocs - https://github.com/adhikara13/CVE-2024-2389 +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/cnetsec/shiftepss +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote - https://github.com/getdrive/PoC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/mayur-esh/vuln-liners - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/qiushan996/PentestWriteups - https://github.com/tanjiti/sec_profile +- https://github.com/tylzars/awesome-vrre-writeups - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-23897.md b/2024/CVE-2024-23897.md index 74e8be7711..0bf57cf93e 100644 --- a/2024/CVE-2024-23897.md +++ b/2024/CVE-2024-23897.md @@ -14,73 +14,129 @@ Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of - http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve - https://github.com/10T4/PoC-Fix-jenkins-rce_CVE-2024-23897 +- https://github.com/12442RF/POC - https://github.com/20142995/sectool - https://github.com/3yujw7njai/CVE-2024-23897 - https://github.com/Abo5/CVE-2024-23897 +- https://github.com/AboSteam/POPC - https://github.com/AbraXa5/AbraXa5 - https://github.com/AbraXa5/Jenkins-CVE-2024-23897 +- https://github.com/Andromeda254/cve - https://github.com/Anekant-Singhai/Exploits - https://github.com/Athulya666/CVE-2024-23897 - https://github.com/B4CK4TT4CK/CVE-2024-23897 +- https://github.com/CHDevSec/RedPhaton - https://github.com/CKevens/CVE-2024-23897 +- https://github.com/D1se0/CVE-2024-23897-Vulnerabilidad-Jenkins +- https://github.com/D1se0/D1se0 +- https://github.com/DMW11525708/wiki +- https://github.com/Diephho/NahamConCTF2025-Writeups +- https://github.com/Fineken/Jenkins-CVE-2024-23897-Lab - https://github.com/GhostTroops/TOP +- https://github.com/J1ezds/Vulnerability-Wiki-page - https://github.com/JAthulya/CVE-2024-23897 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Maalfer/CVE-2024-23897 - https://github.com/Marco-zcl/POC +- https://github.com/Marouane133/jenkins-lfi +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Nebian/CVE-2024-23897 +- https://github.com/OWASP/www-project-eks-goat - https://github.com/Ostorlab/KEV +- https://github.com/P4x1s/CVE-2024-23897 - https://github.com/Praison001/CVE-2024-23897-Jenkins-Arbitrary-Read-File-Vulnerability +- https://github.com/R0XDEADBEEF/CVE-2024-23897 +- https://github.com/Shinkirou789/Jenkins-2.441-exploit +- https://github.com/SrMeirins/HackingVault - https://github.com/Surko888/Surko-Exploit-Jenkins-CVE-2024-23897 - https://github.com/ThatNotEasy/CVE-2024-23897 - https://github.com/TheBeastofwar/JenkinsExploit-GUI - https://github.com/TheRedDevil1/CVE-2024-23897 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/Trashexa/WriteUp-Maquina-Secretjenkins- - https://github.com/Vozec/CVE-2024-23897 - https://github.com/WLXQqwer/Jenkins-CVE-2024-23897- +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/XiaomingX/weekly - https://github.com/Y4tacker/JavaSec +- https://github.com/Yuan08o/pocs - https://github.com/ZonghaoLi777/githubTrending +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/afonsovitorio/cve_sandbox +- https://github.com/amalpvatayam67/day03-jenkins-23897 - https://github.com/aneasystone/github-trending - https://github.com/binganao/CVE-2024-23897 +- https://github.com/brandonhjh/Jenkins-CVE-2024-23897-Exploit-Demo +- https://github.com/bright-angel/sec-repos - https://github.com/brijne/CVE-2024-23897-RCE +- https://github.com/cc3305/CVE-2024-23897 +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/cleverg0d/CVEs - https://github.com/cve-sandbox-bot/cve_sandbox - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/dhsgud/jenkins +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/fatihyildizli/github-trend-tracker - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/forsaken0127/CVE-2024-23897 +- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks - https://github.com/gobysec/Goby - https://github.com/godylockz/CVE-2024-23897 - https://github.com/gquere/pwn_jenkins +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/h4x0r-dz/CVE-2024-23897 +- https://github.com/iemotion/POC - https://github.com/ifconfig-me/CVE-2024-23897 - https://github.com/iota4/PoC-Fix-jenkins-rce_CVE-2024-23897 - https://github.com/iota4/PoC-jenkins-rce_CVE-2024-23897 +- https://github.com/ismailmazumder/SL7CVELabsBuilder - https://github.com/jafshare/GithubTrending - https://github.com/jenkinsci-cert/SECURITY-3314-3315 - https://github.com/johe123qwe/github-trending - https://github.com/jopraveen/CVE-2024-23897 - https://github.com/k3ppf0r/2024-PocLib - https://github.com/kaanatmacaa/CVE-2024-23897 +- https://github.com/kang9693/PoC_cve_list +- https://github.com/laoa1573/wy876 - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/lucagioacchini/auto-pen-bench - https://github.com/mil4ne/CVE-2024-23897-Jenkins-4.441 - https://github.com/murataydemir/CVE-2024-23897 - https://github.com/nbalazs1337/poc-jenkins - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/okostine-panw/pc_scripts - https://github.com/onewinner/VulToolsKit +- https://github.com/paultheal1en/auto_pen_bench_web +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/pulentoski/CVE-2024-23897-Arbitrary-file-read - https://github.com/quentin33980/ToolBox-qgt - https://github.com/raheel0x01/CVE-2024-23897 +- https://github.com/revkami/CVE-2024-23897-Jenkins-4.441 - https://github.com/sampsonv/github-trending - https://github.com/securelayer7/CVE-Analysis +- https://github.com/securelayer7/Research - https://github.com/securitycipher/daily-bugbounty-writeups +- https://github.com/slytechroot/CVE-2024-23897 +- https://github.com/sparktsao/auto-pen-bench-study - https://github.com/stevenvegar/Jenkins_scripts +- https://github.com/taielab/awesome-hacking-lists +- https://github.com/tamatee/test_cve_2024_23897 - https://github.com/tanjiti/sec_profile - https://github.com/toxyl/lscve +- https://github.com/tvasari/CVE-2024-23897 +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/verylazytech/CVE-2024-23897 - https://github.com/viszsec/CVE-2024-23897 - https://github.com/vmtyan/poc-cve-2024-23897 - https://github.com/wjlin0/CVE-2024-23897 @@ -89,6 +145,9 @@ Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of - https://github.com/wy876/wiki - https://github.com/xaitax/CVE-2024-23897 - https://github.com/yoryio/CVE-2024-23897 +- https://github.com/zaveribrijesh/cve_sandbox - https://github.com/zengzzzzz/golang-trending-archive +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoxiaoha/github-trending +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-23898.md b/2024/CVE-2024-23898.md index b452599b68..520b0ee197 100644 --- a/2024/CVE-2024-23898.md +++ b/2024/CVE-2024-23898.md @@ -13,8 +13,11 @@ Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both No PoCs from references. #### Github +- https://github.com/davidmgaviria/CVE2_Jenkins_RCE +- https://github.com/davidmgaviria/davidmgaviria - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/jenkinsci-cert/SECURITY-3314-3315 - https://github.com/murataydemir/CVE-2024-23897 +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-23910.md b/2024/CVE-2024-23910.md index cbc63c796f..eb5f126788 100644 --- a/2024/CVE-2024-23910.md +++ b/2024/CVE-2024-23910.md @@ -2,14 +2,18 @@ ![](https://img.shields.io/static/v1?label=Product&message=WMC-X1800GST-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GS2-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GS2H-B&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GST2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2-W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2V-B&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GST2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-G01-W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-X3200GST3-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WSC-X1800GS-B&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.24%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.25%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.30%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.32%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.41%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.62%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.67%20and%20earlier%20&color=brighgreen) diff --git a/2024/CVE-2024-23911.md b/2024/CVE-2024-23911.md new file mode 100644 index 0000000000..f52d18ea0b --- /dev/null +++ b/2024/CVE-2024-23911.md @@ -0,0 +1,20 @@ +### [CVE-2024-23911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23911) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6%20SNMPv2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6%20SNMPv3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Ver.1.51%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Ver.2.30%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20read&color=brighgreen) + +### Description + +Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. + +### POC + +#### Reference +- https://www.cente.jp/obstacle/4960/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-23917.md b/2024/CVE-2024-23917.md index 133be3eb6b..5e2925ae98 100644 --- a/2024/CVE-2024-23917.md +++ b/2024/CVE-2024-23917.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Y4tacker/JavaSec +- https://github.com/crisprss/CVEs - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/k3ppf0r/2024-PocLib diff --git a/2024/CVE-2024-23944.md b/2024/CVE-2024-23944.md new file mode 100644 index 0000000000..caffd24e10 --- /dev/null +++ b/2024/CVE-2024-23944.md @@ -0,0 +1,17 @@ +### [CVE-2024-23944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23944) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20ZooKeeper&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.9.0%3C%3D%203.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical.Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DawnT0wn/Learning-History + diff --git a/2024/CVE-2024-23957.md b/2024/CVE-2024-23957.md new file mode 100644 index 0000000000..5c0a4d2325 --- /dev/null +++ b/2024/CVE-2024-23957.md @@ -0,0 +1,17 @@ +### [CVE-2024-23957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23957) +![](https://img.shields.io/static/v1?label=Product&message=MaxiCharger%20AC%20Elite%20Business%20C50&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.32.00%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability.The specific flaw exists within the DLB_HostHeartBeat handler of the DLB protocol implementation. When parsing an AES key, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.Was ZDI-CAN-23241 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Rotemkal/AutoCVEAnalyzer + diff --git a/2024/CVE-2024-23983.md b/2024/CVE-2024-23983.md new file mode 100644 index 0000000000..6f5ac3c24d --- /dev/null +++ b/2024/CVE-2024-23983.md @@ -0,0 +1,18 @@ +### [CVE-2024-23983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23983) +![](https://img.shields.io/static/v1?label=Product&message=PingAccess&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.1.0%3C%208.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-177%20Improper%20Handling%20of%20URL%20Encoding&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. + +### POC + +#### Reference +- https://docs.pingidentity.com/pingaccess/latest/release_notes/pa_811_rn.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-23995.md b/2024/CVE-2024-23995.md index 49f92fe901..3cdf8eefd2 100644 --- a/2024/CVE-2024-23995.md +++ b/2024/CVE-2024-23995.md @@ -13,5 +13,5 @@ Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote - https://github.com/EQSTLab/PoC/blob/main/2024/RCE/CVE-2024-23995/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/EQSTLab/CVE-2024-23995 diff --git a/2024/CVE-2024-23997.md b/2024/CVE-2024-23997.md index cbe4b4c5e1..29a872d311 100644 --- a/2024/CVE-2024-23997.md +++ b/2024/CVE-2024-23997.md @@ -13,5 +13,5 @@ Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/ele - https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-23997 #### Github -No PoCs found on GitHub currently. +- https://github.com/EQSTLab/CVE-2024-23997 diff --git a/2024/CVE-2024-23998.md b/2024/CVE-2024-23998.md index 5ffb0b0d79..5e0fa8c844 100644 --- a/2024/CVE-2024-23998.md +++ b/2024/CVE-2024-23998.md @@ -13,5 +13,5 @@ goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scri - https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-23998 #### Github -No PoCs found on GitHub currently. +- https://github.com/EQSTLab/CVE-2024-23998 diff --git a/2024/CVE-2024-2403.md b/2024/CVE-2024-2403.md new file mode 100644 index 0000000000..ac572fe295 --- /dev/null +++ b/2024/CVE-2024-2403.md @@ -0,0 +1,17 @@ +### [CVE-2024-2403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2403) +![](https://img.shields.io/static/v1?label=Product&message=Remote%20Desktop%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.1.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 andearlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0004 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24034.md b/2024/CVE-2024-24034.md index f2171b08d4..14f96aa802 100644 --- a/2024/CVE-2024-24034.md +++ b/2024/CVE-2024-24034.md @@ -14,5 +14,6 @@ Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprin #### Github - https://github.com/ELIZEUOPAIN/CVE-2024-24034 +- https://github.com/ELIZEUOPAIN/PoC-CVE-2024-24034 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-24035.md b/2024/CVE-2024-24035.md index a2a1fd9772..3acf6af7ef 100644 --- a/2024/CVE-2024-24035.md +++ b/2024/CVE-2024-24035.md @@ -14,6 +14,7 @@ Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows att #### Github - https://github.com/ELIZEUOPAIN/CVE-2024-24035 +- https://github.com/ELIZEUOPAIN/PoC-CVE-2024-24035 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-24041.md b/2024/CVE-2024-24041.md index 52e23cf39d..d0feed1a31 100644 --- a/2024/CVE-2024-24041.md +++ b/2024/CVE-2024-24041.md @@ -14,5 +14,8 @@ A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP an - https://portswigger.net/web-security/cross-site-scripting #### Github +- https://github.com/PJDEEPESH/Xss_Vulnerability_LLm_Agent +- https://github.com/robi56/vulnerability_checker - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-2408.md b/2024/CVE-2024-2408.md index 804914b072..b0b65aacbf 100644 --- a/2024/CVE-2024-2408.md +++ b/2024/CVE-2024-2408.md @@ -15,4 +15,5 @@ The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_P #### Github - https://github.com/chnzzh/OpenSSL-CVE-lib - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ildefonso0/php-7.2.34-CVE-2024 diff --git a/2024/CVE-2024-24321.md b/2024/CVE-2024-24321.md index b293f596d9..a8e0c40746 100644 --- a/2024/CVE-2024-24321.md +++ b/2024/CVE-2024-24321.md @@ -14,5 +14,5 @@ An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbi - https://www.dlink.com/en/security-bulletin/ #### Github -No PoCs found on GitHub currently. +- https://github.com/attilaszia/linux-iot-cves diff --git a/2024/CVE-2024-24409.md b/2024/CVE-2024-24409.md new file mode 100644 index 0000000000..e7acf680b5 --- /dev/null +++ b/2024/CVE-2024-24409.md @@ -0,0 +1,18 @@ +### [CVE-2024-24409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24409) +![](https://img.shields.io/static/v1?label=Product&message=ADManager%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207203%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/passtheticket/CVE-2024-24409 + diff --git a/2024/CVE-2024-24416.md b/2024/CVE-2024-24416.md new file mode 100644 index 0000000000..291a0778c2 --- /dev/null +++ b/2024/CVE-2024-24416.md @@ -0,0 +1,17 @@ +### [CVE-2024-24416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24416) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24417.md b/2024/CVE-2024-24417.md new file mode 100644 index 0000000000..35d30f835a --- /dev/null +++ b/2024/CVE-2024-24417.md @@ -0,0 +1,17 @@ +### [CVE-2024-24417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24417) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24418.md b/2024/CVE-2024-24418.md new file mode 100644 index 0000000000..744ca2046c --- /dev/null +++ b/2024/CVE-2024-24418.md @@ -0,0 +1,17 @@ +### [CVE-2024-24418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24418) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24419.md b/2024/CVE-2024-24419.md new file mode 100644 index 0000000000..1f9c143712 --- /dev/null +++ b/2024/CVE-2024-24419.md @@ -0,0 +1,17 @@ +### [CVE-2024-24419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24419) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24420.md b/2024/CVE-2024-24420.md new file mode 100644 index 0000000000..a369e694ff --- /dev/null +++ b/2024/CVE-2024-24420.md @@ -0,0 +1,17 @@ +### [CVE-2024-24420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24420) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24421.md b/2024/CVE-2024-24421.md new file mode 100644 index 0000000000..50fa9057e5 --- /dev/null +++ b/2024/CVE-2024-24421.md @@ -0,0 +1,17 @@ +### [CVE-2024-24421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24421) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24422.md b/2024/CVE-2024-24422.md new file mode 100644 index 0000000000..cc519f35b6 --- /dev/null +++ b/2024/CVE-2024-24422.md @@ -0,0 +1,17 @@ +### [CVE-2024-24422](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24422) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24423.md b/2024/CVE-2024-24423.md new file mode 100644 index 0000000000..f44e0136e0 --- /dev/null +++ b/2024/CVE-2024-24423.md @@ -0,0 +1,17 @@ +### [CVE-2024-24423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24423) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24424.md b/2024/CVE-2024-24424.md new file mode 100644 index 0000000000..dab773cc03 --- /dev/null +++ b/2024/CVE-2024-24424.md @@ -0,0 +1,17 @@ +### [CVE-2024-24424](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24424) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24425.md b/2024/CVE-2024-24425.md new file mode 100644 index 0000000000..dd6284d818 --- /dev/null +++ b/2024/CVE-2024-24425.md @@ -0,0 +1,17 @@ +### [CVE-2024-24425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24425) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24426.md b/2024/CVE-2024-24426.md new file mode 100644 index 0000000000..e67ad30f9e --- /dev/null +++ b/2024/CVE-2024-24426.md @@ -0,0 +1,17 @@ +### [CVE-2024-24426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24426) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24427.md b/2024/CVE-2024-24427.md new file mode 100644 index 0000000000..59bfba2558 --- /dev/null +++ b/2024/CVE-2024-24427.md @@ -0,0 +1,17 @@ +### [CVE-2024-24427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24427) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24428.md b/2024/CVE-2024-24428.md new file mode 100644 index 0000000000..7dfd213edb --- /dev/null +++ b/2024/CVE-2024-24428.md @@ -0,0 +1,17 @@ +### [CVE-2024-24428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24428) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the oai_nas_5gmm_decode function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24429.md b/2024/CVE-2024-24429.md new file mode 100644 index 0000000000..be7ae20b28 --- /dev/null +++ b/2024/CVE-2024-24429.md @@ -0,0 +1,17 @@ +### [CVE-2024-24429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24429) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24430.md b/2024/CVE-2024-24430.md new file mode 100644 index 0000000000..4ee013a9cf --- /dev/null +++ b/2024/CVE-2024-24430.md @@ -0,0 +1,17 @@ +### [CVE-2024-24430](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24430) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24431.md b/2024/CVE-2024-24431.md new file mode 100644 index 0000000000..4104178f96 --- /dev/null +++ b/2024/CVE-2024-24431.md @@ -0,0 +1,17 @@ +### [CVE-2024-24431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24431) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24432.md b/2024/CVE-2024-24432.md new file mode 100644 index 0000000000..86cfd40311 --- /dev/null +++ b/2024/CVE-2024-24432.md @@ -0,0 +1,17 @@ +### [CVE-2024-24432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24432) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24442.md b/2024/CVE-2024-24442.md new file mode 100644 index 0000000000..5c98d5fca7 --- /dev/null +++ b/2024/CVE-2024-24442.md @@ -0,0 +1,17 @@ +### [CVE-2024-24442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24442) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24443.md b/2024/CVE-2024-24443.md new file mode 100644 index 0000000000..13845e76cd --- /dev/null +++ b/2024/CVE-2024-24443.md @@ -0,0 +1,17 @@ +### [CVE-2024-24443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24443) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24444.md b/2024/CVE-2024-24444.md new file mode 100644 index 0000000000..d59fd3c893 --- /dev/null +++ b/2024/CVE-2024-24444.md @@ -0,0 +1,17 @@ +### [CVE-2024-24444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24444) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24445.md b/2024/CVE-2024-24445.md new file mode 100644 index 0000000000..8544009e6f --- /dev/null +++ b/2024/CVE-2024-24445.md @@ -0,0 +1,17 @@ +### [CVE-2024-24445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24445) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is unsupported, OAI indexes into a null function pointer and subsequently dereferences it. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24446.md b/2024/CVE-2024-24446.md new file mode 100644 index 0000000000..bbf8817da7 --- /dev/null +++ b/2024/CVE-2024-24446.md @@ -0,0 +1,17 @@ +### [CVE-2024-24446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24446) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24447.md b/2024/CVE-2024-24447.md new file mode 100644 index 0000000000..8a861d564d --- /dev/null +++ b/2024/CVE-2024-24447.md @@ -0,0 +1,17 @@ +### [CVE-2024-24447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24447) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24449.md b/2024/CVE-2024-24449.md new file mode 100644 index 0000000000..86aa2839c9 --- /dev/null +++ b/2024/CVE-2024-24449.md @@ -0,0 +1,17 @@ +### [CVE-2024-24449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24449) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24450.md b/2024/CVE-2024-24450.md new file mode 100644 index 0000000000..4ab0795e37 --- /dev/null +++ b/2024/CVE-2024-24450.md @@ -0,0 +1,18 @@ +### [CVE-2024-24450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24450) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +- https://github.com/SpiralBL0CK/-CVE-2024-24450- +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-24451.md b/2024/CVE-2024-24451.md new file mode 100644 index 0000000000..c3dcbfde43 --- /dev/null +++ b/2024/CVE-2024-24451.md @@ -0,0 +1,18 @@ +### [CVE-2024-24451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24451) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stack overflow in the sctp_server::sctp_receiver_thread component of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-24451 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-24549.md b/2024/CVE-2024-24549.md index 59c8a0c618..2263c26a9c 100644 --- a/2024/CVE-2024-24549.md +++ b/2024/CVE-2024-24549.md @@ -13,7 +13,11 @@ Denial of Service due to improper input validation vulnerability for HTTP/2 requ No PoCs from references. #### Github +- https://github.com/Abdurahmon3236/CVE-2024-24549 +- https://github.com/JFOZ1010/CVE-2024-24549 +- https://github.com/diegopacheco/Smith - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/m3n0sd0n4ld/uCVE - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-24564.md b/2024/CVE-2024-24564.md index c3ad83c22d..a1048cf714 100644 --- a/2024/CVE-2024-24564.md +++ b/2024/CVE-2024-24564.md @@ -1,11 +1,11 @@ ### [CVE-2024-24564](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24564) ![](https://img.shields.io/static/v1?label=Product&message=vyper&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.3.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.4.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) ### Description -Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. +Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0. ### POC diff --git a/2024/CVE-2024-24571.md b/2024/CVE-2024-24571.md index 6cce3072d1..b027d6adca 100644 --- a/2024/CVE-2024-24571.md +++ b/2024/CVE-2024-24571.md @@ -13,5 +13,5 @@ facileManager is a modular suite of web apps built with the sysadmin in mind. Fo - https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj #### Github -No PoCs found on GitHub currently. +- https://github.com/damaidec/damaidec.github.io diff --git a/2024/CVE-2024-24572.md b/2024/CVE-2024-24572.md index b157c6e3a2..ad58796cda 100644 --- a/2024/CVE-2024-24572.md +++ b/2024/CVE-2024-24572.md @@ -13,5 +13,5 @@ facileManager is a modular suite of web apps built with the sysadmin in mind. In - https://github.com/WillyXJ/facileManager/security/advisories/GHSA-xw34-8pj6-75gc #### Github -No PoCs found on GitHub currently. +- https://github.com/damaidec/damaidec.github.io diff --git a/2024/CVE-2024-24573.md b/2024/CVE-2024-24573.md index b9725a9557..2db52d3564 100644 --- a/2024/CVE-2024-24573.md +++ b/2024/CVE-2024-24573.md @@ -13,5 +13,5 @@ facileManager is a modular suite of web apps built with the sysadmin in mind. In - https://github.com/WillyXJ/facileManager/security/advisories/GHSA-w67q-pp62-j4pf #### Github -No PoCs found on GitHub currently. +- https://github.com/damaidec/damaidec.github.io diff --git a/2024/CVE-2024-24576.md b/2024/CVE-2024-24576.md index 2392a3d82e..4d6b9776d3 100644 --- a/2024/CVE-2024-24576.md +++ b/2024/CVE-2024-24576.md @@ -20,16 +20,19 @@ No PoCs from references. - https://github.com/WoodManGitHub/CVE-Research - https://github.com/aydinnyunus/CVE-2024-24576-Exploit - https://github.com/brains93/CVE-2024-24576-PoC-Python +- https://github.com/brownpanda29/cve202424576 - https://github.com/corysabol/batbadbut-demo - https://github.com/fireinrain/github-trending - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/foxoman/CVE-2024-24576-PoC---Nim - https://github.com/frostb1ten/CVE-2024-24576-PoC +- https://github.com/hjjhost/Clash-Verge-Rev-RCE - https://github.com/jafshare/GithubTrending - https://github.com/kherrick/lobsters - https://github.com/lpn/CVE-2024-24576.jl - https://github.com/michalsvoboda76/batbadbut - https://github.com/mishalhossin/CVE-2024-24576-PoC-Python +- https://github.com/mishl-dev/CVE-2024-24576-PoC-Python - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/oskardudycz/ArchitectureWeekly - https://github.com/p14t1num/cve-2024-24576-python diff --git a/2024/CVE-2024-24590.md b/2024/CVE-2024-24590.md index 8f9017c141..c453a61fd2 100644 --- a/2024/CVE-2024-24590.md +++ b/2024/CVE-2024-24590.md @@ -13,8 +13,13 @@ Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the No PoCs from references. #### Github +- https://github.com/Milamagof/Blurry-writeup-HTB - https://github.com/OxyDeV2/ClearML-CVE-2024-24590 - https://github.com/diegogarciayala/CVE-2024-24590-ClearML-RCE-CMD-POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/j3r1ch0123/CVE-2024-24590 +- https://github.com/junnythemarksman/CVE-2024-24590 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sviim/ClearML-CVE-2024-24590-RCE +- https://github.com/xffsec/CVE-2024-24590-ClearML-RCE-Exploit diff --git a/2024/CVE-2024-24680.md b/2024/CVE-2024-24680.md index bb99478290..f8d7ff1b40 100644 --- a/2024/CVE-2024-24680.md +++ b/2024/CVE-2024-24680.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ch4n3-yoon/ch4n3-yoon - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/vmazurukrtelecom/awx_devel_24_6_1howto diff --git a/2024/CVE-2024-24684.md b/2024/CVE-2024-24684.md new file mode 100644 index 0000000000..e5b820b72d --- /dev/null +++ b/2024/CVE-2024-24684.md @@ -0,0 +1,17 @@ +### [CVE-2024-24684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24684) +![](https://img.shields.io/static/v1?label=Product&message=libigl&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v2.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the header parsing occuring while processing an `.off` file via the `readOFF` function. We can see above that at [0] a stack-based buffer called `comment` is defined with an hardcoded size of `1000 bytes`. The call to `fscanf` at [1] is unsafe and if the first line of the header of the `.off` files is longer than 1000 bytes it will overflow the `header` buffer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-24684 + diff --git a/2024/CVE-2024-24685.md b/2024/CVE-2024-24685.md new file mode 100644 index 0000000000..7699fe6873 --- /dev/null +++ b/2024/CVE-2024-24685.md @@ -0,0 +1,17 @@ +### [CVE-2024-24685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24685) +![](https://img.shields.io/static/v1?label=Product&message=libigl&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v2.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-24685 + diff --git a/2024/CVE-2024-24686.md b/2024/CVE-2024-24686.md new file mode 100644 index 0000000000..6eb75d5eb1 --- /dev/null +++ b/2024/CVE-2024-24686.md @@ -0,0 +1,17 @@ +### [CVE-2024-24686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24686) +![](https://img.shields.io/static/v1?label=Product&message=libigl&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v2.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the faces section of an `.off` file processed via the `readOFF` function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-24686 + diff --git a/2024/CVE-2024-24690.md b/2024/CVE-2024-24690.md index 6b29b06649..8dcc866b7a 100644 --- a/2024/CVE-2024-24690.md +++ b/2024/CVE-2024-24690.md @@ -1,7 +1,7 @@ ### [CVE-2024-24690](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24690) ![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Clients&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20see%20references%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1284%3A%20Improper%20Validation%20of%20Specified%20Quantity%20in%20Input&color=brighgreen) ### Description diff --git a/2024/CVE-2024-24691.md b/2024/CVE-2024-24691.md index cc1483068e..a1c51a77ef 100644 --- a/2024/CVE-2024-24691.md +++ b/2024/CVE-2024-24691.md @@ -1,11 +1,11 @@ ### [CVE-2024-24691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24691) ![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Desktop%20Client%20for%20Windows%2C%20Zoom%20VDI%20Client%20for%20Windows%2C%20and%20Zoom%20Meeting%20SDK%20for%20Windows&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20see%20references%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-176%3A%20Improper%20Handling%20of%20Unicode%20Encoding&color=brighgreen) ### Description - Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. +Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. ### POC diff --git a/2024/CVE-2024-24693.md b/2024/CVE-2024-24693.md index 54fde3f34a..ae4d37aa43 100644 --- a/2024/CVE-2024-24693.md +++ b/2024/CVE-2024-24693.md @@ -1,7 +1,7 @@ ### [CVE-2024-24693](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24693) ![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Rooms%20Client%20for%20Windows&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%205.17.5%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20(CWE-284)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-379%3A%20Creation%20of%20Temporary%20File%20in%20Directory%20with%20Insecure%20Permissions&color=brighgreen) ### Description diff --git a/2024/CVE-2024-24698.md b/2024/CVE-2024-24698.md index 723b12417f..96f668fe95 100644 --- a/2024/CVE-2024-24698.md +++ b/2024/CVE-2024-24698.md @@ -1,7 +1,7 @@ ### [CVE-2024-24698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24698) ![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Clients&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20see%20references%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-449%3A%20The%20UI%20Performs%20the%20Wrong%20Action&color=brighgreen) ### Description diff --git a/2024/CVE-2024-24722.md b/2024/CVE-2024-24722.md index 89c18b08b2..e6361c1e65 100644 --- a/2024/CVE-2024-24722.md +++ b/2024/CVE-2024-24722.md @@ -10,7 +10,7 @@ An unquoted service path vulnerability in the 12d Synergy Server and File Replic ### POC #### Reference -No PoCs from references. +- https://www.12dsynergy.com/security-statement/ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-24725.md b/2024/CVE-2024-24725.md index b09b48f3aa..b632c8d5d6 100644 --- a/2024/CVE-2024-24725.md +++ b/2024/CVE-2024-24725.md @@ -13,6 +13,7 @@ Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserial - https://www.exploit-db.com/exploits/51903 #### Github +- https://github.com/MelkorW/CVE-2024-24725-PoC - https://github.com/NaInSec/CVE-LIST - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-24740.md b/2024/CVE-2024-24740.md index c53caf1493..c4da860c76 100644 --- a/2024/CVE-2024-24740.md +++ b/2024/CVE-2024-24740.md @@ -1,7 +1,7 @@ ### [CVE-2024-24740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24740) ![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20Application%20Server%20ABAP%20(SAP%20Kernel)&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20KERNEL%207.53%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%3A%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) ### Description diff --git a/2024/CVE-2024-24759.md b/2024/CVE-2024-24759.md new file mode 100644 index 0000000000..bcdde79dca --- /dev/null +++ b/2024/CVE-2024-24759.md @@ -0,0 +1,17 @@ +### [CVE-2024-24759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24759) +![](https://img.shields.io/static/v1?label=Product&message=mindsdb&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2023.12.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sim4n6/Sim4n6 + diff --git a/2024/CVE-2024-24762.md b/2024/CVE-2024-24762.md index 44bd6ea689..a50e06d0bc 100644 --- a/2024/CVE-2024-24762.md +++ b/2024/CVE-2024-24762.md @@ -19,6 +19,10 @@ - https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389 #### Github +- https://github.com/Kwaai-AI-Lab/OpenAI-Petal - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jpmajesty2025/aie-bootcamp-july-2025-week-4-mlops +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase +- https://github.com/patiza604/universal-manual-rag-chat - https://github.com/seal-community/patches diff --git a/2024/CVE-2024-2477.md b/2024/CVE-2024-2477.md index cb9335ecb9..4c823b69ed 100644 --- a/2024/CVE-2024-2477.md +++ b/2024/CVE-2024-2477.md @@ -13,5 +13,6 @@ The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting v No PoCs from references. #### Github +- https://github.com/NeoOniX/5ATTACK - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-24777.md b/2024/CVE-2024-24777.md new file mode 100644 index 0000000000..52297f54db --- /dev/null +++ b/2024/CVE-2024-24777.md @@ -0,0 +1,17 @@ +### [CVE-2024-24777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24777) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6012&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R0.40e6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1981 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-24780.md b/2024/CVE-2024-24780.md new file mode 100644 index 0000000000..f56702dfd6 --- /dev/null +++ b/2024/CVE-2024-24780.md @@ -0,0 +1,20 @@ +### [CVE-2024-24780](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24780) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20IoTDB&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.3.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20with%20untrusted%20URI%20of%20User-defined%20function&color=brighgreen) + +### Description + +Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI.This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.Users are recommended to upgrade to version 1.3.4, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/nbxiglk0/nbxiglk0 + diff --git a/2024/CVE-2024-24783.md b/2024/CVE-2024-24783.md index 594211f28e..a8a948e049 100644 --- a/2024/CVE-2024-24783.md +++ b/2024/CVE-2024-24783.md @@ -13,5 +13,6 @@ Verifying a certificate chain which contains a certificate with an unknown publi No PoCs from references. #### Github +- https://github.com/h4ckm1n-dev/report-test - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-24784.md b/2024/CVE-2024-24784.md index 014cc61357..4b3c0f6251 100644 --- a/2024/CVE-2024-24784.md +++ b/2024/CVE-2024-24784.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h4ckm1n-dev/report-test - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-24785.md b/2024/CVE-2024-24785.md index 4538ebe531..9d00f498f5 100644 --- a/2024/CVE-2024-24785.md +++ b/2024/CVE-2024-24785.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h4ckm1n-dev/report-test - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-24786.md b/2024/CVE-2024-24786.md index 258d251478..3c255a441e 100644 --- a/2024/CVE-2024-24786.md +++ b/2024/CVE-2024-24786.md @@ -14,9 +14,14 @@ The protojson.Unmarshal function can enter an infinite loop when unmarshaling ce No PoCs from references. #### Github +- https://github.com/11notes/docker-ente - https://github.com/DanielePeruzzi97/rancher-k3s-docker - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h4ckm1n-dev/report-test +- https://github.com/kaisensan/desafio-girus-pick - https://github.com/nics-tw/sbom2vans +- https://github.com/ofirc/ingress-nightmare +- https://github.com/openshift-sustaining/ocp-cve-remediator - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-24789.md b/2024/CVE-2024-24789.md index 2bb971baa5..4f92259693 100644 --- a/2024/CVE-2024-24789.md +++ b/2024/CVE-2024-24789.md @@ -14,4 +14,5 @@ The archive/zip package's handling of certain types of invalid zip files differs #### Github - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/h4ckm1n-dev/report-test diff --git a/2024/CVE-2024-24790.md b/2024/CVE-2024-24790.md index 7ad028caf6..bb6b817bff 100644 --- a/2024/CVE-2024-24790.md +++ b/2024/CVE-2024-24790.md @@ -14,4 +14,8 @@ No PoCs from references. #### Github - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/brokedba/K8sGpt_lab +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/h4ckm1n-dev/report-test +- https://github.com/runwhen-contrib/helm-charts diff --git a/2024/CVE-2024-24791.md b/2024/CVE-2024-24791.md index 3aa296732d..44bb8d7b3e 100644 --- a/2024/CVE-2024-24791.md +++ b/2024/CVE-2024-24791.md @@ -14,4 +14,7 @@ No PoCs from references. #### Github - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/felipecruz91/e2e-scout +- https://github.com/h4ckm1n-dev/report-test diff --git a/2024/CVE-2024-24795.md b/2024/CVE-2024-24795.md index 078f91dcc3..ffc4802a3c 100644 --- a/2024/CVE-2024-24795.md +++ b/2024/CVE-2024-24795.md @@ -1,7 +1,7 @@ ### [CVE-2024-24795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795) ![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.58%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=HTTP%20response%20splitting&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-113%20Improper%20Neutralization%20of%20CRLF%20Sequences%20in%20HTTP%20Headers%20('HTTP%20Response%20Splitting')&color=brighgreen) ### Description @@ -13,5 +13,6 @@ HTTP Response splitting in multiple modules in Apache HTTP Server allows an atta - http://seclists.org/fulldisclosure/2024/Jul/18 #### Github +- https://github.com/NeoOniX/5ATTACK - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-24806.md b/2024/CVE-2024-24806.md index 7ca627d516..7374d38cd9 100644 --- a/2024/CVE-2024-24806.md +++ b/2024/CVE-2024-24806.md @@ -14,5 +14,6 @@ libuv is a multi-platform support library with a focus on asynchronous I/O. The - https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 #### Github +- https://github.com/Roldo97/cve-patching - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-24809.md b/2024/CVE-2024-24809.md index 5d3b9e3f4c..0fc68dfd17 100644 --- a/2024/CVE-2024-24809.md +++ b/2024/CVE-2024-24809.md @@ -16,4 +16,5 @@ Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnera #### Github - https://github.com/20142995/nuclei-templates - https://github.com/Ostorlab/KEV +- https://github.com/gh-ost00/CVE-2024-24809-Proof-of-concept diff --git a/2024/CVE-2024-24813.md b/2024/CVE-2024-24813.md index 89e14711cc..5df3e6b269 100644 --- a/2024/CVE-2024-24813.md +++ b/2024/CVE-2024-24813.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/defHawk-tech/CVEs diff --git a/2024/CVE-2024-2485.md b/2024/CVE-2024-2485.md index fcaf835d66..514862e06a 100644 --- a/2024/CVE-2024-2485.md +++ b/2024/CVE-2024-2485.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2489.md b/2024/CVE-2024-2489.md index 28ccb4ad41..b7a8abbb1a 100644 --- a/2024/CVE-2024-2489.md +++ b/2024/CVE-2024-2489.md @@ -14,4 +14,5 @@ A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2490.md b/2024/CVE-2024-2490.md index d950f325e4..a427df7b87 100644 --- a/2024/CVE-2024-2490.md +++ b/2024/CVE-2024-2490.md @@ -14,4 +14,5 @@ A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affe #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-24914.md b/2024/CVE-2024-24914.md new file mode 100644 index 0000000000..06ea64dcc5 --- /dev/null +++ b/2024/CVE-2024-24914.md @@ -0,0 +1,17 @@ +### [CVE-2024-24914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24914) +![](https://img.shields.io/static/v1?label=Product&message=ClusterXL%2C%20Multi-Domain%20Security%20Management%2C%20Quantum%20Appliances%2C%20Quantum%20Maestro%2C%20Quantum%20Scalable%20Chassis%2C%20Quantum%20Security%20Gateways%2C%20Quantum%20Security%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Check%20Point%20Quantum%20Gateways%20versions%20R81%2C%20R81.10%2C%20R81.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-914%3A%20Improper%20Control%20of%20Dynamically-Identified%20Variables&color=brighgreen) + +### Description + +Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-24919.md b/2024/CVE-2024-24919.md index e5cd97912d..be54a2be6a 100644 --- a/2024/CVE-2024-24919.md +++ b/2024/CVE-2024-24919.md @@ -13,45 +13,91 @@ Potentially allowing an attacker to read certain information on Check Point Secu No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0nin0hanz0/CVE-2024-24919-PoC - https://github.com/0x3f3c/CVE-2024-24919 +- https://github.com/0xYumeko/CVE-2024-24919 - https://github.com/0xans/CVE-2024-24919 +- https://github.com/0xkalawy/CVE-2024-24919 +- https://github.com/0xor0ne/awesome-list +- https://github.com/12442RF/POC +- https://github.com/2x3dot6/EventID.263-SOC287-Walkthrough - https://github.com/3UR/CVE-2024-24919 +- https://github.com/AboSteam/POPC - https://github.com/B1naryo/CVE-2024-24919-POC - https://github.com/Bytenull00/CVE-2024-24919 - https://github.com/Cappricio-Securities/CVE-2024-24919 +- https://github.com/CyberBibs/Event-ID-263-Arbitrary-File-Read-on-Checkpoint-Security-Gateway-CVE-2024-24919- +- https://github.com/CyberBibs/Labs +- https://github.com/CyberBibs/SOC274---Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400- +- https://github.com/CyprianAtsyor/CVE-2024-24919-Incident-Report.md +- https://github.com/DMW11525708/wiki - https://github.com/Expl0itD0g/CVE-2024-24919---Poc - https://github.com/GlobalsecureAcademy/CVE-2024-24919 - https://github.com/GoatSecurity/CVE-2024-24919 - https://github.com/GuayoyoCyber/CVE-2024-24919 +- https://github.com/H3KEY/CVE-2024-24919 +- https://github.com/HackUnderway/cerberus - https://github.com/J4F9S5D2Q7/CVE-2024-24919 - https://github.com/J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 +- https://github.com/Jutrm/cve-2024-24919 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/LucasKatashi/CVE-2024-24919 +- https://github.com/LuisMateo1/Arbitrary-File-Read-CVE-2024-24919 +- https://github.com/LuisMateo1/LuisMateo +- https://github.com/MacUchegit/Detecting-and-Analyzing-CVE-2024-24919-Exploitation +- https://github.com/MacUchegit/MacUchegit - https://github.com/MohamedWagdy7/CVE-2024-24919 +- https://github.com/NingXin2002/Check-Point_poc +- https://github.com/Nop3z/IOTsec-all-in-one - https://github.com/Ostorlab/KEV +- https://github.com/P3wc0/CVE-2024-24919 - https://github.com/Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN +- https://github.com/RaphaelEjike/Latest_disclosed_cybersecurity_incidents - https://github.com/RevoltSecurities/CVE-2024-24919 - https://github.com/Rug4lo/CVE-2024-24919-Exploit +- https://github.com/SalehLardhi/CVE-2024-24919 +- https://github.com/ShadowByte1/CVE-2024-24919 - https://github.com/Threekiii/CVE - https://github.com/Tim-Hoekstra/CVE-2024-24919 - https://github.com/Vulnpire/CVE-2024-24919 +- https://github.com/WhosGa/MyWiki - https://github.com/YN1337/CVE-2024-24919 +- https://github.com/Yuan08o/pocs +- https://github.com/abdulkuyateh/abdulkuyateh +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/am-eid/CVE-2024-24919 +- https://github.com/bachkhoasoft/awesome-list-ks +- https://github.com/barkandbite/iranian-apt-detection - https://github.com/bigb0x/CVE-2024-24919-Sniper - https://github.com/birdlex/cve-2024-24919-checker - https://github.com/c3rrberu5/CVE-2024-24919 +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/cp-ibmcloud/checkpoint-iaas-gw-ibm-vpc - https://github.com/cp-ibmcloud/checkpoint-iaas-mgmt-ibm-vpc - https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap +- https://github.com/eeeeeeeeee-code/POC - https://github.com/emanueldosreis/CVE-2024-24919 - https://github.com/enomothem/PenTestNote - https://github.com/eoslvs/CVE-2024-24919 - https://github.com/fernandobortotti/CVE-2024-24919 +- https://github.com/funixone/CVE-2024-24919---Exploit-Script +- https://github.com/geniuszly/CVE-2024-24919 +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/gurudattch/CVE-2024-24919 +- https://github.com/hashdr1ft/SOC_287 - https://github.com/hendprw/CVE-2024-24919 +- https://github.com/ianovich/Lets-Defend-Check-Point-Security-Gateway-Arbitrary-File-Read-SOC-Alert - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC - https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner +- https://github.com/laoa1573/wy876 - https://github.com/lirantal/cve-cvss-calculator +- https://github.com/ltdenard/cve_lookup - https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit - https://github.com/netlas-io/netlas-dorks - https://github.com/nexblade12/CVE-2024-24919 @@ -59,16 +105,21 @@ No PoCs from references. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nullcult/CVE-2024-24919-Exploit - https://github.com/numencyber/Vulnerability_PoC +- https://github.com/oLy0/Vulnerability - https://github.com/pewc0/CVE-2024-24919 +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/protonnegativo/CVE-2024-24919 - https://github.com/r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check - https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN +- https://github.com/sar-3mar/CV-Only +- https://github.com/sar-3mar/CVE-2024-24919_POC - https://github.com/satchhacker/cve-2024-24919 - https://github.com/satriarizka/CVE-2024-24919 - https://github.com/seed1337/CVE-2024-24919-POC - https://github.com/sep2limited/CheckPoint_Query_Py - https://github.com/shilpaverma2/NEW-CHECKPOINT-CVE - https://github.com/smackerdodi/CVE-2024-24919-nuclei-templater +- https://github.com/spider00009/CVE-2024-24919-POC - https://github.com/starlox0/CVE-2024-24919-POC - https://github.com/tanjiti/sec_profile - https://github.com/un9nplayer/CVE-2024-24919 @@ -77,4 +128,6 @@ No PoCs from references. - https://github.com/wy876/POC - https://github.com/wy876/wiki - https://github.com/zam89/CVE-2024-24919 +- https://github.com/zhanpengliu-tencent/medium-cve +- https://github.com/zxcod3/CVE-2024-24919 diff --git a/2024/CVE-2024-24926.md b/2024/CVE-2024-24926.md new file mode 100644 index 0000000000..bf0508dac2 --- /dev/null +++ b/2024/CVE-2024-24926.md @@ -0,0 +1,17 @@ +### [CVE-2024-24926](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24926) +![](https://img.shields.io/static/v1?label=Product&message=Brooklyn%20%7C%20Creative%20Multi-Purpose%20Responsive%20WordPress%20Theme&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.9.7.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/moften/CVE-2024-24926 + diff --git a/2024/CVE-2024-24942.md b/2024/CVE-2024-24942.md index 9840fa5a50..c5165719c6 100644 --- a/2024/CVE-2024-24942.md +++ b/2024/CVE-2024-24942.md @@ -13,5 +13,6 @@ In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data withi No PoCs from references. #### Github +- https://github.com/crisprss/CVEs - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-24989.md b/2024/CVE-2024-24989.md new file mode 100644 index 0000000000..c89dc619a8 --- /dev/null +++ b/2024/CVE-2024-24989.md @@ -0,0 +1,19 @@ +### [CVE-2024-24989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24989) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Open%20Source&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.25.3%3C%201.25.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=R31%3C%20R31%20P1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/spicehq/nginx-demo + diff --git a/2024/CVE-2024-24990.md b/2024/CVE-2024-24990.md new file mode 100644 index 0000000000..9bde92ee7e --- /dev/null +++ b/2024/CVE-2024-24990.md @@ -0,0 +1,19 @@ +### [CVE-2024-24990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24990) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Open%20Source&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.25.0%3C%201.25.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=R31%3C%20R31%20P1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/spicehq/nginx-demo + diff --git a/2024/CVE-2024-24993.md b/2024/CVE-2024-24993.md new file mode 100644 index 0000000000..d86d0af73c --- /dev/null +++ b/2024/CVE-2024-24993.md @@ -0,0 +1,17 @@ +### [CVE-2024-24993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24993) +![](https://img.shields.io/static/v1?label=Product&message=Avalanche&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.4.3%3C%206.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/giriaryan694-a11y/exposed-win-zero-days + diff --git a/2024/CVE-2024-25062.md b/2024/CVE-2024-25062.md index ff8afd6a79..debb56457a 100644 --- a/2024/CVE-2024-25062.md +++ b/2024/CVE-2024-25062.md @@ -13,5 +13,9 @@ An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When No PoCs from references. #### Github +- https://github.com/OzNetNerd/CheckovOutputProcessor +- https://github.com/bygregonline/devsec-fastapi-report - https://github.com/lucacome/lucacome +- https://github.com/ndouglas-cloudsmith/exploit-check +- https://github.com/robertsirc/sle-bci-demo diff --git a/2024/CVE-2024-25065.md b/2024/CVE-2024-25065.md index e3e370d92b..bacdbc299e 100644 --- a/2024/CVE-2024-25065.md +++ b/2024/CVE-2024-25065.md @@ -15,6 +15,9 @@ No PoCs from references. #### Github - https://github.com/Threekiii/CVE +- https://github.com/ismailmazumder/SL7CVELabsBuilder - https://github.com/securelayer7/CVE-Analysis +- https://github.com/securelayer7/Research - https://github.com/tanjiti/sec_profile +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-25066.md b/2024/CVE-2024-25066.md new file mode 100644 index 0000000000..43e6bde67a --- /dev/null +++ b/2024/CVE-2024-25066.md @@ -0,0 +1,17 @@ +### [CVE-2024-25066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25066) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur. + +### POC + +#### Reference +- https://www.rsa.com/en-us/company/vulnerability-response-policy + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-25073.md b/2024/CVE-2024-25073.md new file mode 100644 index 0000000000..5f0393eaf2 --- /dev/null +++ b/2024/CVE-2024-25073.md @@ -0,0 +1,17 @@ +### [CVE-2024-25073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25073) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the CC (Call Control module), which can lead to Denial of Service (Untrusted Pointer Dereference). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/N3vv/N3vv + diff --git a/2024/CVE-2024-25074.md b/2024/CVE-2024-25074.md new file mode 100644 index 0000000000..e5d68ba56b --- /dev/null +++ b/2024/CVE-2024-25074.md @@ -0,0 +1,17 @@ +### [CVE-2024-25074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25074) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the SM (Session Management module), which can lead to Denial of Service (Untrusted Pointer Dereference). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/N3vv/N3vv + diff --git a/2024/CVE-2024-25086.md b/2024/CVE-2024-25086.md new file mode 100644 index 0000000000..54dc2489eb --- /dev/null +++ b/2024/CVE-2024-25086.md @@ -0,0 +1,17 @@ +### [CVE-2024-25086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25086) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-25087.md b/2024/CVE-2024-25087.md new file mode 100644 index 0000000000..3eb242fcc2 --- /dev/null +++ b/2024/CVE-2024-25087.md @@ -0,0 +1,17 @@ +### [CVE-2024-25087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25087) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-25088.md b/2024/CVE-2024-25088.md new file mode 100644 index 0000000000..5d578dc0f5 --- /dev/null +++ b/2024/CVE-2024-25088.md @@ -0,0 +1,17 @@ +### [CVE-2024-25088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25088) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-25092.md b/2024/CVE-2024-25092.md index 6dd3bbb030..8628e8c502 100644 --- a/2024/CVE-2024-25092.md +++ b/2024/CVE-2024-25092.md @@ -13,6 +13,8 @@ Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affect No PoCs from references. #### Github +- https://github.com/Nxploited/CVE-2024-25092 - https://github.com/RandomRobbieBF/CVE-2024-25092 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-25096.md b/2024/CVE-2024-25096.md new file mode 100644 index 0000000000..3fa80216bd --- /dev/null +++ b/2024/CVE-2024-25096.md @@ -0,0 +1,17 @@ +### [CVE-2024-25096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25096) +![](https://img.shields.io/static/v1?label=Product&message=Canto&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%203.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AlienTec1908/Canto_HackMyVM_Easy + diff --git a/2024/CVE-2024-25102.md b/2024/CVE-2024-25102.md index d6123d0708..4a0f378094 100644 --- a/2024/CVE-2024-25102.md +++ b/2024/CVE-2024-25102.md @@ -1,7 +1,7 @@ ### [CVE-2024-25102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25102) ![](https://img.shields.io/static/v1?label=Product&message=AppSamvid%20Software&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D2.0.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-326%3A%20Inadequate%20Encryption%20Strength%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-326%3A%20Inadequate%20Encryption%20Strength&color=brighgreen) ### Description diff --git a/2024/CVE-2024-25103.md b/2024/CVE-2024-25103.md index bc9463e59f..672d3b61be 100644 --- a/2024/CVE-2024-25103.md +++ b/2024/CVE-2024-25103.md @@ -13,5 +13,6 @@ This vulnerability exists in AppSamvid software due to the usage of vulnerable a No PoCs from references. #### Github +- https://github.com/IES-Rafael-Alberti/Proyecto1_CybersecurityConsulting - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2511.md b/2024/CVE-2024-2511.md index 1f2372537b..b9b837cf98 100644 --- a/2024/CVE-2024-2511.md +++ b/2024/CVE-2024-2511.md @@ -1,7 +1,7 @@ ### [CVE-2024-2511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2511) ![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=3.2.0%3C%203.2.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Improperly%20Controlled%20Sequential%20Memory%20Allocation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1325%20Improperly%20Controlled%20Sequential%20Memory%20Allocation&color=brighgreen) ### Description @@ -14,7 +14,10 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/ardhiatno/ubimicro-fluentbit - https://github.com/bcgov/jag-cdds - https://github.com/chnzzh/OpenSSL-CVE-lib - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jtgorny/cve-scanning +- https://github.com/mmbazm/secure_license_server diff --git a/2024/CVE-2024-25111.md b/2024/CVE-2024-25111.md index 99fd4755f7..b023214b57 100644 --- a/2024/CVE-2024-25111.md +++ b/2024/CVE-2024-25111.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/MegaManSec/Squid-Security-Audit +- https://github.com/Tahriyan/squid-whitelist-proxy diff --git a/2024/CVE-2024-25124.md b/2024/CVE-2024-25124.md index ef8629d551..cdf4ef0237 100644 --- a/2024/CVE-2024-25124.md +++ b/2024/CVE-2024-25124.md @@ -13,6 +13,7 @@ Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middle #### Reference - http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html - https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg +- https://saturncloud.io/blog/cors-cannot-use-wildcard-in-accesscontrolalloworigin-when-credentials-flag-is-true #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-25153.md b/2024/CVE-2024-25153.md index 743d1a4f31..0c0f361ab1 100644 --- a/2024/CVE-2024-25153.md +++ b/2024/CVE-2024-25153.md @@ -13,10 +13,27 @@ A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow W No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki - https://github.com/GhostTroops/TOP +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nettitude/CVE-2024-25153 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/rainbowhatrkn/CVE-2024-25153 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-25180.md b/2024/CVE-2024-25180.md index db516f3d25..64bd0e1da8 100644 --- a/2024/CVE-2024-25180.md +++ b/2024/CVE-2024-25180.md @@ -14,5 +14,7 @@ - https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243 #### Github -No PoCs found on GitHub currently. +- https://github.com/dustblessnotdust/CVE-2024-25180 +- https://github.com/jmdunne28/offsec +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-25197.md b/2024/CVE-2024-25197.md index e479470a9c..332cdca8a7 100644 --- a/2024/CVE-2024-25197.md +++ b/2024/CVE-2024-25197.md @@ -13,5 +13,6 @@ Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were d - https://github.com/ros-planning/navigation2/issues/3940 #### Github +- https://github.com/GoesM/ROCF - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-25198.md b/2024/CVE-2024-25198.md index df74461c7a..1a842bc4f5 100644 --- a/2024/CVE-2024-25198.md +++ b/2024/CVE-2024-25198.md @@ -13,5 +13,6 @@ Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset No PoCs from references. #### Github +- https://github.com/GoesM/ROCF - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-25199.md b/2024/CVE-2024-25199.md index d4d6b6f633..393bc579e8 100644 --- a/2024/CVE-2024-25199.md +++ b/2024/CVE-2024-25199.md @@ -13,5 +13,6 @@ Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Op No PoCs from references. #### Github +- https://github.com/GoesM/ROCF - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-25202.md b/2024/CVE-2024-25202.md index 67c30ef059..c9f577aa9c 100644 --- a/2024/CVE-2024-25202.md +++ b/2024/CVE-2024-25202.md @@ -11,9 +11,11 @@ Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and U #### Reference - https://github.com/Agampreet-Singh/CVE-2024-25202 +- https://medium.com/%40agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52 - https://medium.com/@agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52 #### Github +- https://github.com/Agampreet-Singh/Agampreet-Singh - https://github.com/Agampreet-Singh/CVE-2024-25202 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-25270.md b/2024/CVE-2024-25270.md new file mode 100644 index 0000000000..5d13348c29 --- /dev/null +++ b/2024/CVE-2024-25270.md @@ -0,0 +1,18 @@ +### [CVE-2024-25270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25270) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fbkcs/CVE-2024-25270 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-25291.md b/2024/CVE-2024-25291.md index f9e7605c61..9ea9814e17 100644 --- a/2024/CVE-2024-25291.md +++ b/2024/CVE-2024-25291.md @@ -13,5 +13,5 @@ Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a craf - https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291 #### Github -No PoCs found on GitHub currently. +- https://github.com/EQSTLab/CVE-2024-25291 diff --git a/2024/CVE-2024-25292.md b/2024/CVE-2024-25292.md index 4fb3ba535b..cd73c8c203 100644 --- a/2024/CVE-2024-25292.md +++ b/2024/CVE-2024-25292.md @@ -13,5 +13,5 @@ Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers t - https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25292 #### Github -No PoCs found on GitHub currently. +- https://github.com/EQSTLab/CVE-2024-25292 diff --git a/2024/CVE-2024-25293.md b/2024/CVE-2024-25293.md index 42de41a1b4..3feedb38de 100644 --- a/2024/CVE-2024-25293.md +++ b/2024/CVE-2024-25293.md @@ -13,5 +13,6 @@ mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code - https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-25293 #### Github +- https://github.com/EQSTLab/CVE-2024-25293 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-25302.md b/2024/CVE-2024-25302.md index d04212b25e..3aa5facd10 100644 --- a/2024/CVE-2024-25302.md +++ b/2024/CVE-2024-25302.md @@ -15,4 +15,5 @@ Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25304.md b/2024/CVE-2024-25304.md index 73546fc5db..0671187892 100644 --- a/2024/CVE-2024-25304.md +++ b/2024/CVE-2024-25304.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'a #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25305.md b/2024/CVE-2024-25305.md index 55bf9af61f..99f140725b 100644 --- a/2024/CVE-2024-25305.md +++ b/2024/CVE-2024-25305.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows Authentication Bypass vi #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25306.md b/2024/CVE-2024-25306.md index 8a455153ac..2a042c2eba 100644 --- a/2024/CVE-2024-25306.md +++ b/2024/CVE-2024-25306.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'a #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25308.md b/2024/CVE-2024-25308.md index d43cf4bbb4..e17ce59a1f 100644 --- a/2024/CVE-2024-25308.md +++ b/2024/CVE-2024-25308.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'n #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25309.md b/2024/CVE-2024-25309.md index 64b6a26d2d..762e0b0a90 100644 --- a/2024/CVE-2024-25309.md +++ b/2024/CVE-2024-25309.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'p #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25310.md b/2024/CVE-2024-25310.md index 421b733353..f75b96489f 100644 --- a/2024/CVE-2024-25310.md +++ b/2024/CVE-2024-25310.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'i #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25312.md b/2024/CVE-2024-25312.md index 7fe4d2f5d7..30c77b671e 100644 --- a/2024/CVE-2024-25312.md +++ b/2024/CVE-2024-25312.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'i #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25313.md b/2024/CVE-2024-25313.md index 59ca1f0517..d8f59ef581 100644 --- a/2024/CVE-2024-25313.md +++ b/2024/CVE-2024-25313.md @@ -15,4 +15,5 @@ Code-projects Simple School Managment System 1.0 allows Authentication Bypass vi #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25314.md b/2024/CVE-2024-25314.md index 3d5bfdba0b..dc40405d97 100644 --- a/2024/CVE-2024-25314.md +++ b/2024/CVE-2024-25314.md @@ -15,4 +15,5 @@ Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' par #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25315.md b/2024/CVE-2024-25315.md index a867b76600..955b241afc 100644 --- a/2024/CVE-2024-25315.md +++ b/2024/CVE-2024-25315.md @@ -15,4 +15,5 @@ Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' par #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25316.md b/2024/CVE-2024-25316.md index 19dc34524b..6b9090c526 100644 --- a/2024/CVE-2024-25316.md +++ b/2024/CVE-2024-25316.md @@ -15,4 +15,5 @@ Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' para #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25318.md b/2024/CVE-2024-25318.md index 5c26eaccf2..7c45faec2a 100644 --- a/2024/CVE-2024-25318.md +++ b/2024/CVE-2024-25318.md @@ -15,4 +15,5 @@ Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' para #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tubakvgc/CVEs +- https://github.com/tubakvgc/tubakvgc diff --git a/2024/CVE-2024-25381.md b/2024/CVE-2024-25381.md index 2562b82c98..00b20d9c6e 100644 --- a/2024/CVE-2024-25381.md +++ b/2024/CVE-2024-25381.md @@ -13,6 +13,7 @@ There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due t No PoCs from references. #### Github +- https://github.com/OoO7ce/CVE-2024-25381 - https://github.com/Ox130e07d/CVE-2024-25381 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-25411.md b/2024/CVE-2024-25411.md new file mode 100644 index 0000000000..4cf4ff7a5b --- /dev/null +++ b/2024/CVE-2024-25411.md @@ -0,0 +1,17 @@ +### [CVE-2024-25411](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25411) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/paragbagul111/CVE-2024-25411 + diff --git a/2024/CVE-2024-25412.md b/2024/CVE-2024-25412.md new file mode 100644 index 0000000000..641bc65409 --- /dev/null +++ b/2024/CVE-2024-25412.md @@ -0,0 +1,17 @@ +### [CVE-2024-25412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25412) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/paragbagul111/CVE-2024-25412 + diff --git a/2024/CVE-2024-25422.md b/2024/CVE-2024-25422.md index d802968c23..d93b43234b 100644 --- a/2024/CVE-2024-25422.md +++ b/2024/CVE-2024-25422.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/tzyyyyyyy/semcms diff --git a/2024/CVE-2024-25431.md b/2024/CVE-2024-25431.md new file mode 100644 index 0000000000..c1b9e8f7fc --- /dev/null +++ b/2024/CVE-2024-25431.md @@ -0,0 +1,17 @@ +### [CVE-2024-25431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25431) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/haruki3hhh/fuzzing + diff --git a/2024/CVE-2024-2546.md b/2024/CVE-2024-2546.md index 56c33368cb..e55eaefec3 100644 --- a/2024/CVE-2024-2546.md +++ b/2024/CVE-2024-2546.md @@ -16,5 +16,6 @@ A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as criti - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-2547.md b/2024/CVE-2024-2547.md index a7edd58df4..e70b00401a 100644 --- a/2024/CVE-2024-2547.md +++ b/2024/CVE-2024-2547.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2548.md b/2024/CVE-2024-2548.md new file mode 100644 index 0000000000..263c025ffc --- /dev/null +++ b/2024/CVE-2024-2548.md @@ -0,0 +1,17 @@ +### [CVE-2024-2548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2548) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-36%20Absolute%20Path%20Traversal&color=brighgreen) + +### Description + +A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nhienit2010/nhienit2010 + diff --git a/2024/CVE-2024-25503.md b/2024/CVE-2024-25503.md index 6630f297ff..2dd989ba22 100644 --- a/2024/CVE-2024-25503.md +++ b/2024/CVE-2024-25503.md @@ -13,5 +13,5 @@ Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows - https://github.com/EQSTLab/PoC/tree/main/2024/XSS/CVE-2024-25503 #### Github -No PoCs found on GitHub currently. +- https://github.com/EQSTLab/CVE-2024-25503 diff --git a/2024/CVE-2024-25506.md b/2024/CVE-2024-25506.md new file mode 100644 index 0000000000..44fc5bb33a --- /dev/null +++ b/2024/CVE-2024-25506.md @@ -0,0 +1,17 @@ +### [CVE-2024-25506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25506) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-2552.md b/2024/CVE-2024-2552.md new file mode 100644 index 0000000000..92257d92b5 --- /dev/null +++ b/2024/CVE-2024-2552.md @@ -0,0 +1,19 @@ +### [CVE-2024-2552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2552) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20NGFW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PAN-OS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Prisma%20Access&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crosswk/paloalto-cve-parser + diff --git a/2024/CVE-2024-25561.md b/2024/CVE-2024-25561.md new file mode 100644 index 0000000000..4700ebe890 --- /dev/null +++ b/2024/CVE-2024-25561.md @@ -0,0 +1,18 @@ +### [CVE-2024-25561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25561) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20HID%20Event%20Filter%20software%20installers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%202.2.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insecure%20inherited%20permissions&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-25575.md b/2024/CVE-2024-25575.md index 53dd111b01..3f7b10ed76 100644 --- a/2024/CVE-2024-25575.md +++ b/2024/CVE-2024-25575.md @@ -14,5 +14,6 @@ A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024 - https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1963 #### Github +- https://github.com/SpiralBL0CK/HackerLife.exe - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-25579.md b/2024/CVE-2024-25579.md index 2b661504f7..ebe923d8af 100644 --- a/2024/CVE-2024-25579.md +++ b/2024/CVE-2024-25579.md @@ -2,13 +2,17 @@ ![](https://img.shields.io/static/v1?label=Product&message=WMC-X1800GST-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GS2-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GS2H-B&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WRC-1167GST2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2-B&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2-W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GS2V-B&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=WRC-2533GST2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-G01-W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=WRC-X3200GST3-B&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.24%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.25%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.30%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.32%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.41%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.62%20and%20earlier%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.67%20and%20earlier%20&color=brighgreen) diff --git a/2024/CVE-2024-2558.md b/2024/CVE-2024-2558.md index 8b3dc680ff..79ad85ce42 100644 --- a/2024/CVE-2024-2558.md +++ b/2024/CVE-2024-2558.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-25580.md b/2024/CVE-2024-25580.md index c5ad14f06e..ec652f451c 100644 --- a/2024/CVE-2024-25580.md +++ b/2024/CVE-2024-25580.md @@ -13,5 +13,6 @@ An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x be No PoCs from references. #### Github +- https://github.com/MediaPorts/vcpkg-media-registry - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2559.md b/2024/CVE-2024-2559.md index 81d67fa8f3..7ad7522231 100644 --- a/2024/CVE-2024-2559.md +++ b/2024/CVE-2024-2559.md @@ -15,5 +15,6 @@ A vulnerability classified as problematic has been found in Tenda AC18 15.03.05. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-2560.md b/2024/CVE-2024-2560.md index 566581d1d6..d4b54985cf 100644 --- a/2024/CVE-2024-2560.md +++ b/2024/CVE-2024-2560.md @@ -15,5 +15,6 @@ A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. A #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-25600.md b/2024/CVE-2024-25600.md index 24cab788de..7f9996621a 100644 --- a/2024/CVE-2024-25600.md +++ b/2024/CVE-2024-25600.md @@ -16,33 +16,75 @@ Improper Control of Generation of Code ('Code Injection') vulnerability in Codee #### Github - https://github.com/0bl1v10nf0rg0773n/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/Andromeda254/cve +- https://github.com/Anjai7/TryHack3M-Bricks-Heist +- https://github.com/B-Hensley/B-Hensley +- https://github.com/B-Hensley/tryhack3m-bricks-heist - https://github.com/Chocapikk/CVE-2024-25600 - https://github.com/Chocapikk/Chocapikk - https://github.com/Christbowel/CVE-2024-25600_Nuclei-Template +- https://github.com/Christbowel/christbowel +- https://github.com/CyberMaksx/TryHack3M-Bricks-Heist +- https://github.com/DMW11525708/wiki +- https://github.com/DXHM/Auto_Integrate_POCs +- https://github.com/DedsecTeam-BlackHat/Poleposph - https://github.com/GhostTroops/TOP - https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT - https://github.com/K3ysTr0K3R/K3ysTr0K3R +- https://github.com/KaSooMi0228/CVE-2024-25600-Bricks-Builder-WordPress +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Michael-Meade/Links-Repository +- https://github.com/NanoWraith/CVE-2024-25600 - https://github.com/RHYru9/CVE-2024-25600-mass +- https://github.com/Sibul-Dan-Glokta/test-task-CVE-2024-25600 - https://github.com/Threekiii/CVE - https://github.com/Tornad0007/CVE-2024-25600-Bricks-Builder-plugin-for-WordPress - https://github.com/WanLiChangChengWanLiChang/CVE-2024-25600 +- https://github.com/WhosGa/MyWiki - https://github.com/X-Projetion/WORDPRESS-CVE-2024-25600-EXPLOIT-RCE +- https://github.com/Yuan08o/pocs - https://github.com/ZonghaoLi777/githubTrending +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/aneasystone/github-trending +- https://github.com/binary-lover/TryHack3M--Bricks-Heist +- https://github.com/bst04/CyberSources +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/drcrypterdotru/BurnWP-Framework +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fireinrain/github-trending +- https://github.com/frankfm-labs/bricks-rce-writeup - https://github.com/gobysec/Goby +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/hy011121/CVE-2024-25600-wordpress-Exploit-RCE +- https://github.com/iemotion/POC - https://github.com/ivanbg2004/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress +- https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM - https://github.com/johe123qwe/github-trending - https://github.com/k3lpi3b4nsh33/CVE-2024-25600 - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/laoa1573/wy876 +- https://github.com/meli0dasH4ck3r/cve-2024-25600 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main +- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/purwocode/burning-wp +- https://github.com/r0otk3r/CVE-2024-25600 - https://github.com/sampsonv/github-trending +- https://github.com/so1icitx/CVE-2024-25600 - https://github.com/svchostmm/CVE-2024-25600-mass - https://github.com/tanjiti/sec_profile +- https://github.com/wh6amiGit/CVE-2024-25600 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-2561.md b/2024/CVE-2024-2561.md index a511838dc6..7a64f7eb7c 100644 --- a/2024/CVE-2024-2561.md +++ b/2024/CVE-2024-2561.md @@ -13,6 +13,15 @@ A vulnerability, which was classified as critical, has been found in 74CMS 3.28. No PoCs from references. #### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC - https://github.com/NaInSec/CVE-LIST +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-25617.md b/2024/CVE-2024-25617.md index 2e0f5d30b8..f492b13c93 100644 --- a/2024/CVE-2024-25617.md +++ b/2024/CVE-2024-25617.md @@ -16,4 +16,5 @@ No PoCs from references. #### Github - https://github.com/MegaManSec/Squid-Security-Audit - https://github.com/NaInSec/CVE-LIST +- https://github.com/anonymous-1113/CPE_verify diff --git a/2024/CVE-2024-25623.md b/2024/CVE-2024-25623.md index 4dc906b937..4ca466d028 100644 --- a/2024/CVE-2024-25623.md +++ b/2024/CVE-2024-25623.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/tesaguri/activitypub-type-confusion-poc diff --git a/2024/CVE-2024-25625.md b/2024/CVE-2024-25625.md index 26aa4ea242..998118a77b 100644 --- a/2024/CVE-2024-25625.md +++ b/2024/CVE-2024-25625.md @@ -14,5 +14,6 @@ Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential se #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/oussama-rahali/SecurityResearch - https://github.com/v0lck3r/SecurityResearch diff --git a/2024/CVE-2024-25629.md b/2024/CVE-2024-25629.md index 1c59dc5285..dea951542f 100644 --- a/2024/CVE-2024-25629.md +++ b/2024/CVE-2024-25629.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/marceloneppel/py-nvd-score-fetch diff --git a/2024/CVE-2024-25636.md b/2024/CVE-2024-25636.md new file mode 100644 index 0000000000..3622355d21 --- /dev/null +++ b/2024/CVE-2024-25636.md @@ -0,0 +1,17 @@ +### [CVE-2024-25636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25636) +![](https://img.shields.io/static/v1?label=Product&message=misskey&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202024.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%3A%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Misskey instance fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate and take over an account on a remote server that satisfies all of the following properties: allows the threat actor to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as legitimate Activity Streams actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Version 2024.2.0 contains a patch for the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tesaguri/activitypub-type-confusion-poc + diff --git a/2024/CVE-2024-25641.md b/2024/CVE-2024-25641.md index fe8dfe20d4..2d2bcf6490 100644 --- a/2024/CVE-2024-25641.md +++ b/2024/CVE-2024-25641.md @@ -13,6 +13,16 @@ Cacti provides an operational monitoring and fault management framework. Prior t - https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88 #### Github +- https://github.com/5ma1l/CVE-2024-25641 +- https://github.com/D3Ext/CVE-2024-25641 +- https://github.com/D3Ext/CVE-2025-24893 +- https://github.com/Safarchand/CVE-2024-25641 +- https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26 +- https://github.com/XiaomingX/cve-2024-25641-poc +- https://github.com/eetukarttunen/security-testing - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/regantemudo/CVE-2024-25641-Exploit-for-Cacti-1.2.26 - https://github.com/tanjiti/sec_profile +- https://github.com/thisisveryfunny/CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 diff --git a/2024/CVE-2024-25644.md b/2024/CVE-2024-25644.md index e733a6bdcc..aa2d3e6edb 100644 --- a/2024/CVE-2024-25644.md +++ b/2024/CVE-2024-25644.md @@ -1,7 +1,7 @@ ### [CVE-2024-25644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25644) ![](https://img.shields.io/static/v1?label=Product&message=NetWeaver%20(WSRM)&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%207.50%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%3A%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) ### Description diff --git a/2024/CVE-2024-25645.md b/2024/CVE-2024-25645.md index 60394e10cd..2761194017 100644 --- a/2024/CVE-2024-25645.md +++ b/2024/CVE-2024-25645.md @@ -1,7 +1,7 @@ ### [CVE-2024-25645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25645) ![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20(Enterprise%20Portal)&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%207.50%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%3A%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) ### Description diff --git a/2024/CVE-2024-25648.md b/2024/CVE-2024-25648.md index cfcd1fed13..f4f974c276 100644 --- a/2024/CVE-2024-25648.md +++ b/2024/CVE-2024-25648.md @@ -14,5 +14,6 @@ A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 han - https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1959 #### Github +- https://github.com/SpiralBL0CK/HackerLife.exe - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-25652.md b/2024/CVE-2024-25652.md index 8f4dc7fcb7..15d57a7be1 100644 --- a/2024/CVE-2024-25652.md +++ b/2024/CVE-2024-25652.md @@ -1,11 +1,11 @@ ### [CVE-2024-25652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25652) -![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Secret%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) ### Description -In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users. +In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality. ### POC diff --git a/2024/CVE-2024-2566.md b/2024/CVE-2024-2566.md index 8981730f8c..72ac0591e3 100644 --- a/2024/CVE-2024-2566.md +++ b/2024/CVE-2024-2566.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-25676.md b/2024/CVE-2024-25676.md index e5ad33ed58..6b12ac3bc9 100644 --- a/2024/CVE-2024-25676.md +++ b/2024/CVE-2024-25676.md @@ -10,6 +10,7 @@ An issue was discovered in ViewerJS 0.5.8. A script from the component loads con ### POC #### Reference +- https://cds.thalesgroup.com/en/tcs-cert/CVE-2024-25676 - https://excellium-services.com/cert-xlm-advisory/cve-2024-25676 #### Github diff --git a/2024/CVE-2024-25694.md b/2024/CVE-2024-25694.md new file mode 100644 index 0000000000..9bb579a00e --- /dev/null +++ b/2024/CVE-2024-25694.md @@ -0,0 +1,17 @@ +### [CVE-2024-25694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25694) +![](https://img.shields.io/static/v1?label=Product&message=Enterprise%20Web%20App%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=all%3C%3D%2011.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RaphaelKhoury/cve_project + diff --git a/2024/CVE-2024-25710.md b/2024/CVE-2024-25710.md index 0493335afe..90e50cc42d 100644 --- a/2024/CVE-2024-25710.md +++ b/2024/CVE-2024-25710.md @@ -13,6 +13,8 @@ Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache C No PoCs from references. #### Github +- https://github.com/0x0806/JWT-Security-Assessment +- https://github.com/Lisiant/Security-Check-Automation-with-Trivy - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-25723.md b/2024/CVE-2024-25723.md index 5815c0bd17..c2c2f2d6f6 100644 --- a/2024/CVE-2024-25723.md +++ b/2024/CVE-2024-25723.md @@ -13,9 +13,26 @@ ZenML Server in the ZenML machine learning package before 0.46.7 for Python allo No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/david-botelho-mariano/exploit-CVE-2024-25723 +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-25741.md b/2024/CVE-2024-25741.md index 0ef3bd710a..9322d60331 100644 --- a/2024/CVE-2024-25741.md +++ b/2024/CVE-2024-25741.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/takaaki-fukunaga/cvechecker diff --git a/2024/CVE-2024-25742.md b/2024/CVE-2024-25742.md index c2d1995d13..5d301075d0 100644 --- a/2024/CVE-2024-25742.md +++ b/2024/CVE-2024-25742.md @@ -13,5 +13,6 @@ In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual inter - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9 #### Github -No PoCs found on GitHub currently. +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo diff --git a/2024/CVE-2024-25743.md b/2024/CVE-2024-25743.md index c82a548c5a..3faf64bac2 100644 --- a/2024/CVE-2024-25743.md +++ b/2024/CVE-2024-25743.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/ahoi-attacks/heckler +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo diff --git a/2024/CVE-2024-2581.md b/2024/CVE-2024-2581.md index 413485a4a6..f065b55066 100644 --- a/2024/CVE-2024-2581.md +++ b/2024/CVE-2024-2581.md @@ -16,5 +16,6 @@ A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-25817.md b/2024/CVE-2024-25817.md index e43fb9f408..069190b6a7 100644 --- a/2024/CVE-2024-25817.md +++ b/2024/CVE-2024-25817.md @@ -16,4 +16,5 @@ Buffer Overflow vulnerability in eza before version 0.18.2, allows local attacke #### Github - https://github.com/CuB3y0nd/CuB3y0nd - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-25852.md b/2024/CVE-2024-25852.md index a99326af41..32518aeca1 100644 --- a/2024/CVE-2024-25852.md +++ b/2024/CVE-2024-25852.md @@ -13,6 +13,24 @@ Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerabili - https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/opendr-io/causality - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-25885.md b/2024/CVE-2024-25885.md new file mode 100644 index 0000000000..2e6be0c5a8 --- /dev/null +++ b/2024/CVE-2024-25885.md @@ -0,0 +1,17 @@ +### [CVE-2024-25885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25885) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/salvatore-abello/salvatore-abello + diff --git a/2024/CVE-2024-25897.md b/2024/CVE-2024-25897.md index ce5814f7bd..40d71c9855 100644 --- a/2024/CVE-2024-25897.md +++ b/2024/CVE-2024-25897.md @@ -13,5 +13,6 @@ ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) - https://github.com/ChurchCRM/CRM/issues/6856 #### Github +- https://github.com/i-100-user/CVE-2024-25897 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-25940.md b/2024/CVE-2024-25940.md index 671ab324c8..0505a33f5e 100644 --- a/2024/CVE-2024-25940.md +++ b/2024/CVE-2024-25940.md @@ -13,5 +13,6 @@ No PoCs from references. #### Github +- https://github.com/defHawk-tech/CVEs - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-25978.md b/2024/CVE-2024-25978.md index 7693cc6419..5f74c8de31 100644 --- a/2024/CVE-2024-25978.md +++ b/2024/CVE-2024-25978.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-25979.md b/2024/CVE-2024-25979.md index 54c3944d04..17adccc688 100644 --- a/2024/CVE-2024-25979.md +++ b/2024/CVE-2024-25979.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-25980.md b/2024/CVE-2024-25980.md index e0d5edaadc..1eca36592a 100644 --- a/2024/CVE-2024-25980.md +++ b/2024/CVE-2024-25980.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-25981.md b/2024/CVE-2024-25981.md index f42af6b2f2..05155b9c60 100644 --- a/2024/CVE-2024-25981.md +++ b/2024/CVE-2024-25981.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-25982.md b/2024/CVE-2024-25982.md index 11798d180a..b542308ea9 100644 --- a/2024/CVE-2024-25982.md +++ b/2024/CVE-2024-25982.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-25983.md b/2024/CVE-2024-25983.md index faed4b17af..cb910adb92 100644 --- a/2024/CVE-2024-25983.md +++ b/2024/CVE-2024-25983.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-26011.md b/2024/CVE-2024-26011.md new file mode 100644 index 0000000000..c7e20e9ca7 --- /dev/null +++ b/2024/CVE-2024-26011.md @@ -0,0 +1,26 @@ +### [CVE-2024-26011](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26011) +![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiPAM&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiPortal&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiProxy&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiSwitchManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%3D%206.0.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%3D%207.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen) + +### Description + +A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crosswk/fortios-advisory-parser + diff --git a/2024/CVE-2024-26026.md b/2024/CVE-2024-26026.md index aa33f672ed..5d1c3b2d76 100644 --- a/2024/CVE-2024-26026.md +++ b/2024/CVE-2024-26026.md @@ -13,11 +13,28 @@ An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (UR No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki - https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Threekiii/CVE +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/passwa11/CVE-2024-26026 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-26027.md b/2024/CVE-2024-26027.md new file mode 100644 index 0000000000..11ba2ba27d --- /dev/null +++ b/2024/CVE-2024-26027.md @@ -0,0 +1,18 @@ +### [CVE-2024-26027](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26027) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Simics%20Package%20Manager%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%201.8.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20search%20path&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-2605.md b/2024/CVE-2024-2605.md index 2653e0604f..3864f52470 100644 --- a/2024/CVE-2024-2605.md +++ b/2024/CVE-2024-2605.md @@ -13,7 +13,7 @@ An attacker could have leveraged the Windows Error Reporter to run arbitrary cod ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1872920 #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-26050.md b/2024/CVE-2024-26050.md index 21f0567cb7..3b088bd3c7 100644 --- a/2024/CVE-2024-26050.md +++ b/2024/CVE-2024-26050.md @@ -5,7 +5,7 @@ ### Description -Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. +Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. ### POC diff --git a/2024/CVE-2024-2606.md b/2024/CVE-2024-2606.md index 656f037751..8a924b00e0 100644 --- a/2024/CVE-2024-2606.md +++ b/2024/CVE-2024-2606.md @@ -10,7 +10,7 @@ Passing invalid data could have led to invalid wasm values being created, such a ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1879237 #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-2608.md b/2024/CVE-2024-2608.md index 5bfdf6491b..71bc8e25a3 100644 --- a/2024/CVE-2024-2608.md +++ b/2024/CVE-2024-2608.md @@ -13,7 +13,7 @@ ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-2609.md b/2024/CVE-2024-2609.md index 098a9b5495..7148f7a29c 100644 --- a/2024/CVE-2024-2609.md +++ b/2024/CVE-2024-2609.md @@ -13,7 +13,7 @@ The permission prompt input delay could expire while the window is not in focus. ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-26092.md b/2024/CVE-2024-26092.md new file mode 100644 index 0000000000..c503551855 --- /dev/null +++ b/2024/CVE-2024-26092.md @@ -0,0 +1,17 @@ +### [CVE-2024-26092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26092) +![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Experience%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(Stored%20XSS)%20(CWE-79)&color=brighgreen) + +### Description + +Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/IES-Rafael-Alberti/Proyecto1_CybersecurityConsulting + diff --git a/2024/CVE-2024-2610.md b/2024/CVE-2024-2610.md index 19b4f56914..67f752a58b 100644 --- a/2024/CVE-2024-2610.md +++ b/2024/CVE-2024-2610.md @@ -13,7 +13,7 @@ Using a markup injection an attacker could have stolen nonce values. This could ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1871112 #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-2611.md b/2024/CVE-2024-2611.md index 59fe2f5219..2606e2c054 100644 --- a/2024/CVE-2024-2611.md +++ b/2024/CVE-2024-2611.md @@ -13,7 +13,7 @@ A missing delay on when pointer lock was used could have allowed a malicious pag ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1876675 #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-26119.md b/2024/CVE-2024-26119.md index 65860d3bbe..0ef6458d8e 100644 --- a/2024/CVE-2024-26119.md +++ b/2024/CVE-2024-26119.md @@ -1,11 +1,11 @@ ### [CVE-2024-26119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26119) ![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Experience%20Manager&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20(CWE-284)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Exposure%20(CWE-200)&color=brighgreen) ### Description -Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. +Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction. ### POC diff --git a/2024/CVE-2024-26130.md b/2024/CVE-2024-26130.md index f531cd9e9a..9f7853151e 100644 --- a/2024/CVE-2024-26130.md +++ b/2024/CVE-2024-26130.md @@ -13,5 +13,6 @@ cryptography is a package designed to expose cryptographic primitives and recipe No PoCs from references. #### Github +- https://github.com/davidkrcek/docker_ansible - https://github.com/seal-community/patches diff --git a/2024/CVE-2024-26139.md b/2024/CVE-2024-26139.md new file mode 100644 index 0000000000..0e69589cce --- /dev/null +++ b/2024/CVE-2024-26139.md @@ -0,0 +1,18 @@ +### [CVE-2024-26139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26139) +![](https://img.shields.io/static/v1?label=Product&message=opencti&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%205.12.31%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-657%3A%20Violation%20of%20Secure%20Design%20Principles&color=brighgreen) + +### Description + +OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-26160.md b/2024/CVE-2024-26160.md index 39fc45d123..a40b34ea0e 100644 --- a/2024/CVE-2024-26160.md +++ b/2024/CVE-2024-26160.md @@ -18,5 +18,7 @@ Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability No PoCs from references. #### Github +- https://github.com/CrackerCat/CVE-2024-26160 - https://github.com/NaInSec/CVE-LIST +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-26169.md b/2024/CVE-2024-26169.md index c0183e81c2..4155f46eb8 100644 --- a/2024/CVE-2024-26169.md +++ b/2024/CVE-2024-26169.md @@ -39,6 +39,7 @@ Windows Error Reporting Service Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/ChalkingCode/ExploitedDucks - https://github.com/NaInSec/CVE-LIST - https://github.com/ldpreload/werkernel diff --git a/2024/CVE-2024-26198.md b/2024/CVE-2024-26198.md index 3bf9311c32..1661ffdbf9 100644 --- a/2024/CVE-2024-26198.md +++ b/2024/CVE-2024-26198.md @@ -20,5 +20,6 @@ No PoCs from references. - https://github.com/MrCyberSec/CVE-2024-26198-Exchange-RCE - https://github.com/MrSecby/CVE-2024-26198-Exchange-RCE - https://github.com/NaInSec/CVE-LIST +- https://github.com/boost-rnd/lev-calc - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-2620.md b/2024/CVE-2024-2620.md index ca62a8ac3b..30e9c7a88c 100644 --- a/2024/CVE-2024-2620.md +++ b/2024/CVE-2024-2620.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-2621.md b/2024/CVE-2024-2621.md index 2de017ec10..946ccdc9d8 100644 --- a/2024/CVE-2024-2621.md +++ b/2024/CVE-2024-2621.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-26218.md b/2024/CVE-2024-26218.md index 02417fc524..3f512a9001 100644 --- a/2024/CVE-2024-26218.md +++ b/2024/CVE-2024-26218.md @@ -38,4 +38,5 @@ No PoCs from references. - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-2622.md b/2024/CVE-2024-2622.md index 5653676b2e..aa8ac36910 100644 --- a/2024/CVE-2024-2622.md +++ b/2024/CVE-2024-2622.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t diff --git a/2024/CVE-2024-26229.md b/2024/CVE-2024-26229.md index e1c40b40b4..829a8b8ed8 100644 --- a/2024/CVE-2024-26229.md +++ b/2024/CVE-2024-26229.md @@ -51,13 +51,25 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve +- https://github.com/BlackTom900131/awesome-game-security +- https://github.com/CHDevSec/RedPhaton +- https://github.com/Cracked5pider/eop24-26229 - https://github.com/GhostTroops/TOP - https://github.com/RalfHacker/CVE-2024-26229-exploit +- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories - https://github.com/apkc/CVE-2024-26229-BOF +- https://github.com/dkstar11q/CVE-2024-26229-lpe - https://github.com/gmh5225/awesome-game-security - https://github.com/michredteam/PoC-26229 +- https://github.com/mqxmm/CVE-2024-26229 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/shinspace92/cve-2024-26229 - https://github.com/tanjiti/sec_profile - https://github.com/team-MineDEV/CVE-2024-26229 +- https://github.com/trevor0106/game-security - https://github.com/varwara/CVE-2024-26229 +- https://github.com/ycdxsb/WindowsPrivilegeEscalation +- https://github.com/youcannotseemeagain/ele +- https://github.com/zer0condition/ZeroHVCI diff --git a/2024/CVE-2024-26230.md b/2024/CVE-2024-26230.md index 13f60f2f1d..02124dc1a2 100644 --- a/2024/CVE-2024-26230.md +++ b/2024/CVE-2024-26230.md @@ -50,6 +50,9 @@ Windows Telephony Server Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/Wa1nut4/CVE-2024-26230 - https://github.com/kiwids0220/CVE-2024-26230 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/star-sg/CVE +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-2624.md b/2024/CVE-2024-2624.md new file mode 100644 index 0000000000..ffbc15c1de --- /dev/null +++ b/2024/CVE-2024-2624.md @@ -0,0 +1,17 @@ +### [CVE-2024-2624](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2624) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-29%20Path%20Traversal%3A%20'%5C..%5Cfilename'&color=brighgreen) + +### Description + +A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/uiuc-kang-lab/cve-bench + diff --git a/2024/CVE-2024-2625.md b/2024/CVE-2024-2625.md index a0e8c38e60..fc525c0617 100644 --- a/2024/CVE-2024-2625.md +++ b/2024/CVE-2024-2625.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/sploitem/v8-writeups +- https://github.com/sploitem/v8pwn diff --git a/2024/CVE-2024-26251.md b/2024/CVE-2024-26251.md new file mode 100644 index 0000000000..33931a86ab --- /dev/null +++ b/2024/CVE-2024-26251.md @@ -0,0 +1,21 @@ +### [CVE-2024-26251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26251) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%20Subscription%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.10409.20027%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.17328.20246%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0.0%3C%2016.0.5443.1000%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Microsoft SharePoint Server Spoofing Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kaje11/CVEs + diff --git a/2024/CVE-2024-26263.md b/2024/CVE-2024-26263.md index e9bebb6bd7..b49bd2dc08 100644 --- a/2024/CVE-2024-26263.md +++ b/2024/CVE-2024-26263.md @@ -1,7 +1,7 @@ ### [CVE-2024-26263](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26263) ![](https://img.shields.io/static/v1?label=Product&message=RISWEB&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%201.x%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26275.md b/2024/CVE-2024-26275.md new file mode 100644 index 0000000000..59ebc88ef1 --- /dev/null +++ b/2024/CVE-2024-26275.md @@ -0,0 +1,28 @@ +### [CVE-2024-26275](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26275) +![](https://img.shields.io/static/v1?label=Product&message=JT2Go&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V35.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V36.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V36.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V2312&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.2.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.3.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2312.0004%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V35.1.254%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V36.0.207%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V36.1.147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-26277.md b/2024/CVE-2024-26277.md new file mode 100644 index 0000000000..b587fee67d --- /dev/null +++ b/2024/CVE-2024-26277.md @@ -0,0 +1,28 @@ +### [CVE-2024-26277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26277) +![](https://img.shields.io/static/v1?label=Product&message=JT2Go&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V35.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V36.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Parasolid%20V36.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V2312&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.2.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.3.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2312.0004%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V35.1.254%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V36.0.207%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V36.1.147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-26281.md b/2024/CVE-2024-26281.md index ad2050f249..817a5fa488 100644 --- a/2024/CVE-2024-26281.md +++ b/2024/CVE-2024-26281.md @@ -10,7 +10,7 @@ Upon scanning a JavaScript URI with the QR code scanner, an attacker could have ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1868005 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-26284.md b/2024/CVE-2024-26284.md index a176c5c730..ab3b761531 100644 --- a/2024/CVE-2024-26284.md +++ b/2024/CVE-2024-26284.md @@ -10,7 +10,7 @@ Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Sit ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1860075 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-26304.md b/2024/CVE-2024-26304.md index 79a850fe2a..9c83fdeb45 100644 --- a/2024/CVE-2024-26304.md +++ b/2024/CVE-2024-26304.md @@ -13,10 +13,28 @@ There is a buffer overflow vulnerability in the underlying L2/L3 Management serv No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits +- https://github.com/WhosGa/MyWiki +- https://github.com/X-Projetion/CVE-2024-26304-RCE-exploit +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-26308.md b/2024/CVE-2024-26308.md index 2d6bf6b829..edb8b8569b 100644 --- a/2024/CVE-2024-26308.md +++ b/2024/CVE-2024-26308.md @@ -13,6 +13,7 @@ Allocation of Resources Without Limits or Throttling vulnerability in Apache Com No PoCs from references. #### Github +- https://github.com/crazycatMyopic/cve - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-26314.md b/2024/CVE-2024-26314.md new file mode 100644 index 0000000000..2cbeed980b --- /dev/null +++ b/2024/CVE-2024-26314.md @@ -0,0 +1,17 @@ +### [CVE-2024-26314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26314) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. + +### POC + +#### Reference +- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-001_en.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-26317.md b/2024/CVE-2024-26317.md new file mode 100644 index 0000000000..f3134eed81 --- /dev/null +++ b/2024/CVE-2024-26317.md @@ -0,0 +1,17 @@ +### [CVE-2024-26317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26317) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. + +### POC + +#### Reference +- https://rashidkhanpathan.github.io/posts/CVE-2024-26317-Elliptic-curve-point-addition-error/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-2643.md b/2024/CVE-2024-2643.md new file mode 100644 index 0000000000..c73f122d2c --- /dev/null +++ b/2024/CVE-2024-2643.md @@ -0,0 +1,17 @@ +### [CVE-2024-2643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2643) +![](https://img.shields.io/static/v1?label=Product&message=Floating%20Notification%20Bar%2C%20Sticky%20Menu%20on%20Scroll%2C%20Announcement%20Banner%2C%20and%20Sticky%20Header%20for%20Any%20Theme&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/194ebf81-8fe4-4c74-8174-35d0ac00ac93/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-26454.md b/2024/CVE-2024-26454.md index 4abad6bd49..6b53fdbb76 100644 --- a/2024/CVE-2024-26454.md +++ b/2024/CVE-2024-26454.md @@ -11,6 +11,7 @@ A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can o #### Reference - https://github.com/OmRajpurkar/Healthcare-Chatbot/issues/4 +- https://medium.com/%400x0d0x0a/healthcare-chatbot-xss-cve-2024-26454-acf2607bf210 - https://medium.com/@0x0d0x0a/healthcare-chatbot-xss-cve-2024-26454-acf2607bf210 #### Github diff --git a/2024/CVE-2024-26458.md b/2024/CVE-2024-26458.md index 84efcdb169..2993d433da 100644 --- a/2024/CVE-2024-26458.md +++ b/2024/CVE-2024-26458.md @@ -13,8 +13,13 @@ Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rm No PoCs from references. #### Github +- https://github.com/CKA-codespace/cg-compare +- https://github.com/Dariani223/DevOpsFinal - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/Myash-New/05-virt-04-docker-in-practice - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/ardhiatno/ubimicro-fluentbit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list +- https://github.com/mmbazm/secure_license_server diff --git a/2024/CVE-2024-26461.md b/2024/CVE-2024-26461.md index 10f071deb2..944ac3a48c 100644 --- a/2024/CVE-2024-26461.md +++ b/2024/CVE-2024-26461.md @@ -13,8 +13,13 @@ Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/l No PoCs from references. #### Github +- https://github.com/CKA-codespace/cg-compare +- https://github.com/Dariani223/DevOpsFinal - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/Myash-New/05-virt-04-docker-in-practice - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/ardhiatno/ubimicro-fluentbit - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list +- https://github.com/mmbazm/secure_license_server diff --git a/2024/CVE-2024-26462.md b/2024/CVE-2024-26462.md index da1c7b12fc..95726cc640 100644 --- a/2024/CVE-2024-26462.md +++ b/2024/CVE-2024-26462.md @@ -14,7 +14,12 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/Myash-New/05-virt-04-docker-in-practice - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/ardhiatno/ubimicro-fluentbit +- https://github.com/bygregonline/devsec-fastapi-report - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list +- https://github.com/robertsirc/sle-bci-demo +- https://github.com/siddheshengineer/Helm-Chart-Vulnerability-Scanner diff --git a/2024/CVE-2024-26481.md b/2024/CVE-2024-26481.md index c0f976050a..b8ef0e89f3 100644 --- a/2024/CVE-2024-26481.md +++ b/2024/CVE-2024-26481.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-26483.md b/2024/CVE-2024-26483.md index 71bdf409e1..b68a84f531 100644 --- a/2024/CVE-2024-26483.md +++ b/2024/CVE-2024-26483.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-2658.md b/2024/CVE-2024-2658.md new file mode 100644 index 0000000000..9661664c06 --- /dev/null +++ b/2024/CVE-2024-2658.md @@ -0,0 +1,17 @@ +### [CVE-2024-2658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2658) +![](https://img.shields.io/static/v1?label=Product&message=FlexNet%20Publisher&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024%20R1%20(11.19.6.0)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%20Uncontrolled%20Search%20Path%20Element&color=brighgreen) + +### Description + +A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2024/CVE-2024-26581.md b/2024/CVE-2024-26581.md index 5ae252d735..62d7243d74 100644 --- a/2024/CVE-2024-26581.md +++ b/2024/CVE-2024-26581.md @@ -13,5 +13,9 @@ In the Linux kernel, the following vulnerability has been resolved:netfilter: nf No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/madfxr/CVE-2024-26581-Checker diff --git a/2024/CVE-2024-26594.md b/2024/CVE-2024-26594.md index 509b31bacb..68ce8ceca0 100644 --- a/2024/CVE-2024-26594.md +++ b/2024/CVE-2024-26594.md @@ -1,6 +1,6 @@ ### [CVE-2024-26594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26594) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20dd1de9268745%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0626e6641f6b%3C%20dd1de9268745%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26595.md b/2024/CVE-2024-26595.md index 07005eeaba..dcac2c72dc 100644 --- a/2024/CVE-2024-26595.md +++ b/2024/CVE-2024-26595.md @@ -1,6 +1,6 @@ ### [CVE-2024-26595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26595) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=22a677661f56%3C%20817840d125a3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=22a677661f56%3C%2075fa2d8b3c01%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26596.md b/2024/CVE-2024-26596.md index 9ab379c822..0cf891ed15 100644 --- a/2024/CVE-2024-26596.md +++ b/2024/CVE-2024-26596.md @@ -1,6 +1,6 @@ ### [CVE-2024-26596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26596) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=4c3f80d22b2e%3C%20dbd909c20c11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4c3f80d22b2eca911143ce656fa45c4699ff5bf4%3C%209e9953f5e4d6d11a9dad56fdee307bb923302809%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26656.md b/2024/CVE-2024-26656.md index d5b771c3cb..970a98a460 100644 --- a/2024/CVE-2024-26656.md +++ b/2024/CVE-2024-26656.md @@ -1,6 +1,6 @@ ### [CVE-2024-26656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20e87e08c94c95%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%3C%202e13f88e01ae7e28a7e831bf5c2409c4748e0a60%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26669.md b/2024/CVE-2024-26669.md new file mode 100644 index 0000000000..13896a6c46 --- /dev/null +++ b/2024/CVE-2024-26669.md @@ -0,0 +1,18 @@ +### [CVE-2024-26669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=bbf73830cd48%3C%209ed46144cff3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net/sched: flower: Fix chain template offloadWhen a qdisc is deleted from a net device the stack instructs theunderlying driver to remove its flow offload callback from theassociated filter block using the 'FLOW_BLOCK_UNBIND' command. The stackthen continues to replay the removal of the filters in the block forthis driver by iterating over the chains in the block and invoking the'reoffload' operation of the classifier being used. In turn, theclassifier in its 'reoffload' operation prepares and emits a'FLOW_CLS_DESTROY' command for each filter.However, the stack does not do the same for chain templates and theunderlying driver never receives a 'FLOW_CLS_TMPLT_DESTROY' command whena qdisc is deleted. This results in a memory leak [1] which can bereproduced using [2].Fix by introducing a 'tmplt_reoffload' operation and have the stackinvoke it with the appropriate arguments as part of the replay.Implement the operation in the sole classifier that supports chaintemplates (flower) by emitting the 'FLOW_CLS_TMPLT_{CREATE,DESTROY}'command based on whether a flow offload callback is being bound to afilter block or being unbound from one.As far as I can tell, the issue happens since cited commit whichreordered tcf_block_offload_unbind() before tcf_block_flush_all_chains()in __tcf_block_put(). The order cannot be reversed as the filter blockis expected to be freed after flushing all the chains.[1]unreferenced object 0xffff888107e28800 (size 2048): comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s) hex dump (first 32 bytes): b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[...... 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................ backtrace: [] __kmem_cache_alloc_node+0x1e8/0x320 [] __kmalloc+0x4e/0x90 [] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0 [] mlxsw_sp_flower_tmplt_create+0x145/0x180 [] mlxsw_sp_flow_block_cb+0x1ea/0x280 [] tc_setup_cb_call+0x183/0x340 [] fl_tmplt_create+0x3da/0x4c0 [] tc_ctl_chain+0xa15/0x1170 [] rtnetlink_rcv_msg+0x3cc/0xed0 [] netlink_rcv_skb+0x170/0x440 [] netlink_unicast+0x540/0x820 [] netlink_sendmsg+0x8d8/0xda0 [] ____sys_sendmsg+0x30f/0xa80 [] ___sys_sendmsg+0x13a/0x1e0 [] __sys_sendmsg+0x11c/0x1f0 [] do_syscall_64+0x40/0xe0unreferenced object 0xffff88816d2c0400 (size 1024): comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s) hex dump (first 32 bytes): 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8..... 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m.... backtrace: [] __kmem_cache_alloc_node+0x1e8/0x320 [] __kmalloc_node+0x51/0x90 [] kvmalloc_node+0xa6/0x1f0 [] bucket_table_alloc.isra.0+0x83/0x460 [] rhashtable_init+0x43b/0x7c0 [] mlxsw_sp_acl_ruleset_get+0x428/0x7a0 [] mlxsw_sp_flower_tmplt_create+0x145/0x180 [] mlxsw_sp_flow_block_cb+0x1ea/0x280 [] tc_setup_cb_call+0x183/0x340 [] fl_tmplt_create+0x3da/0x4c0 [] tc_ctl_chain+0xa15/0x1170 [] rtnetlink_rcv_msg+0x3cc/0xed0 [] netlink_rcv_skb+0x170/0x440 [] netlink_unicast+0x540/0x820 [] netlink_sendmsg+0x8d8/0xda0 [] ____sys_sendmsg+0x30f/0xa80[2] # tc qdisc add dev swp1 clsact # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32 # tc qdisc del dev---truncated--- + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-2667.md b/2024/CVE-2024-2667.md index 087f4eb3c0..aedabadad6 100644 --- a/2024/CVE-2024-2667.md +++ b/2024/CVE-2024-2667.md @@ -13,6 +13,7 @@ The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is v No PoCs from references. #### Github +- https://github.com/Nxploited/CVE-2024-2667-Poc - https://github.com/Puvipavan/CVE-2024-2667 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-26672.md b/2024/CVE-2024-26672.md new file mode 100644 index 0000000000..3abb468b52 --- /dev/null +++ b/2024/CVE-2024-26672.md @@ -0,0 +1,17 @@ +### [CVE-2024-26672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26672) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%207b5d58c07024%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'Fixes the below:drivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368)357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev, enum amdgpu_mca_error_type type,358 int idx, struct mca_bank_entry *entry)359 {360 const struct amdgpu_mca_smu_funcs *mca_funcs = adev->mca.mca_funcs;361 int count;362363 switch (type) {364 case AMDGPU_MCA_ERROR_TYPE_UE:365 count = mca_funcs->max_ue_count;mca_funcs is dereferenced here.366 break;367 case AMDGPU_MCA_ERROR_TYPE_CE:368 count = mca_funcs->max_ce_count;mca_funcs is dereferenced here.369 break;370 default:371 return -EINVAL;372 }373374 if (idx >= count)375 return -EINVAL;376377 if (mca_funcs && mca_funcs->mca_get_mca_entry) ^^^^^^^^^Checked too late! + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-26687.md b/2024/CVE-2024-26687.md new file mode 100644 index 0000000000..bf47ea5fc5 --- /dev/null +++ b/2024/CVE-2024-26687.md @@ -0,0 +1,17 @@ +### [CVE-2024-26687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26687) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=d46a78b05c0e%3C%209470f5b2503c%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:xen/events: close evtchn after mapping cleanupshutdown_pirq and startup_pirq are not taking theirq_mapping_update_lock because they can't due to lock inversion. Bothare called with the irq_desc->lock being taking. The lock order,however, is first irq_mapping_update_lock and then irq_desc->lock.This opens multiple races:- shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1).- __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq.The fix is to first cleanup the mappings and then close the eventchannel. In this way, when an event channel gets allocated it'spotential previous evtchn_to_irq mappings are guaranteed to be unset already.This is also the reverse order of the allocation where first the eventchannel is allocated and then the mappings are setup.On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal[un]bind interfaces"), we hit a BUG like the following during probing of NVMedevices. The issue is that during nvme_setup_io_queues, pci_free_irqis called for every device which results in a call to shutdown_pirq.With many nvme devices it's therefore likely to hit this race duringboot because there will be multiple calls to shutdown_pirq andstartup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0x---truncated--- + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/owenneal/lkml-patch-analysis + diff --git a/2024/CVE-2024-26713.md b/2024/CVE-2024-26713.md index 8f826cd384..1059c72d99 100644 --- a/2024/CVE-2024-26713.md +++ b/2024/CVE-2024-26713.md @@ -1,11 +1,11 @@ ### [CVE-2024-26713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26713) -![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=a940904443e4%3C%209978d5b744e0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -In the Linux kernel, the following vulnerability has been resolved:powerpc/pseries/iommu: Fix iommu initialisation during DLPAR addWhen a PCI device is dynamically added, the kernel oopses with a NULLpointer dereference: BUG: Kernel NULL pointer dereference on read at 0x00000030 Faulting instruction address: 0xc0000000006bbe5c Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66 Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8 REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+) MSR: 8000000000009033 CR: 24002220 XER: 20040006 CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0 ... NIP sysfs_add_link_to_group+0x34/0x94 LR iommu_device_link+0x5c/0x118 Call Trace: iommu_init_device+0x26c/0x318 (unreliable) iommu_device_link+0x5c/0x118 iommu_init_device+0xa8/0x318 iommu_probe_device+0xc0/0x134 iommu_bus_notifier+0x44/0x104 notifier_call_chain+0xb8/0x19c blocking_notifier_call_chain+0x64/0x98 bus_notify+0x50/0x7c device_add+0x640/0x918 pci_device_add+0x23c/0x298 of_create_pci_dev+0x400/0x884 of_scan_pci_dev+0x124/0x1b0 __of_scan_bus+0x78/0x18c pcibios_scan_phb+0x2a4/0x3b0 init_phb_dynamic+0xb8/0x110 dlpar_add_slot+0x170/0x3b8 [rpadlpar_io] add_slot_store.part.0+0xb4/0x130 [rpadlpar_io] kobj_attr_store+0x2c/0x48 sysfs_kf_write+0x64/0x78 kernfs_fop_write_iter+0x1b0/0x290 vfs_write+0x350/0x4a0 ksys_write+0x84/0x140 system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ecCommit a940904443e4 ("powerpc/iommu: Add iommu_ops to report capabilitiesand allow blocking domains") broke DLPAR add of PCI devices.The above added iommu_device structure to pci_controller. Duringsystem boot, PCI devices are discovered and this newly added iommu_devicestructure is initialized by a call to iommu_device_register().During DLPAR add of a PCI device, a new pci_controller structure isallocated but there are no calls made to iommu_device_register()interface.Fix is to register the iommu device during DLPAR add as well.[mpe: Trim oops and tweak some change log wording] +** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ### POC diff --git a/2024/CVE-2024-26718.md b/2024/CVE-2024-26718.md index cfd0d31505..e2371ed448 100644 --- a/2024/CVE-2024-26718.md +++ b/2024/CVE-2024-26718.md @@ -1,6 +1,6 @@ ### [CVE-2024-26718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26718) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=39d42fa96ba1%3C%2030884a44e0ce%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=39d42fa96ba1%3C%20b825e0f9d68c%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26720.md b/2024/CVE-2024-26720.md index 974eb37c3a..d1d4948eed 100644 --- a/2024/CVE-2024-26720.md +++ b/2024/CVE-2024-26720.md @@ -1,11 +1,11 @@ ### [CVE-2024-26720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720) -![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=f6789593d5ce%3C%20c593d26fb5d5%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -In the Linux kernel, the following vulnerability has been resolved:mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again(struct dirty_throttle_control *)->thresh is an unsigned long, but ispassed as the u32 divisor argument to div_u64(). On architectures whereunsigned long is 64 bytes, the argument will be implicitly truncated.Use div64_u64() instead of div_u64() so that the value used in the "isthis a safe division" check is the same as the divisor.Also, remove redundant cast of the numerator to u64, as that should happenimplicitly.This would be difficult to exploit in memcg domain, given the ratio-basedarithmetic domain_drity_limits() uses, but is much easier in globalwriteback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32) +** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ### POC diff --git a/2024/CVE-2024-26739.md b/2024/CVE-2024-26739.md new file mode 100644 index 0000000000..3154b67186 --- /dev/null +++ b/2024/CVE-2024-26739.md @@ -0,0 +1,17 @@ +### [CVE-2024-26739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26739) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=e5cf1baf92cb785b90390db1c624948e70c8b8bd%3C%209d3ef89b6a5e9f2e940de2cef3d543be0be8dec5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net/sched: act_mirred: don't override retval if we already lost the skbIf we're redirecting the skb, and haven't called tcf_mirred_forward(),yet, we need to tell the core to drop the skb by setting the retcodeto SHOT. If we have called tcf_mirred_forward(), however, the skbis out of our hands and returning SHOT will lead to UaF.Move the retval override to the error path which actually need it. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-26809.md b/2024/CVE-2024-26809.md new file mode 100644 index 0000000000..8099f4db84 --- /dev/null +++ b/2024/CVE-2024-26809.md @@ -0,0 +1,17 @@ +### [CVE-2024-26809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26809) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4a6430b99f67%3C%20b36b83297ff4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:netfilter: nft_set_pipapo: release elements in clone only from destroy pathClone already always provides a current view of the lookup table, use itto destroy the set, otherwise it is possible to destroy elements twice.This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path"). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-26811.md b/2024/CVE-2024-26811.md index 51812c2a85..19a01840b5 100644 --- a/2024/CVE-2024-26811.md +++ b/2024/CVE-2024-26811.md @@ -1,6 +1,6 @@ ### [CVE-2024-26811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26811) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2088b7f1143b15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0626e6641f6b%3C%2088b7f1143b15%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-2682.md b/2024/CVE-2024-2682.md index e64aee9db1..6ac2b84ce4 100644 --- a/2024/CVE-2024-2682.md +++ b/2024/CVE-2024-2682.md @@ -10,7 +10,7 @@ A vulnerability classified as problematic has been found in Campcodes Online Job ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?id.257382 #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-26913.md b/2024/CVE-2024-26913.md new file mode 100644 index 0000000000..45ed526ca3 --- /dev/null +++ b/2024/CVE-2024-26913.md @@ -0,0 +1,18 @@ +### [CVE-2024-26913](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26913) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20cdbe0be8874c%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue[why]odm calculation is missing for pipe split policy determinationand cause Underflow/Corruption issue.[how]Add the odm calculation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-26920.md b/2024/CVE-2024-26920.md index 5c1e80250f..6ad0edf0d8 100644 --- a/2024/CVE-2024-26920.md +++ b/2024/CVE-2024-26920.md @@ -1,6 +1,6 @@ ### [CVE-2024-26920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26920) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=57f2a2ad73e9%3C%20bcf4a115a506%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0bbe7f719985efd9adb3454679ecef0984cb6800%3C%2036be97e9eb535fe3008a5cb040b1e56f29f2e398%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26921.md b/2024/CVE-2024-26921.md new file mode 100644 index 0000000000..9dfe36d85c --- /dev/null +++ b/2024/CVE-2024-26921.md @@ -0,0 +1,17 @@ +### [CVE-2024-26921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7026b1ddb6b8%3C%201b6de5e6575b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:inet: inet_defrag: prevent sk release while still in useip_local_out() and other functions can pass skb->sk as function argument.If the skb is a fragment and reassembly happens before such function callreturns, the sk must not be released.This affects skb fragments reassembled via netfilter or similarmodules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline.Eric Dumazet made an initial analysis of this bug. Quoting Eric: Calling ip_defrag() in output path is also implying skb_orphan(), which is buggy because output path relies on sk not disappearing. A relevant old patch about the issue was : 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") [..] net/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet socket, not an arbitrary one. If we orphan the packet in ipvlan, then downstream things like FQ packet scheduler will not work properly. We need to change ip_defrag() to only use skb_orphan() when really needed, ie whenever frag_list is going to be used.Eric suggested to stash sk in fragment queue and made an initial patch.However there is a problem with this:If skb is refragmented again right after, ip_do_fragment() will copyhead->sk to the new fragments, and sets up destructor to sock_wfree.IOW, we have no choice but to fix up sk_wmem accouting to reflect thefully reassembled skb, else wmem will underflow.This change moves the orphan down into the core, to last possible moment.As ip_defrag_offset is aliased with sk_buff->sk member, we must move theoffset into the FRAG_CB, else skb->sk gets clobbered.This allows to delay the orphaning long enough to learn if the skb hasto be queued or if the skb is completing the reasm queue.In the former case, things work as before, skb is orphaned. This issafe because skb gets queued/stolen and won't continue past reasm engine.In the latter case, we will steal the skb->sk reference, reattach it tothe head skb, and fix up wmem accouting when inet_frag inflates truesize. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-26925.md b/2024/CVE-2024-26925.md index 0aced2ef56..02986fefdc 100644 --- a/2024/CVE-2024-26925.md +++ b/2024/CVE-2024-26925.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2024/CVE-2024-26926.md b/2024/CVE-2024-26926.md index f34728f8a7..6f079b838f 100644 --- a/2024/CVE-2024-26926.md +++ b/2024/CVE-2024-26926.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2024/CVE-2024-26928.md b/2024/CVE-2024-26928.md index c59c5d0360..71b2fc0fc3 100644 --- a/2024/CVE-2024-26928.md +++ b/2024/CVE-2024-26928.md @@ -1,6 +1,6 @@ ### [CVE-2024-26928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26928) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20229042314602%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%3C%208f8718afd446cd4ea3b62bacc3eec09f8aae85ee%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-26930.md b/2024/CVE-2024-26930.md new file mode 100644 index 0000000000..688a102de0 --- /dev/null +++ b/2024/CVE-2024-26930.md @@ -0,0 +1,18 @@ +### [CVE-2024-26930](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26930) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20f14cee7a882c%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:scsi: qla2xxx: Fix double free of the ha->vp_map pointerCoverity scan reported potential risk of double free of the pointerha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freedin function qla2x00_mem_free(ha).Assign NULL to vp_map and kfree take care of NULL. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-26944.md b/2024/CVE-2024-26944.md new file mode 100644 index 0000000000..c63b12ca8b --- /dev/null +++ b/2024/CVE-2024-26944.md @@ -0,0 +1,17 @@ +### [CVE-2024-26944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26944) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2034ca809e055e%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:btrfs: zoned: fix use-after-free in do_zone_finish()Shinichiro reported the following use-after-free triggered by the devicereplace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0 ================================================================== BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs] Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007 CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G W 6.8.0-rc5-kts #1 Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020 Call Trace: dump_stack_lvl+0x5b/0x90 print_report+0xcf/0x670 ? __virt_addr_valid+0x200/0x3e0 kasan_report+0xd8/0x110 ? do_zone_finish+0x91a/0xb90 [btrfs] ? do_zone_finish+0x91a/0xb90 [btrfs] do_zone_finish+0x91a/0xb90 [btrfs] btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs] ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs] ? btrfs_put_root+0x2d/0x220 [btrfs] ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs] cleaner_kthread+0x21e/0x380 [btrfs] ? __pfx_cleaner_kthread+0x10/0x10 [btrfs] kthread+0x2e3/0x3c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Allocated by task 3493983: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 btrfs_alloc_device+0xb3/0x4e0 [btrfs] device_list_add.constprop.0+0x993/0x1630 [btrfs] btrfs_scan_one_device+0x219/0x3d0 [btrfs] btrfs_control_ioctl+0x26e/0x310 [btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 3494056: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3f/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x32/0x70 kfree+0x11b/0x320 btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs] btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs] btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs] btrfs_ioctl+0xb27/0x57d0 [btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 The buggy address belongs to the object at ffff8881543c8000 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 96 bytes inside of freed 1024-byte region [ffff8881543c8000, ffff8881543c8400) The buggy address belongs to the physical page: page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8 head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fbThis UAF happens because we're accessing stale zone information of aalready removed btrfs_device in do_zone_finish().The sequence of events is as follows:btrfs_dev_replace_start btrfs_scrub_dev btrfs_dev_replace_finishing btrfs_dev_replace_update_device_in_mapping_tree <-- devices replaced btrfs_rm_dev_replace_free_srcdev btrfs_free_device <-- device freedcleaner_kthread btrfs_delete_unused_bgs btrfs_zone_finish do_zone_finish <-- refers the freed deviceThe reason for this is that we're using a---truncated--- + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-26952.md b/2024/CVE-2024-26952.md new file mode 100644 index 0000000000..60cf7cffe2 --- /dev/null +++ b/2024/CVE-2024-26952.md @@ -0,0 +1,17 @@ +### [CVE-2024-26952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26952) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0626e6641f6b467447c81dd7678a69c66f7746cf%3C%20480469f145e5abf83361e608734e421b7d99693d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:ksmbd: fix potencial out-of-bounds when buffer offset is invalidI found potencial out-of-bounds when buffer offset fields of a few requestsis invalid. This patch set the minimum value of buffer offset field to->Buffer offset to validate buffer length. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-2700.md b/2024/CVE-2024-2700.md index 1240bb5ebb..f2ebfafbf4 100644 --- a/2024/CVE-2024-2700.md +++ b/2024/CVE-2024-2700.md @@ -1,10 +1,10 @@ ### [CVE-2024-2700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2700) +![](https://img.shields.io/static/v1?label=Product&message=HawtIO%204.0.0%20for%20Red%20Hat%20build%20of%20Apache%20Camel%204&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=RHOSS-1.33-RHEL-8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20AMQ%20Streams%202.7.0&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20-%20HawtIO&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry%202.6.1%20GA&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) diff --git a/2024/CVE-2024-27011.md b/2024/CVE-2024-27011.md index 2170467c2e..a8262c5097 100644 --- a/2024/CVE-2024-27011.md +++ b/2024/CVE-2024-27011.md @@ -1,6 +1,6 @@ ### [CVE-2024-27011](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=591054469b3e%3C%2049d0e656d19d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=591054469b3e%3C%20a1bd2a38a1c6%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-27012.md b/2024/CVE-2024-27012.md index b030bd5f35..bc73a3a70f 100644 --- a/2024/CVE-2024-27012.md +++ b/2024/CVE-2024-27012.md @@ -1,6 +1,6 @@ ### [CVE-2024-27012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27012) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=628bd3e49cba%3C%2086658fc7414d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=628bd3e49cba1c066228e23d71a852c23e26da73%3C%2086658fc7414d4b9e25c2699d751034537503d637%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-27017.md b/2024/CVE-2024-27017.md index c76510a9d8..5e39bb8aba 100644 --- a/2024/CVE-2024-27017.md +++ b/2024/CVE-2024-27017.md @@ -1,6 +1,6 @@ ### [CVE-2024-27017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27017) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=2b84e215f874%3C%20721715655c72%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=2a90da8e0dd5%3C%20ff89db14c63a%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-27022.md b/2024/CVE-2024-27022.md index ff3a85a864..c8d9136573 100644 --- a/2024/CVE-2024-27022.md +++ b/2024/CVE-2024-27022.md @@ -1,6 +1,6 @@ ### [CVE-2024-27022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27022) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=8d9bfb260814%3C%200c42f7e039ab%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8d9bfb2608145cf3e408428c224099e1585471af%3C%20abdb88dd272bbeb93efe01d8e0b7b17e24af3a34%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-2703.md b/2024/CVE-2024-2703.md index 197f631802..c09e416b03 100644 --- a/2024/CVE-2024-2703.md +++ b/2024/CVE-2024-2703.md @@ -16,4 +16,5 @@ A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49 - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2704.md b/2024/CVE-2024-2704.md index fde009f551..981b3c3891 100644 --- a/2024/CVE-2024-2704.md +++ b/2024/CVE-2024-2704.md @@ -16,5 +16,6 @@ A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Aff - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-27042.md b/2024/CVE-2024-27042.md new file mode 100644 index 0000000000..b830b30c0e --- /dev/null +++ b/2024/CVE-2024-27042.md @@ -0,0 +1,17 @@ +### [CVE-2024-27042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27042) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=a0ccc717c4ab%3C%208f3e68c6a3ff%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'The issue arises when the array 'adev->vcn.vcn_config' is accessedbefore checking if the index 'adev->vcn.num_vcn_inst' is within thebounds of the array.The fix involves moving the bounds check before the array access. Thisensures that 'adev->vcn.num_vcn_inst' is within the bounds of the arraybefore it is used as an index.Fixes the below:drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-2705.md b/2024/CVE-2024-2705.md index 8ce0dff134..e97eecfeda 100644 --- a/2024/CVE-2024-2705.md +++ b/2024/CVE-2024-2705.md @@ -16,4 +16,5 @@ A vulnerability, which was classified as critical, has been found in Tenda AC10U - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2706.md b/2024/CVE-2024-2706.md index d15888de3b..9d9e757f56 100644 --- a/2024/CVE-2024-2706.md +++ b/2024/CVE-2024-2706.md @@ -16,4 +16,5 @@ A vulnerability, which was classified as critical, was found in Tenda AC10U 15.0 - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2707.md b/2024/CVE-2024-2707.md index 4161ed2d13..079840e1b0 100644 --- a/2024/CVE-2024-2707.md +++ b/2024/CVE-2024-2707.md @@ -16,4 +16,5 @@ A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as crit - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2708.md b/2024/CVE-2024-2708.md index a34bf1b883..6994847ba7 100644 --- a/2024/CVE-2024-2708.md +++ b/2024/CVE-2024-2708.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-27088.md b/2024/CVE-2024-27088.md index 27f1bbb0b5..7abd8b2105 100644 --- a/2024/CVE-2024-27088.md +++ b/2024/CVE-2024-27088.md @@ -14,6 +14,9 @@ es5-ext contains ECMAScript 5 extensions. Passing functions with very long names - https://github.com/medikoo/es5-ext/issues/201 #### Github +- https://github.com/200101WhoAmI/CVE-2024-27088 +- https://github.com/GAP-dev/GAP-dev +- https://github.com/SCH227/own-research - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-2709.md b/2024/CVE-2024-2709.md index 7ce699961c..d01b55d931 100644 --- a/2024/CVE-2024-2709.md +++ b/2024/CVE-2024-2709.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2710.md b/2024/CVE-2024-2710.md index 7b08677bf6..dad6d8489f 100644 --- a/2024/CVE-2024-2710.md +++ b/2024/CVE-2024-2710.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as cr - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2711.md b/2024/CVE-2024-2711.md index 609c4d0951..1131041a9e 100644 --- a/2024/CVE-2024-2711.md +++ b/2024/CVE-2024-2711.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as criti - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-27115.md b/2024/CVE-2024-27115.md new file mode 100644 index 0000000000..75f46d4352 --- /dev/null +++ b/2024/CVE-2024-27115.md @@ -0,0 +1,18 @@ +### [CVE-2024-27115](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27115) +![](https://img.shields.io/static/v1?label=Product&message=SO%20Planning&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%201.52.01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EssenceCyber/Exploit-List +- https://github.com/theexploiters/CVE-2024-27115-Exploit + diff --git a/2024/CVE-2024-27120.md b/2024/CVE-2024-27120.md new file mode 100644 index 0000000000..029bd61bb7 --- /dev/null +++ b/2024/CVE-2024-27120.md @@ -0,0 +1,17 @@ +### [CVE-2024-27120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27120) +![](https://img.shields.io/static/v1?label=Product&message=ComfortKey&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%2024.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sT0wn-nl/CVEs + diff --git a/2024/CVE-2024-27126.md b/2024/CVE-2024-27126.md new file mode 100644 index 0000000000..877e6fa35f --- /dev/null +++ b/2024/CVE-2024-27126.md @@ -0,0 +1,17 @@ +### [CVE-2024-27126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27126) +![](https://img.shields.io/static/v1?label=Product&message=Notes%20Station%203&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.9.x%3C%203.9.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.We have already fixed the vulnerability in the following versions:Notes Station 3 3.9.6 and later + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/abhishek-shivale/Vulnerability_Scraper + diff --git a/2024/CVE-2024-27130.md b/2024/CVE-2024-27130.md index 266e771837..d4f8223eef 100644 --- a/2024/CVE-2024-27130.md +++ b/2024/CVE-2024-27130.md @@ -16,8 +16,26 @@ A buffer copy without checking size of input vulnerability has been reported to No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/cve-2024-27130-poc +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/d0rb/CVE-2024-27130 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/watchtowrlabs/CVE-2024-27130 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-27132.md b/2024/CVE-2024-27132.md index b9049af4b9..e4188d4e6b 100644 --- a/2024/CVE-2024-27132.md +++ b/2024/CVE-2024-27132.md @@ -14,4 +14,5 @@ Insufficient sanitization in MLflow leads to XSS when running an untrusted recip #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jfrog/jupyterlab-xssguard diff --git a/2024/CVE-2024-27173.md b/2024/CVE-2024-27173.md index 9ab2753a40..26cab9741e 100644 --- a/2024/CVE-2024-27173.md +++ b/2024/CVE-2024-27173.md @@ -13,5 +13,6 @@ Remote Command program allows an attacker to get Remote Code Execution by overwr - http://seclists.org/fulldisclosure/2024/Jul/1 #### Github +- https://github.com/Ieakd/0day-POC-for-CVE-2024-27173 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-27198.md b/2024/CVE-2024-27198.md index 54dee4c95d..28eb99968b 100644 --- a/2024/CVE-2024-27198.md +++ b/2024/CVE-2024-27198.md @@ -13,36 +13,73 @@ In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform - https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve +- https://github.com/12442RF/POC +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/AboSteam/POPC +- https://github.com/ArtemCyberLab/Project-Exploiting-CVE-2024-27198-RCE-Vulnerability +- https://github.com/CHDevSec/RedPhaton +- https://github.com/ChalkingCode/ExploitedDucks - https://github.com/CharonDefalt/CVE-2024-27198-RCE - https://github.com/Chocapikk/CVE-2024-27198 +- https://github.com/Cythonic1/CVE-2024-27198_POC +- https://github.com/DMW11525708/wiki - https://github.com/Donata64/tc_test01 +- https://github.com/EssenceCyber/Exploit-List - https://github.com/GhostTroops/TOP +- https://github.com/HPT-Intern-Task-Submission/CVE-2024-27198 +- https://github.com/J1ezds/Vulnerability-Wiki-page - https://github.com/K3ysTr0K3R/CVE-2024-27198-EXPLOIT - https://github.com/K3ysTr0K3R/K3ysTr0K3R +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/LoSunny/vulnerability-testing +- https://github.com/Melodysdata/brains-writeup-thm +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/Ostorlab/KEV +- https://github.com/ShahdMuhammad/FuzzingTools - https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198- - https://github.com/Stuub/RCity-CVE-2024-27198 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/TrojanAZhen/Self_Back - https://github.com/W01fh4cker/CVE-2024-27198-RCE +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/Yuan08o/pocs - https://github.com/ZonghaoLi777/githubTrending +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/aneasystone/github-trending - https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc +- https://github.com/christopher-deriv/cve_analyzer +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/dkhacks/CVE_2024_27198 +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fireinrain/github-trending - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/geniuszly/CVE-2024-27198 +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/hcy-picus/emerging_threat_simulator +- https://github.com/hsvhora/research_blogs +- https://github.com/iemotion/POC - https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending +- https://github.com/jrbH4CK/CVE-2024-27198 - https://github.com/juev/links - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/kodamap/epss_mcp - https://github.com/labesterOct/CVE-2024-27198 +- https://github.com/laoa1573/wy876 +- https://github.com/lebathang/CveCli - https://github.com/marl-ot/DevSecOps-2024 +- https://github.com/moex01/apt29-sigma-rules - https://github.com/netlas-io/netlas-dorks - https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/passwa11/CVE-2024-27198-RCE - https://github.com/rampantspark/CVE-2024-27198 - https://github.com/sampsonv/github-trending @@ -52,5 +89,6 @@ In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform - https://github.com/wy876/POC - https://github.com/wy876/wiki - https://github.com/yoryio/CVE-2024-27198 +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoxiaoha/github-trending diff --git a/2024/CVE-2024-27199.md b/2024/CVE-2024-27199.md index 179c0bf504..1f599e7347 100644 --- a/2024/CVE-2024-27199.md +++ b/2024/CVE-2024-27199.md @@ -14,9 +14,11 @@ In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limite #### Github - https://github.com/0xMarcio/cve +- https://github.com/ARPSyndicate/cve-scores - https://github.com/CharonDefalt/CVE-2024-27198-RCE - https://github.com/Donata64/tc_test01 - https://github.com/GhostTroops/TOP +- https://github.com/MelvinM8/OSCP - https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198- - https://github.com/Stuub/RCity-CVE-2024-27198 - https://github.com/W01fh4cker/CVE-2024-27198-RCE @@ -27,7 +29,9 @@ In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limite - https://github.com/hcy-picus/emerging_threat_simulator - https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending +- https://github.com/jrbH4CK/CVE-2024-27198 - https://github.com/juev/links +- https://github.com/kodamap/epss_mcp - https://github.com/marl-ot/DevSecOps-2024 - https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub @@ -35,5 +39,6 @@ In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limite - https://github.com/rampantspark/CVE-2024-27198 - https://github.com/sampsonv/github-trending - https://github.com/yoryio/CVE-2024-27198 +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoxiaoha/github-trending diff --git a/2024/CVE-2024-27281.md b/2024/CVE-2024-27281.md index a1e7c5d11b..dc3c78f5f9 100644 --- a/2024/CVE-2024-27281.md +++ b/2024/CVE-2024-27281.md @@ -13,5 +13,6 @@ An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x No PoCs from references. #### Github +- https://github.com/hirudadada/dataops_garner - https://github.com/lifeparticle/Ruby-Cheatsheet diff --git a/2024/CVE-2024-27282.md b/2024/CVE-2024-27282.md index c148cb25ff..5aa232e8f8 100644 --- a/2024/CVE-2024-27282.md +++ b/2024/CVE-2024-27282.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/lifeparticle/Ruby-Cheatsheet - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/p333zy/poc-ruby-infoleak diff --git a/2024/CVE-2024-27286.md b/2024/CVE-2024-27286.md index 92eca032b0..f5179f0722 100644 --- a/2024/CVE-2024-27286.md +++ b/2024/CVE-2024-27286.md @@ -5,7 +5,7 @@ ### Description -Zulip is an open-source team collaboration. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the message, -- but active users who did not have access to the private stream, but whose client had already received the message, would continue to see the message in the public stream until they reloaded their client. Additionally, Zulip did not remove view permissions on the message from recently-active users, allowing the message to show up in the "All messages" view or in search results, but not in "Inbox" or "Recent conversations" views. While the bug has been present since moving messages between streams was first introduced in version 3.0, this option became much more common starting in Zulip 8.0, when the default option in the picker for moving the very last message in a conversation was changed. This issue is fixed in Zulip Server 8.3. No known workarounds are available. +Zulip is an open-source team collaboration tool. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the message, -- but active users who did not have access to the private stream, but whose client had already received the message, would continue to see the message in the public stream until they reloaded their client. Additionally, Zulip did not remove view permissions on the message from recently-active users, allowing the message to show up in the "All messages" view or in search results, but not in "Inbox" or "Recent conversations" views. While the bug has been present since moving messages between streams was first introduced in version 3.0, this option became much more common starting in Zulip 8.0, when the default option in the picker for moving the very last message in a conversation was changed. This issue is fixed in Zulip Server 8.3. No known workarounds are available. ### POC diff --git a/2024/CVE-2024-27292.md b/2024/CVE-2024-27292.md index 27357aab0c..2cbce65c1e 100644 --- a/2024/CVE-2024-27292.md +++ b/2024/CVE-2024-27292.md @@ -13,8 +13,28 @@ Docassemble is an expert system for guided interviews and document assembly. The No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/NingXin2002/Docassemble_poc +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile +- https://github.com/tequilasunsh1ne/CVE_2024_27292 +- https://github.com/th3gokul/CVE-2024-27292 +- https://github.com/tylzars/awesome-vrre-writeups - https://github.com/wy876/POC diff --git a/2024/CVE-2024-2730.md b/2024/CVE-2024-2730.md new file mode 100644 index 0000000000..4480796489 --- /dev/null +++ b/2024/CVE-2024-2730.md @@ -0,0 +1,17 @@ +### [CVE-2024-2730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2730) +![](https://img.shields.io/static/v1?label=Product&message=Mautic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-425%20Direct%20Request%20('Forced%20Browsing')&color=brighgreen) + +### Description + +Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ZHAW-Infosec-Research-Group/A2CT + diff --git a/2024/CVE-2024-27305.md b/2024/CVE-2024-27305.md new file mode 100644 index 0000000000..7bba33dfaf --- /dev/null +++ b/2024/CVE-2024-27305.md @@ -0,0 +1,17 @@ +### [CVE-2024-27305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27305) +![](https://img.shields.io/static/v1?label=Product&message=aiosmtpd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.4.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%3A%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen) + +### Description + +aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/exfil0/SMTP-Hunter + diff --git a/2024/CVE-2024-27306.md b/2024/CVE-2024-27306.md index 9c280de44e..32b03548df 100644 --- a/2024/CVE-2024-27306.md +++ b/2024/CVE-2024-27306.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/rsys-fchaliss/hebe diff --git a/2024/CVE-2024-2731.md b/2024/CVE-2024-2731.md new file mode 100644 index 0000000000..be76f62a9f --- /dev/null +++ b/2024/CVE-2024-2731.md @@ -0,0 +1,17 @@ +### [CVE-2024-2731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2731) +![](https://img.shields.io/static/v1?label=Product&message=Mautic&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ZHAW-Infosec-Research-Group/A2CT + diff --git a/2024/CVE-2024-27310.md b/2024/CVE-2024-27310.md index c15d279595..34da9965ea 100644 --- a/2024/CVE-2024-27310.md +++ b/2024/CVE-2024-27310.md @@ -1,11 +1,11 @@ ### [CVE-2024-27310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27310) ![](https://img.shields.io/static/v1?label=Product&message=ADSelfService%20Plus&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%206401%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-90%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20LDAP%20Query%20('LDAP%20Injection')&color=brighgreen) ### Description -Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP query. +Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. ### POC @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nhienit2010/nhienit2010 diff --git a/2024/CVE-2024-27316.md b/2024/CVE-2024-27316.md index 5533bf0bcc..bcc8c46b10 100644 --- a/2024/CVE-2024-27316.md +++ b/2024/CVE-2024-27316.md @@ -16,8 +16,11 @@ HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 - https://github.com/Ampferl/poc_http2-continuation-flood - https://github.com/DrewskyDev/H2Flood - https://github.com/EzeTauil/Maquina-Upload +- https://github.com/NeoOniX/5ATTACK - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC - https://github.com/aeyesec/CVE-2024-27316_poc +- https://github.com/dusbot/cpe2cve +- https://github.com/krlabs/apache-vulnerabilities - https://github.com/lockness-Ko/CVE-2024-27316 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-27322.md b/2024/CVE-2024-27322.md index 96d656500c..6c2ee48eed 100644 --- a/2024/CVE-2024-27322.md +++ b/2024/CVE-2024-27322.md @@ -14,5 +14,8 @@ No PoCs from references. #### Github - https://github.com/hrbrmstr/rdaradar +- https://github.com/r-hub/r-builds +- https://github.com/r-hub/r-glibc +- https://github.com/rstudio/r-builds - https://github.com/vin01/bogus-cves diff --git a/2024/CVE-2024-27347.md b/2024/CVE-2024-27347.md index f938244879..9ec86a4dde 100644 --- a/2024/CVE-2024-27347.md +++ b/2024/CVE-2024-27347.md @@ -13,5 +13,7 @@ Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This No PoCs from references. #### Github +- https://github.com/Wala-Alnozmai/SVD-Benchmark - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/oananbeh/LLM-Java-SVR-Benchmark diff --git a/2024/CVE-2024-27348.md b/2024/CVE-2024-27348.md index edd9b23d61..fcd1abeccb 100644 --- a/2024/CVE-2024-27348.md +++ b/2024/CVE-2024-27348.md @@ -13,15 +13,40 @@ RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV +- https://github.com/QuocKon/Network-Penetration-Lab +- https://github.com/Threekiii/Awesome-POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs - https://github.com/Zeyad-Azima/CVE-2024-27348 +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/apiverve/news-API +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/ismailmazumder/SL7CVELabsBuilder - https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE - https://github.com/kljunowsky/CVE-2024-27348 +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/p0et08/CVE-2024-27348 - https://github.com/securelayer7/CVE-Analysis +- https://github.com/securelayer7/Research - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-27388.md b/2024/CVE-2024-27388.md new file mode 100644 index 0000000000..31b708550c --- /dev/null +++ b/2024/CVE-2024-27388.md @@ -0,0 +1,17 @@ +### [CVE-2024-27388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1d658336b05f%3C%20b97c37978ca8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:SUNRPC: fix some memleaks in gssx_dec_option_arrayThe creds and oa->data need to be freed in the error-handling paths aftertheir allocation. So this patch add these deallocations in thecorresponding paths. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-27394.md b/2024/CVE-2024-27394.md new file mode 100644 index 0000000000..0f984565ad --- /dev/null +++ b/2024/CVE-2024-27394.md @@ -0,0 +1,20 @@ +### [CVE-2024-27394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27394) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7c2ffaf21bd6%3C%20ca4fb6c6764b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:tcp: Fix Use-After-Free in tcp_ao_connect_initSince call_rcu, which is called in the hlist_for_each_entry_rcu traversalof tcp_ao_connect_init, is not part of the RCU read critical section, itis possible that the RCU grace period will pass during the traversal andthe key will be free.To prevent this, it should be changed to hlist_for_each_entry_safe. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 +- https://github.com/bachkhoasoft/awesome-list-ks +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-27397.md b/2024/CVE-2024-27397.md new file mode 100644 index 0000000000..af82253c94 --- /dev/null +++ b/2024/CVE-2024-27397.md @@ -0,0 +1,17 @@ +### [CVE-2024-27397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=c3e1b005ed1cc068fc9d454a6e745830d55d251d%3C%20f8dfda798650241c1692058713ca4fef8e429061%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_tables: use timestamp to check for set element timeoutAdd a timestamp field at the beginning of the transaction, store itin the nftables per-netns area.Update set backend .insert, .deactivate and sync gc path to use thetimestamp, this avoids that an element expires while control planetransaction is still unfinished..lookup and .update, which are used from packet path, still use thecurrent time to check if the element has expired. And .get path and dumpalso since this runs lockless under rcu read size lock. Then, there isasync gc which also needs to check the current time since it runsasynchronously from a workqueue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/takaaki-fukunaga/cvechecker + diff --git a/2024/CVE-2024-27398.md b/2024/CVE-2024-27398.md index 657c1d9480..f8d5b76f9b 100644 --- a/2024/CVE-2024-27398.md +++ b/2024/CVE-2024-27398.md @@ -20,5 +20,6 @@ In the Linux kernel, the following vulnerability has been resolved:Bluetooth: Fi - https://git.kernel.org/stable/c/bfab2c1f7940a232cd519e82fff137e308abfd93 #### Github -No PoCs found on GitHub currently. +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/secunnix/CVE-2024-27398 diff --git a/2024/CVE-2024-27443.md b/2024/CVE-2024-27443.md index bd90b58a22..825d50d892 100644 --- a/2024/CVE-2024-27443.md +++ b/2024/CVE-2024-27443.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nhiephon/Research +- https://github.com/packetinside/CISA_BOT diff --git a/2024/CVE-2024-27444.md b/2024/CVE-2024-27444.md index d1aaaafa95..403228a2e8 100644 --- a/2024/CVE-2024-27444.md +++ b/2024/CVE-2024-27444.md @@ -14,5 +14,8 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/franzheffa/video-search-and-summarization-viize +- https://github.com/gil-feldman-glidetalk/video-search-and-summarization +- https://github.com/rmkraus/video-search-and-summarization - https://github.com/zgimszhd61/llm-security-quickstart diff --git a/2024/CVE-2024-27448.md b/2024/CVE-2024-27448.md index 486fa0a7a5..a7d3e24070 100644 --- a/2024/CVE-2024-27448.md +++ b/2024/CVE-2024-27448.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/Tim-Hoekstra/MailDev-2.1.0-Exploit-RCE +- https://github.com/rawtips/CVE-2024-27448-poc diff --git a/2024/CVE-2024-27460.md b/2024/CVE-2024-27460.md index 0a6d4343e8..f3e7622fc2 100644 --- a/2024/CVE-2024-27460.md +++ b/2024/CVE-2024-27460.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/10cks/CVE-2024-27460-installer - https://github.com/Alaatk/CVE-2024-27460 +- https://github.com/crisprss/CVEs - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xct/CVE-2024-27460 diff --git a/2024/CVE-2024-2750.md b/2024/CVE-2024-2750.md new file mode 100644 index 0000000000..b6d21687a9 --- /dev/null +++ b/2024/CVE-2024-2750.md @@ -0,0 +1,17 @@ +### [CVE-2024-2750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2750) +![](https://img.shields.io/static/v1?label=Product&message=Exclusive%20Addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.6.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-87%20Improper%20Neutralization%20of%20Alternate%20XSS%20Syntax&color=brighgreen) + +### Description + +The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CyberSecAI/cve_dedup + diff --git a/2024/CVE-2024-27518.md b/2024/CVE-2024-27518.md index 83b94aa3a6..955b9eb499 100644 --- a/2024/CVE-2024-27518.md +++ b/2024/CVE-2024-27518.md @@ -14,6 +14,7 @@ An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unpriv - https://www.youtube.com/watch?v=FM5XlZPdvdo #### Github +- https://github.com/Anomaly-8/ZPOZAS_lab2 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/secunnix/CVE-2024-27518 diff --git a/2024/CVE-2024-27527.md b/2024/CVE-2024-27527.md new file mode 100644 index 0000000000..9974915ac0 --- /dev/null +++ b/2024/CVE-2024-27527.md @@ -0,0 +1,17 @@ +### [CVE-2024-27527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27527) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +wasm3 139076a is vulnerable to Denial of Service (DoS). + +### POC + +#### Reference +- https://github.com/wasm3/wasm3/issues/464 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-27528.md b/2024/CVE-2024-27528.md new file mode 100644 index 0000000000..cadd2bb399 --- /dev/null +++ b/2024/CVE-2024-27528.md @@ -0,0 +1,17 @@ +### [CVE-2024-27528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27528) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution. + +### POC + +#### Reference +- https://github.com/wasm3/wasm3/issues/463 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-27529.md b/2024/CVE-2024-27529.md new file mode 100644 index 0000000000..820a173358 --- /dev/null +++ b/2024/CVE-2024-27529.md @@ -0,0 +1,17 @@ +### [CVE-2024-27529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27529) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +wasm3 139076a contains memory leaks in Read_utf8. + +### POC + +#### Reference +- https://github.com/wasm3/wasm3/issues/462 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-27530.md b/2024/CVE-2024-27530.md new file mode 100644 index 0000000000..44e48cdc83 --- /dev/null +++ b/2024/CVE-2024-27530.md @@ -0,0 +1,17 @@ +### [CVE-2024-27530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27530) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +wasm3 139076a contains a Use-After-Free in ForEachModule. + +### POC + +#### Reference +- https://github.com/wasm3/wasm3/issues/458 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-27532.md b/2024/CVE-2024-27532.md new file mode 100644 index 0000000000..1d57133f1d --- /dev/null +++ b/2024/CVE-2024-27532.md @@ -0,0 +1,17 @@ +### [CVE-2024-27532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27532) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. + +### POC + +#### Reference +- https://github.com/bytecodealliance/wasm-micro-runtime/issues/3130 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-27564.md b/2024/CVE-2024-27564.md index 4b86f9ba27..6e6e721568 100644 --- a/2024/CVE-2024-27564.md +++ b/2024/CVE-2024-27564.md @@ -5,13 +5,17 @@ ### Description -A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. +pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading. ### POC #### Reference - https://github.com/dirk1983/chatgpt/issues/114 +- https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114 #### Github +- https://github.com/Alchemyst0x/awesome-stars +- https://github.com/Quantum-Hacker/CVE-2024-27564 +- https://github.com/chaudhrymuhammadtayab/SSRF-Exploit-CVE-2024-27564 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-2759.md b/2024/CVE-2024-2759.md index b7ebddfbce..09eae27516 100644 --- a/2024/CVE-2024-2759.md +++ b/2024/CVE-2024-2759.md @@ -1,7 +1,7 @@ ### [CVE-2024-2759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2759) ![](https://img.shields.io/static/v1?label=Product&message=Apaczka&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=v1%3C%3D%20v4%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) ### Description diff --git a/2024/CVE-2024-27592.md b/2024/CVE-2024-27592.md index bcbffe170b..095204a804 100644 --- a/2024/CVE-2024-27592.md +++ b/2024/CVE-2024-27592.md @@ -10,6 +10,7 @@ Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers t ### POC #### Reference +- https://medium.com/%40nicatabbasov00002/open-redirect-vulnerability-62986ccaf0f7 - https://medium.com/@nicatabbasov00002/open-redirect-vulnerability-62986ccaf0f7 #### Github diff --git a/2024/CVE-2024-2763.md b/2024/CVE-2024-2763.md index 36f6a8f23c..93955f729a 100644 --- a/2024/CVE-2024-2763.md +++ b/2024/CVE-2024-2763.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, has been found in Tenda AC10U #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-27630.md b/2024/CVE-2024-27630.md index 45b92206b4..a90f37dd8e 100644 --- a/2024/CVE-2024-27630.md +++ b/2024/CVE-2024-27630.md @@ -10,6 +10,7 @@ Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a ### POC #### Reference +- https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 - https://medium.com/@allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 #### Github diff --git a/2024/CVE-2024-27631.md b/2024/CVE-2024-27631.md index 8c7339889f..c1dc9ff165 100644 --- a/2024/CVE-2024-27631.md +++ b/2024/CVE-2024-27631.md @@ -11,6 +11,7 @@ Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows #### Reference - https://github.com/ally-petitt/CVE-2024-27631 +- https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 - https://medium.com/@allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 #### Github diff --git a/2024/CVE-2024-27632.md b/2024/CVE-2024-27632.md index a9bbe533d2..995fe65f3b 100644 --- a/2024/CVE-2024-27632.md +++ b/2024/CVE-2024-27632.md @@ -10,6 +10,7 @@ An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate pr ### POC #### Reference +- https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 - https://medium.com/@allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3 #### Github diff --git a/2024/CVE-2024-2764.md b/2024/CVE-2024-2764.md index 117d313de7..827e93ad06 100644 --- a/2024/CVE-2024-2764.md +++ b/2024/CVE-2024-2764.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, was found in Tenda AC10U 15.0 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2771.md b/2024/CVE-2024-2771.md new file mode 100644 index 0000000000..44d928e374 --- /dev/null +++ b/2024/CVE-2024-2771.md @@ -0,0 +1,20 @@ +### [CVE-2024-2771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2771) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin%20by%20Fluent%20Forms%20for%20Quiz%2C%20Survey%2C%20and%20Drag%20%26%20Drop%20WP%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.1.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/uiuc-kang-lab/cve-bench +- https://github.com/whale93/CVE-2024-2771-PoC +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-27756.md b/2024/CVE-2024-27756.md index 55f8cbbf72..02a2fabf5d 100644 --- a/2024/CVE-2024-27756.md +++ b/2024/CVE-2024-27756.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-27766.md b/2024/CVE-2024-27766.md new file mode 100644 index 0000000000..850dbe7e14 --- /dev/null +++ b/2024/CVE-2024-27766.md @@ -0,0 +1,17 @@ +### [CVE-2024-27766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27766) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. + +### POC + +#### Reference +- https://github.com/Ant1sec-ops/CVE-2024-27766 + +#### Github +- https://github.com/Ant1sec-ops/CVE-2024-27766 + diff --git a/2024/CVE-2024-2777.md b/2024/CVE-2024-2777.md index 4868ad6ed6..1e8c3c9f85 100644 --- a/2024/CVE-2024-2777.md +++ b/2024/CVE-2024-2777.md @@ -1,11 +1,12 @@ ### [CVE-2024-2777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2777) ![](https://img.shields.io/static/v1?label=Product&message=Online%20Marriage%20Registration%20System&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) ### Description -A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611. +A vulnerability has been found in Campcodes/PHPGurukul Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. ### POC diff --git a/2024/CVE-2024-27804.md b/2024/CVE-2024-27804.md index 762fdf1b71..6c2b37e83a 100644 --- a/2024/CVE-2024-27804.md +++ b/2024/CVE-2024-27804.md @@ -21,5 +21,6 @@ No PoCs from references. - https://github.com/GhostTroops/TOP - https://github.com/R00tkitSMM/CVE-2024-27804 - https://github.com/SnoopyTools/Rootkit-cve2024 +- https://github.com/a0zhar/QuarkPoC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-27808.md b/2024/CVE-2024-27808.md new file mode 100644 index 0000000000..2df377ef59 --- /dev/null +++ b/2024/CVE-2024-27808.md @@ -0,0 +1,25 @@ +### [CVE-2024-27808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27808) +![](https://img.shields.io/static/v1?label=Product&message=Safari&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2010.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20web%20content%20may%20lead%20to%20arbitrary%20code%20execution&color=brighgreen) + +### Description + +The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-27815.md b/2024/CVE-2024-27815.md index 0d6849f1e3..a8b9c6be09 100644 --- a/2024/CVE-2024-27815.md +++ b/2024/CVE-2024-27815.md @@ -23,4 +23,5 @@ No PoCs from references. - https://github.com/jprx/CVE-2024-27815 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sreedevk/bookmarks +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-2782.md b/2024/CVE-2024-2782.md new file mode 100644 index 0000000000..9b8d4fd64e --- /dev/null +++ b/2024/CVE-2024-2782.md @@ -0,0 +1,19 @@ +### [CVE-2024-2782](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2782) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin%20by%20Fluent%20Forms%20for%20Quiz%2C%20Survey%2C%20and%20Drag%20%26%20Drop%20WP%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.1.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to modify all of the plugin's settings. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/whale93/CVE-2024-2782-PoC +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-27821.md b/2024/CVE-2024-27821.md new file mode 100644 index 0000000000..7dd2aae652 --- /dev/null +++ b/2024/CVE-2024-27821.md @@ -0,0 +1,21 @@ +### [CVE-2024-27821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27821) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2010.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20shortcut%20may%20output%20sensitive%20user%20data%20without%20consent&color=brighgreen) + +### Description + +A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xilis/CVE-2024-27821 + diff --git a/2024/CVE-2024-27876.md b/2024/CVE-2024-27876.md new file mode 100644 index 0000000000..a553bb5274 --- /dev/null +++ b/2024/CVE-2024-27876.md @@ -0,0 +1,22 @@ +### [CVE-2024-27876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27876) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2013.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unpacking%20a%20maliciously%20crafted%20archive%20may%20allow%20an%20attacker%20to%20write%20arbitrary%20files&color=brighgreen) + +### Description + +A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xilis/CVE-2024-27876 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-27912.md b/2024/CVE-2024-27912.md new file mode 100644 index 0000000000..fc311bbb2e --- /dev/null +++ b/2024/CVE-2024-27912.md @@ -0,0 +1,17 @@ +### [CVE-2024-27912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27912) +![](https://img.shields.io/static/v1?label=Product&message=Printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/s0uthwood/netpuzz + diff --git a/2024/CVE-2024-27914.md b/2024/CVE-2024-27914.md index a132ed2255..d6069f9b11 100644 --- a/2024/CVE-2024-27914.md +++ b/2024/CVE-2024-27914.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/shellkraft/CVE-2024-27914 diff --git a/2024/CVE-2024-27923.md b/2024/CVE-2024-27923.md index 7486e6744e..3d1cdabaea 100644 --- a/2024/CVE-2024-27923.md +++ b/2024/CVE-2024-27923.md @@ -14,5 +14,5 @@ Grav is a content management system (CMS). Prior to version 1.7.43, users who ma - https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v #### Github -No PoCs found on GitHub currently. +- https://github.com/Universe1122/Universe1122 diff --git a/2024/CVE-2024-27937.md b/2024/CVE-2024-27937.md index c72278edc7..13fef00193 100644 --- a/2024/CVE-2024-27937.md +++ b/2024/CVE-2024-27937.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/Orange-Cyberdefense/glpwnme - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-27954.md b/2024/CVE-2024-27954.md index 067e9d62cf..b044453ba9 100644 --- a/2024/CVE-2024-27954.md +++ b/2024/CVE-2024-27954.md @@ -13,6 +13,27 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/AlienTec1908/Matrioshka_HackMyVM_Medium +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Quantum-Hacker/CVE-2024-27954 +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/gh-ost00/CVE-2024-27954 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/r0otk3r/CVE-2024-27954 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-27956.md b/2024/CVE-2024-27956.md index 654d21a8cb..3e69e8e91e 100644 --- a/2024/CVE-2024-27956.md +++ b/2024/CVE-2024-27956.md @@ -13,25 +13,55 @@ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/7aRanchi/CVE-2024-27956-for-fscan +- https://github.com/AboSteam/POPC - https://github.com/AiGptCode/WordPress-Auto-Admin-Account-and-Reverse-Shell-cve-2024-27956 +- https://github.com/AlienTec1908/Matrioshka_HackMyVM_Medium +- https://github.com/CERTologists/EXPLOITING-CVE-2024-27956 - https://github.com/Cappricio-Securities/CVE-2024-27956 +- https://github.com/DMW11525708/wiki +- https://github.com/DoTTak/Research-WordPress-CVE - https://github.com/FoxyProxys/CVE-2024-27956 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/NaInSec/CVE-LIST - https://github.com/Ostorlab/KEV +- https://github.com/Professor6T9/WordPressAutoExploiter +- https://github.com/TadashiJei/Valve-Press-CVE-2024-27956-RCE +- https://github.com/ThatNotEasy/CVE-2024-27956 - https://github.com/W3BW/CVE-2024-27956-RCE-File-Package +- https://github.com/WhosGa/MyWiki - https://github.com/X-Projetion/CVE-2024-27956-WORDPRESS-RCE-PLUGIN +- https://github.com/Yuan08o/pocs - https://github.com/ZonghaoLi777/githubTrending +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/amessedad/autoexploitGPT - https://github.com/aneasystone/github-trending +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/cve-2024/CVE-2024-27956-RCE +- https://github.com/devsec23/CVE-2024-27956 - https://github.com/diego-tella/CVE-2024-27956-RCE +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fireinrain/github-trending +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/itzheartzz/MASS-CVE-2024-27956 - https://github.com/johe123qwe/github-trending - https://github.com/k3ppf0r/CVE-2024-27956 +- https://github.com/laoa1573/wy876 +- https://github.com/m4nInTh3mIdDle/wordpress-CVE-2024-27956 - https://github.com/nancyariah4/CVE-2024-27956 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/sampsonv/github-trending - https://github.com/tanjiti/sec_profile - https://github.com/truonghuuphuc/CVE-2024-27956 +- https://github.com/truonghuuphuc/Poc - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-2796.md b/2024/CVE-2024-2796.md new file mode 100644 index 0000000000..7860fc50ce --- /dev/null +++ b/2024/CVE-2024-2796.md @@ -0,0 +1,17 @@ +### [CVE-2024-2796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2796) +![](https://img.shields.io/static/v1?label=Product&message=Akana%20API%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2022.1.1%3C%202022.1.1%20(CVE-2024-2796%20Patch)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918&color=brighgreen) + +### Description + +A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001STuXYAW + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-27971.md b/2024/CVE-2024-27971.md index b1ce5e6b91..31552ac4e3 100644 --- a/2024/CVE-2024-27971.md +++ b/2024/CVE-2024-27971.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/truonghuuphuc/CVE-2024-27971-Note +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-27972.md b/2024/CVE-2024-27972.md index 1110c69bde..9f543b5b9b 100644 --- a/2024/CVE-2024-27972.md +++ b/2024/CVE-2024-27972.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/truonghuuphuc/CVE-2024-27972-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-27980.md b/2024/CVE-2024-27980.md new file mode 100644 index 0000000000..1fbb26bb31 --- /dev/null +++ b/2024/CVE-2024-27980.md @@ -0,0 +1,23 @@ +### [CVE-2024-27980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27980) +![](https://img.shields.io/static/v1?label=Product&message=Node.js&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=21.7.0%3C%3D%2021.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cybervixy/Vulnerability-Management +- https://github.com/Oju-kwu/Vulnerability-Management-Lab +- https://github.com/Oluwaseun-Joseph/Credentialed-Vulnerability-Assessment-Lab +- https://github.com/Teedico/Nessus_Vulnerability_Assessment +- https://github.com/ardhi/get-global-path +- https://github.com/tanjiti/sec_profile +- https://github.com/tianstcht/tianstcht + diff --git a/2024/CVE-2024-27982.md b/2024/CVE-2024-27982.md new file mode 100644 index 0000000000..a92ee7c9de --- /dev/null +++ b/2024/CVE-2024-27982.md @@ -0,0 +1,17 @@ +### [CVE-2024-27982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27982) +![](https://img.shields.io/static/v1?label=Product&message=Node&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=20.12.0%3C%3D%2020.12.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KshitijPatil08/Elevate-Task3 + diff --git a/2024/CVE-2024-27983.md b/2024/CVE-2024-27983.md index 33873139cd..392ef11fc3 100644 --- a/2024/CVE-2024-27983.md +++ b/2024/CVE-2024-27983.md @@ -15,8 +15,11 @@ No PoCs from references. #### Github - https://github.com/Ampferl/poc_http2-continuation-flood - https://github.com/DrewskyDev/H2Flood +- https://github.com/KshitijPatil08/Elevate-Task3 +- https://github.com/PsychoPunkSage/Chronark - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC - https://github.com/hex0punk/cont-flood-poc - https://github.com/lirantal/CVE-2024-27983-nodejs-http2 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024 diff --git a/2024/CVE-2024-28000.md b/2024/CVE-2024-28000.md index 1e4e515367..27ff4085ba 100644 --- a/2024/CVE-2024-28000.md +++ b/2024/CVE-2024-28000.md @@ -14,5 +14,12 @@ Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/Alucard0x1/CVE-2024-28000 +- https://github.com/JohnDoeAnonITA/CVE-2024-28000 +- https://github.com/SSSSuperX/CVE-2024-28000 +- https://github.com/arch1m3d/CVE-2024-28000 +- https://github.com/ebrasha/CVE-2024-28000 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/s3rgeym/wp-vuln-scanner diff --git a/2024/CVE-2024-28029.md b/2024/CVE-2024-28029.md index 426d69e516..d83bdbeba4 100644 --- a/2024/CVE-2024-28029.md +++ b/2024/CVE-2024-28029.md @@ -1,7 +1,7 @@ ### [CVE-2024-28029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28029) ![](https://img.shields.io/static/v1?label=Product&message=DIAEnergie&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20v1.10.00.005%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-602%20Client-Side%20Enforcement%20of%20Server-Side%20Security&color=brighgreen) ### Description diff --git a/2024/CVE-2024-28038.md b/2024/CVE-2024-28038.md new file mode 100644 index 0000000000..d773d69a3e --- /dev/null +++ b/2024/CVE-2024-28038.md @@ -0,0 +1,18 @@ +### [CVE-2024-28038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28038) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20buffer%20overflow&color=brighgreen) + +### Description + +The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28046.md b/2024/CVE-2024-28046.md new file mode 100644 index 0000000000..0790ddb91f --- /dev/null +++ b/2024/CVE-2024-28046.md @@ -0,0 +1,18 @@ +### [CVE-2024-28046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28046) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20GPA%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%202024.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20search%20path&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-2805.md b/2024/CVE-2024-2805.md index e9d400bb11..cfb447fe31 100644 --- a/2024/CVE-2024-2805.md +++ b/2024/CVE-2024-2805.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28052.md b/2024/CVE-2024-28052.md new file mode 100644 index 0000000000..427a259a44 --- /dev/null +++ b/2024/CVE-2024-28052.md @@ -0,0 +1,17 @@ +### [CVE-2024-28052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28052) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6012&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R0.40e6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-131%3A%20Incorrect%20Calculation%20of%20Buffer%20Size&color=brighgreen) + +### Description + +The WBR-6012 is a wireless SOHO router. It is a low-cost device which functions as an internet gateway for homes and small offices while aiming to be easy to configure and operate. In addition to providing a WiFi access point, the device serves as a 4-port wired router and implements a variety of common SOHO router capabilities such as port forwarding, quality-of-service, web-based administration, a DHCP server, a basic DMZ, and UPnP capabilities. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1997 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28056.md b/2024/CVE-2024-28056.md index ad25130144..ff4a4ed9f8 100644 --- a/2024/CVE-2024-28056.md +++ b/2024/CVE-2024-28056.md @@ -13,5 +13,5 @@ Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust poli - https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/ #### Github -No PoCs found on GitHub currently. +- https://github.com/perplext/AmpSwiftUI diff --git a/2024/CVE-2024-2806.md b/2024/CVE-2024-2806.md index ffa0e2bd43..6d7c199b24 100644 --- a/2024/CVE-2024-2806.md +++ b/2024/CVE-2024-2806.md @@ -17,4 +17,5 @@ A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/ - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2807.md b/2024/CVE-2024-2807.md index fc5620d5bb..a7477d1dae 100644 --- a/2024/CVE-2024-2807.md +++ b/2024/CVE-2024-2807.md @@ -17,4 +17,5 @@ A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03 - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2808.md b/2024/CVE-2024-2808.md index 609e80fa66..0a2e9cf503 100644 --- a/2024/CVE-2024-2808.md +++ b/2024/CVE-2024-2808.md @@ -16,4 +16,5 @@ A vulnerability, which was classified as critical, has been found in Tenda AC15 - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28084.md b/2024/CVE-2024-28084.md index 07378afbca..8f8d008c93 100644 --- a/2024/CVE-2024-28084.md +++ b/2024/CVE-2024-28084.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ibrahmsql/discoursemap diff --git a/2024/CVE-2024-28085.md b/2024/CVE-2024-28085.md index 344a6b6518..86fc0f5b7a 100644 --- a/2024/CVE-2024-28085.md +++ b/2024/CVE-2024-28085.md @@ -15,9 +15,13 @@ wall in util-linux through 2.40, often installed with setgid tty permissions, al - https://www.openwall.com/lists/oss-security/2024/03/27/5 #### Github +- https://github.com/Aires-Observer/study_trivy - https://github.com/giterlizzi/secdb-feeds - https://github.com/kherrick/lobsters +- https://github.com/myh0301/KNOWHOW +- https://github.com/ndouglas-cloudsmith/exploit-check - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oditynet/sleepall - https://github.com/skyler-ferrante/CVE-2024-28085 - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-28088.md b/2024/CVE-2024-28088.md index aa811e48e8..4fa5f6951d 100644 --- a/2024/CVE-2024-28088.md +++ b/2024/CVE-2024-28088.md @@ -13,8 +13,11 @@ LangChain through 0.1.10 allows ../ directory traversal by an actor who is able - https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md #### Github +- https://github.com/franzheffa/video-search-and-summarization-viize +- https://github.com/gil-feldman-glidetalk/video-search-and-summarization - https://github.com/levpachmanov/cve-2024-28088-poc - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/rmkraus/video-search-and-summarization - https://github.com/seal-community/patches - https://github.com/tanjiti/sec_profile - https://github.com/zgimszhd61/llm-security-quickstart diff --git a/2024/CVE-2024-2809.md b/2024/CVE-2024-2809.md index e9461c1c78..e1e7ab46c0 100644 --- a/2024/CVE-2024-2809.md +++ b/2024/CVE-2024-2809.md @@ -16,4 +16,5 @@ A vulnerability, which was classified as critical, was found in Tenda AC15 15.03 - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28093.md b/2024/CVE-2024-28093.md index 0980035dcc..f83323779a 100644 --- a/2024/CVE-2024-28093.md +++ b/2024/CVE-2024-28093.md @@ -5,7 +5,7 @@ ### Description -**UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. +** UNSUPPORTED WHEN ASSIGNED ** The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. ### POC diff --git a/2024/CVE-2024-2810.md b/2024/CVE-2024-2810.md index eed6372bd2..ed5d0d4e33 100644 --- a/2024/CVE-2024-2810.md +++ b/2024/CVE-2024-2810.md @@ -16,4 +16,5 @@ A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and clas - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28103.md b/2024/CVE-2024-28103.md new file mode 100644 index 0000000000..e597d44d60 --- /dev/null +++ b/2024/CVE-2024-28103.md @@ -0,0 +1,17 @@ +### [CVE-2024-28103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28103) +![](https://img.shields.io/static/v1?label=Product&message=rails&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%206.1.0.0%2C%20%3C%206.1.7.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/appatalks/ghes-cve-check + diff --git a/2024/CVE-2024-2811.md b/2024/CVE-2024-2811.md index 3e46180907..5c4143dcd2 100644 --- a/2024/CVE-2024-2811.md +++ b/2024/CVE-2024-2811.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critica - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28114.md b/2024/CVE-2024-28114.md new file mode 100644 index 0000000000..741c0f4bdf --- /dev/null +++ b/2024/CVE-2024-28114.md @@ -0,0 +1,17 @@ +### [CVE-2024-28114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28114) +![](https://img.shields.io/static/v1?label=Product&message=peering-manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) + +### Description + +Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mmedhat1910/masters-testing-apps + diff --git a/2024/CVE-2024-28116.md b/2024/CVE-2024-28116.md index 97fcee70d8..bf0ca35aa3 100644 --- a/2024/CVE-2024-28116.md +++ b/2024/CVE-2024-28116.md @@ -16,6 +16,8 @@ Grav is an open-source, flat-file content management system. Grav CMS prior to v #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/akabe1/Graver +- https://github.com/geniuszly/GenGravSSTIExploit +- https://github.com/gunzf0x/Grav-CMS-RCE-Authenticated - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-2812.md b/2024/CVE-2024-2812.md index 391e798672..c2f1972408 100644 --- a/2024/CVE-2024-2812.md +++ b/2024/CVE-2024-2812.md @@ -16,4 +16,6 @@ A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC +- https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-28125.md b/2024/CVE-2024-28125.md index 78c06d0edd..8b68fa29f8 100644 --- a/2024/CVE-2024-28125.md +++ b/2024/CVE-2024-28125.md @@ -1,11 +1,11 @@ ### [CVE-2024-28125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28125) ![](https://img.shields.io/static/v1?label=Product&message=FitNesse&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20all%20releases%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=OS%20command%20injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20neutralization%20of%20special%20elements%20used%20in%20an%20OS%20command%20('OS%20Command%20Injection')&color=brighgreen) ### Description -FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. +** DISPUTED ** FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation. ### POC diff --git a/2024/CVE-2024-2813.md b/2024/CVE-2024-2813.md index bfa560e854..3d175a9979 100644 --- a/2024/CVE-2024-2813.md +++ b/2024/CVE-2024-2813.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28138.md b/2024/CVE-2024-28138.md new file mode 100644 index 0000000000..7ab5c36008 --- /dev/null +++ b/2024/CVE-2024-28138.md @@ -0,0 +1,17 @@ +### [CVE-2024-28138](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28138) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28139.md b/2024/CVE-2024-28139.md new file mode 100644 index 0000000000..daac4682ad --- /dev/null +++ b/2024/CVE-2024-28139.md @@ -0,0 +1,17 @@ +### [CVE-2024-28139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28139) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen) + +### Description + +The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-2814.md b/2024/CVE-2024-2814.md index e0b8a6ae6a..ac1f87098a 100644 --- a/2024/CVE-2024-2814.md +++ b/2024/CVE-2024-2814.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as cri - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28140.md b/2024/CVE-2024-28140.md new file mode 100644 index 0000000000..37ef3509a1 --- /dev/null +++ b/2024/CVE-2024-28140.md @@ -0,0 +1,17 @@ +### [CVE-2024-28140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28140) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen) + +### Description + +The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28141.md b/2024/CVE-2024-28141.md new file mode 100644 index 0000000000..1a7f91d3fb --- /dev/null +++ b/2024/CVE-2024-28141.md @@ -0,0 +1,17 @@ +### [CVE-2024-28141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28141) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28142.md b/2024/CVE-2024-28142.md new file mode 100644 index 0000000000..4959b79235 --- /dev/null +++ b/2024/CVE-2024-28142.md @@ -0,0 +1,17 @@ +### [CVE-2024-28142](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28142) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the "file name" and wildcard character input field. By exploiting the wildcard character feature, attackers are able to store arbitrary Javascript code which is being triggered if the page is viewed afterwards, e.g. by higher privileged users such as admins.This attack can even be performed without being logged in because the affected functions are not fully protected. Without logging in, only the file name parameter of the "Default" User can be changed. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28143.md b/2024/CVE-2024-28143.md new file mode 100644 index 0000000000..ace021cd01 --- /dev/null +++ b/2024/CVE-2024-28143.md @@ -0,0 +1,17 @@ +### [CVE-2024-28143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28143) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-620%20Unverified%20Password%20Change&color=brighgreen) + +### Description + +The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28144.md b/2024/CVE-2024-28144.md new file mode 100644 index 0000000000..83bbfa8b30 --- /dev/null +++ b/2024/CVE-2024-28144.md @@ -0,0 +1,17 @@ +### [CVE-2024-28144](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28144) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-384%20Session%20Fixation&color=brighgreen) + +### Description + +An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28145.md b/2024/CVE-2024-28145.md new file mode 100644 index 0000000000..b99e91f31e --- /dev/null +++ b/2024/CVE-2024-28145.md @@ -0,0 +1,17 @@ +### [CVE-2024-28145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28145) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28146.md b/2024/CVE-2024-28146.md new file mode 100644 index 0000000000..45a3f8681b --- /dev/null +++ b/2024/CVE-2024-28146.md @@ -0,0 +1,17 @@ +### [CVE-2024-28146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28146) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen) + +### Description + +The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-2815.md b/2024/CVE-2024-2815.md index 80ad3d0e35..cf09ac5df8 100644 --- a/2024/CVE-2024-2815.md +++ b/2024/CVE-2024-2815.md @@ -16,4 +16,5 @@ A vulnerability classified as critical has been found in Tenda AC15 15.03.20_mul - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2816.md b/2024/CVE-2024-2816.md index 6aedba54b8..554cc914fc 100644 --- a/2024/CVE-2024-2816.md +++ b/2024/CVE-2024-2816.md @@ -16,4 +16,5 @@ A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. A - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28163.md b/2024/CVE-2024-28163.md index cbc0090cc9..c9c2da9254 100644 --- a/2024/CVE-2024-28163.md +++ b/2024/CVE-2024-28163.md @@ -1,7 +1,7 @@ ### [CVE-2024-28163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28163) ![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20Process%20Integration%20(Support%20Web%20Pages)&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%207.50%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%3A%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) ### Description diff --git a/2024/CVE-2024-2817.md b/2024/CVE-2024-2817.md index afcbbae193..a366f9b1f8 100644 --- a/2024/CVE-2024-2817.md +++ b/2024/CVE-2024-2817.md @@ -16,4 +16,5 @@ A vulnerability, which was classified as problematic, has been found in Tenda AC - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28176.md b/2024/CVE-2024-28176.md index 466a786f0f..419b763cab 100644 --- a/2024/CVE-2024-28176.md +++ b/2024/CVE-2024-28176.md @@ -13,6 +13,7 @@ jose is JavaScript module for JSON Object Signing and Encryption, providing supp No PoCs from references. #### Github +- https://github.com/0x0806/JWT-Security-Assessment - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28192.md b/2024/CVE-2024-28192.md index 1dde3ff5a3..ad2d7204ba 100644 --- a/2024/CVE-2024-28192.md +++ b/2024/CVE-2024-28192.md @@ -14,5 +14,7 @@ your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpot - https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-c8wf-wcjc-2pvm #### Github +- https://github.com/Tr4nDuy/NoSQL-Injection - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/grapitycreation/NoSQL_Injection_Project diff --git a/2024/CVE-2024-28193.md b/2024/CVE-2024-28193.md index dc68ae2f90..2c1fe6c28f 100644 --- a/2024/CVE-2024-28193.md +++ b/2024/CVE-2024-28193.md @@ -14,4 +14,5 @@ your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpot #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/grapitycreation/NoSQL_Injection_Project diff --git a/2024/CVE-2024-28213.md b/2024/CVE-2024-28213.md index fe3bbfec1c..f197fb6290 100644 --- a/2024/CVE-2024-28213.md +++ b/2024/CVE-2024-28213.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/0x1x02/CVE-2024-28213 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/p-/p- diff --git a/2024/CVE-2024-28219.md b/2024/CVE-2024-28219.md index 5a4532de49..6ed370135b 100644 --- a/2024/CVE-2024-28219.md +++ b/2024/CVE-2024-28219.md @@ -13,6 +13,7 @@ In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcp No PoCs from references. #### Github +- https://github.com/daniellakn/prvs - https://github.com/egilewski/29381 - https://github.com/egilewski/29381-1 diff --git a/2024/CVE-2024-28224.md b/2024/CVE-2024-28224.md index 853803c2c6..8612959c3e 100644 --- a/2024/CVE-2024-28224.md +++ b/2024/CVE-2024-28224.md @@ -13,5 +13,5 @@ Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently al - https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/ #### Github -No PoCs found on GitHub currently. +- https://github.com/wowtalon/LLM-Security diff --git a/2024/CVE-2024-28253.md b/2024/CVE-2024-28253.md index 963ae0b9fa..b5df426054 100644 --- a/2024/CVE-2024-28253.md +++ b/2024/CVE-2024-28253.md @@ -13,7 +13,24 @@ OpenMetadata is a unified platform for discovery, observability, and governance - https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-7vf4-x5m2-r6gr #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/NaInSec/CVE-LIST +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/tequilasunsh1ne/OpenMetadata_policies_rce - https://github.com/wjlin0/poc-doc diff --git a/2024/CVE-2024-28255.md b/2024/CVE-2024-28255.md index f7ca6cc1ef..4ccc98d2b0 100644 --- a/2024/CVE-2024-28255.md +++ b/2024/CVE-2024-28255.md @@ -13,12 +13,30 @@ OpenMetadata is a unified platform for discovery, observability, and governance - https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84 #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/NaInSec/CVE-LIST - https://github.com/Ostorlab/KEV +- https://github.com/WhosGa/MyWiki - https://github.com/XRSec/AWVS-Update - https://github.com/YongYe-Security/CVE-2024-28255 +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/jakabakos/OpenMetadata-Auth-bypass +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/opendr-io/causality - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-28326.md b/2024/CVE-2024-28326.md index 988a211cd0..a7bc0086e1 100644 --- a/2024/CVE-2024-28326.md +++ b/2024/CVE-2024-28326.md @@ -5,7 +5,7 @@ ### Description -Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface. +Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. ### POC diff --git a/2024/CVE-2024-28397.md b/2024/CVE-2024-28397.md index e2de7364e3..d600f3280c 100644 --- a/2024/CVE-2024-28397.md +++ b/2024/CVE-2024-28397.md @@ -13,7 +13,22 @@ An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows a - https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape #### Github +- https://github.com/0xDTC/js2py-Sandbox-Escape-CVE-2024-28397-RCE +- https://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape +- https://github.com/ExtremeUday/Remote-Code-Execution-CVE-2024-28397-pyload-ng-js2py- +- https://github.com/Leilamag/CodeTwoRCEExploit - https://github.com/Marven11/CVE-2024-28397 - https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape +- https://github.com/Marven11/CVE-2024-39205-Pyload-RCE +- https://github.com/Marven11/Marven11 +- https://github.com/Naved124/CVE-2024-28397-js2py-Sandbox-Escape +- https://github.com/harutomo-jp/CVE-2024-28397-RCE +- https://github.com/kyl0-ST12/CVE_2024_28397---js2py-RCE +- https://github.com/naclapor/CVE-2024-28397 +- https://github.com/nelissandro/CVE-2024-28397-Js2Py-RCE - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/releaseown/exploit-js2py +- https://github.com/vitaciminIPI/CVE-2024-28397-RCE +- https://github.com/waleed-hassan569/CVE-2024-28397-command-execution-poc +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-28401.md b/2024/CVE-2024-28401.md index d4526f1b7e..044b030273 100644 --- a/2024/CVE-2024-28401.md +++ b/2024/CVE-2024-28401.md @@ -13,6 +13,7 @@ TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripti No PoCs from references. #### Github +- https://github.com/4hsienyang/CVE-vulns - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28402.md b/2024/CVE-2024-28402.md index beb3b4f7e9..db24bee71a 100644 --- a/2024/CVE-2024-28402.md +++ b/2024/CVE-2024-28402.md @@ -13,5 +13,6 @@ TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site script No PoCs from references. #### Github +- https://github.com/4hsienyang/CVE-vulns - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-28403.md b/2024/CVE-2024-28403.md index 7364f4a4bd..bca08144de 100644 --- a/2024/CVE-2024-28403.md +++ b/2024/CVE-2024-28403.md @@ -13,6 +13,7 @@ TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripti No PoCs from references. #### Github +- https://github.com/4hsienyang/CVE-vulns - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28404.md b/2024/CVE-2024-28404.md index 070a943094..cdcb4ff655 100644 --- a/2024/CVE-2024-28404.md +++ b/2024/CVE-2024-28404.md @@ -13,6 +13,7 @@ TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site script No PoCs from references. #### Github +- https://github.com/4hsienyang/CVE-vulns - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28418.md b/2024/CVE-2024-28418.md index 7f9b02fb12..e371a33254 100644 --- a/2024/CVE-2024-28418.md +++ b/2024/CVE-2024-28418.md @@ -10,7 +10,7 @@ Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.ph ### POC #### Reference -No PoCs from references. +- https://gitee.com/shavchen214/pwn/issues/I94VI3 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28442.md b/2024/CVE-2024-28442.md index a3cf9367e4..99e25bc89c 100644 --- a/2024/CVE-2024-28442.md +++ b/2024/CVE-2024-28442.md @@ -10,8 +10,9 @@ Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physica ### POC #### Reference +- https://medium.com/%40deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227 - https://medium.com/@deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227 #### Github -No PoCs found on GitHub currently. +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-2850.md b/2024/CVE-2024-2850.md index c5cfa8e676..c6a05d3dba 100644 --- a/2024/CVE-2024-2850.md +++ b/2024/CVE-2024-2850.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2851.md b/2024/CVE-2024-2851.md index fb73a3a093..803b5f043c 100644 --- a/2024/CVE-2024-2851.md +++ b/2024/CVE-2024-2851.md @@ -16,4 +16,5 @@ A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28519.md b/2024/CVE-2024-28519.md index 23b4b3d8df..883a21ef49 100644 --- a/2024/CVE-2024-28519.md +++ b/2024/CVE-2024-28519.md @@ -10,7 +10,7 @@ A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologi ### POC #### Reference -No PoCs from references. +- https://www.escanav.com/en/index.asp #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2853.md b/2024/CVE-2024-2853.md index 943f709b64..70756b64a2 100644 --- a/2024/CVE-2024-2853.md +++ b/2024/CVE-2024-2853.md @@ -16,5 +16,6 @@ A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been ra - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-28535.md b/2024/CVE-2024-28535.md index 62820b2894..b26396e976 100644 --- a/2024/CVE-2024-28535.md +++ b/2024/CVE-2024-28535.md @@ -15,4 +15,5 @@ Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface p #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28537.md b/2024/CVE-2024-28537.md index 5ee9955a49..d379dd054d 100644 --- a/2024/CVE-2024-28537.md +++ b/2024/CVE-2024-28537.md @@ -16,4 +16,5 @@ Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2854.md b/2024/CVE-2024-2854.md index 57ccd989f0..722ba695aa 100644 --- a/2024/CVE-2024-2854.md +++ b/2024/CVE-2024-2854.md @@ -16,5 +16,6 @@ A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-28545.md b/2024/CVE-2024-28545.md index 87403eb20b..3bb1d4d769 100644 --- a/2024/CVE-2024-28545.md +++ b/2024/CVE-2024-28545.md @@ -14,4 +14,5 @@ Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the devic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28547.md b/2024/CVE-2024-28547.md index 848f7c0f92..3518cc675a 100644 --- a/2024/CVE-2024-28547.md +++ b/2024/CVE-2024-28547.md @@ -16,5 +16,6 @@ Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn par - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-2855.md b/2024/CVE-2024-2855.md index 90370db58f..9ba9bfdeb1 100644 --- a/2024/CVE-2024-2855.md +++ b/2024/CVE-2024-2855.md @@ -16,4 +16,5 @@ A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03 - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28550.md b/2024/CVE-2024-28550.md index 438976d7ff..68fa9a2dd7 100644 --- a/2024/CVE-2024-28550.md +++ b/2024/CVE-2024-28550.md @@ -16,4 +16,5 @@ Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath param - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28551.md b/2024/CVE-2024-28551.md index a18636b395..d8fdf934cc 100644 --- a/2024/CVE-2024-28551.md +++ b/2024/CVE-2024-28551.md @@ -14,4 +14,5 @@ Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28553.md b/2024/CVE-2024-28553.md index e6f4e785ea..5ba535ba97 100644 --- a/2024/CVE-2024-28553.md +++ b/2024/CVE-2024-28553.md @@ -15,4 +15,5 @@ Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys paramet #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2856.md b/2024/CVE-2024-2856.md index e09bb30070..1c927c5899 100644 --- a/2024/CVE-2024-2856.md +++ b/2024/CVE-2024-2856.md @@ -15,8 +15,10 @@ A vulnerability, which was classified as critical, has been found in Tenda AC10 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/NaInSec/CVE-LIST +- https://github.com/Schnaidr/CVE-2019-9641-php-RCE - https://github.com/Schnaidr/CVE-2024-2856-Stack-overflow-EXP - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-28623.md b/2024/CVE-2024-28623.md index 9498c1ddae..d1309b723c 100644 --- a/2024/CVE-2024-28623.md +++ b/2024/CVE-2024-28623.md @@ -14,4 +14,5 @@ RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerabil #### Github - https://github.com/GURJOTEXPERT/ritecms +- https://github.com/Tirthikas/XSSplore diff --git a/2024/CVE-2024-28677.md b/2024/CVE-2024-28677.md index 9b624d3058..a6680f6508 100644 --- a/2024/CVE-2024-28677.md +++ b/2024/CVE-2024-28677.md @@ -13,5 +13,6 @@ DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulne - https://github.com/777erp/cms/blob/main/14.md #### Github +- https://github.com/RedDrip7/qax-ti-mcp - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2869.md b/2024/CVE-2024-2869.md new file mode 100644 index 0000000000..abd5694d7a --- /dev/null +++ b/2024/CVE-2024-2869.md @@ -0,0 +1,17 @@ +### [CVE-2024-2869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2869) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Property%20Listings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4093c12e-f62b-4357-8893-649cd2aaeace/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28726.md b/2024/CVE-2024-28726.md new file mode 100644 index 0000000000..62d4281a6e --- /dev/null +++ b/2024/CVE-2024-28726.md @@ -0,0 +1,17 @@ +### [CVE-2024-28726](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28726) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Mrnmap/mrnmap-cve + diff --git a/2024/CVE-2024-28728.md b/2024/CVE-2024-28728.md new file mode 100644 index 0000000000..e85aeb4825 --- /dev/null +++ b/2024/CVE-2024-28728.md @@ -0,0 +1,17 @@ +### [CVE-2024-28728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28728) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Mrnmap/mrnmap-cve + diff --git a/2024/CVE-2024-28729.md b/2024/CVE-2024-28729.md new file mode 100644 index 0000000000..937e2311ad --- /dev/null +++ b/2024/CVE-2024-28729.md @@ -0,0 +1,17 @@ +### [CVE-2024-28729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28729) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Mrnmap/mrnmap-cve + diff --git a/2024/CVE-2024-28730.md b/2024/CVE-2024-28730.md new file mode 100644 index 0000000000..41367bcfac --- /dev/null +++ b/2024/CVE-2024-28730.md @@ -0,0 +1,17 @@ +### [CVE-2024-28730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28730) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Mrnmap/mrnmap-cve + diff --git a/2024/CVE-2024-28731.md b/2024/CVE-2024-28731.md new file mode 100644 index 0000000000..6bfe1521b5 --- /dev/null +++ b/2024/CVE-2024-28731.md @@ -0,0 +1,17 @@ +### [CVE-2024-28731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28731) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Mrnmap/mrnmap-cve + diff --git a/2024/CVE-2024-28752.md b/2024/CVE-2024-28752.md index 55e0b2389b..e77cdc0d83 100644 --- a/2024/CVE-2024-28752.md +++ b/2024/CVE-2024-28752.md @@ -13,6 +13,13 @@ A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF befor No PoCs from references. #### Github +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/ReaJason/CVE-2024-28752 +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/Wala-Alnozmai/SVD-Benchmark +- https://github.com/oananbeh/LLM-Java-SVR-Benchmark +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/tanjiti/sec_profile - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-28756.md b/2024/CVE-2024-28756.md index 6fabf1cbc2..4329c0c592 100644 --- a/2024/CVE-2024-28756.md +++ b/2024/CVE-2024-28756.md @@ -14,4 +14,5 @@ The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificat #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/sonalvijit/cve diff --git a/2024/CVE-2024-28757.md b/2024/CVE-2024-28757.md index 991c625582..83fbff86a3 100644 --- a/2024/CVE-2024-28757.md +++ b/2024/CVE-2024-28757.md @@ -13,12 +13,14 @@ libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isola No PoCs from references. #### Github +- https://github.com/CKA-codespace/cg-compare - https://github.com/GrigGM/05-virt-04-docker-hw - https://github.com/NaInSec/CVE-LIST - https://github.com/RenukaSelvar/expat_CVE-2024-28757 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fokypoky/places-list - https://github.com/krnidhi/expat_2.1.1_CVE-2024-28757 +- https://github.com/mmbazm/secure_license_server - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/saurabh2088/expat_2_1_0_CVE-2024-28757 - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-2876.md b/2024/CVE-2024-2876.md index dfec5a3019..489c705dce 100644 --- a/2024/CVE-2024-2876.md +++ b/2024/CVE-2024-2876.md @@ -13,6 +13,18 @@ The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Autom No PoCs from references. #### Github +- https://github.com/0xAgun/CVE-2024-2876 +- https://github.com/Quantum-Hacker/CVE-2024-2876 +- https://github.com/R4m24n/wp - https://github.com/c0d3zilla/CVE-2024-2876 +- https://github.com/gh-ost00/SQL_Injection +- https://github.com/issamjr/CVE-2024-2876 +- https://github.com/janz420/WP-SQLi +- https://github.com/jeymo092/-SQL_Injection_Wordpress +- https://github.com/khushi8080/wp-SQL_Injection +- https://github.com/l0928h/kate +- https://github.com/lcsouzamenezes/SQL-Injection-in-WordPress-Plugin - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zxcod3/CVE-2024-2876 diff --git a/2024/CVE-2024-28762.md b/2024/CVE-2024-28762.md new file mode 100644 index 0000000000..c520843c56 --- /dev/null +++ b/2024/CVE-2024-28762.md @@ -0,0 +1,17 @@ +### [CVE-2024-28762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28762) +![](https://img.shields.io/static/v1?label=Product&message=Db2%20for%20Linux%2C%20UNIX%20and%20Windows&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.5%2C%2011.1%2C%2011.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Professor6T9/WordPressAutoExploiter + diff --git a/2024/CVE-2024-28784.md b/2024/CVE-2024-28784.md new file mode 100644 index 0000000000..67ffca4d85 --- /dev/null +++ b/2024/CVE-2024-28784.md @@ -0,0 +1,18 @@ +### [CVE-2024-28784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28784) +![](https://img.shields.io/static/v1?label=Product&message=QRadar%20SIEM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CainSoulless/CVE-2024-28784 +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-2879.md b/2024/CVE-2024-2879.md index 3550555b20..b9ce3f621c 100644 --- a/2024/CVE-2024-2879.md +++ b/2024/CVE-2024-2879.md @@ -13,12 +13,31 @@ The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_g No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/DionSalvador/WPSC - https://github.com/JohnNetSouldRU/CVE-2024-2879-POC +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/MataKucing-OFC/NemesisTools - https://github.com/Ostorlab/KEV - https://github.com/RansomGroupCVE/CVE-2024-22328-POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/herculeszxc/CVE-2024-2879 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-2883.md b/2024/CVE-2024-2883.md index 3b4d70d6da..f3ddf191fc 100644 --- a/2024/CVE-2024-2883.md +++ b/2024/CVE-2024-2883.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-28834.md b/2024/CVE-2024-28834.md index 03a7885eee..9e5d4e8b4e 100644 --- a/2024/CVE-2024-28834.md +++ b/2024/CVE-2024-28834.md @@ -7,7 +7,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20a%20Broken%20or%20Risky%20Cryptographic%20Algorithm&color=brighgreen) ### Description diff --git a/2024/CVE-2024-28848.md b/2024/CVE-2024-28848.md index acd29162c2..25033164ef 100644 --- a/2024/CVE-2024-28848.md +++ b/2024/CVE-2024-28848.md @@ -13,7 +13,24 @@ OpenMetadata is a unified platform for discovery, observability, and governance - https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/NaInSec/CVE-LIST +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/tequilasunsh1ne/OpenMetadata_policies_spel - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-28851.md b/2024/CVE-2024-28851.md index 672cf9be1e..d3868121a1 100644 --- a/2024/CVE-2024-28851.md +++ b/2024/CVE-2024-28851.md @@ -13,5 +13,6 @@ The Snowflake Hive metastore connector provides an easy way to query Hive-manage No PoCs from references. #### Github +- https://github.com/0x0806/JWT-Security-Assessment - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-28863.md b/2024/CVE-2024-28863.md index 5591fe7028..45d8994f7b 100644 --- a/2024/CVE-2024-28863.md +++ b/2024/CVE-2024-28863.md @@ -15,5 +15,8 @@ node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on t #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/cfvalenzuela-vidal/safenotes - https://github.com/efrei-ADDA84/20200689 +- https://github.com/lucasarasa/exec-docker-abr-2025 +- https://github.com/vbelouso/morpheus-gsheet-parser diff --git a/2024/CVE-2024-2887.md b/2024/CVE-2024-2887.md index 4d854e3307..c8990ce401 100644 --- a/2024/CVE-2024-2887.md +++ b/2024/CVE-2024-2887.md @@ -13,8 +13,19 @@ Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a No PoCs from references. #### Github +- https://github.com/AabyssZG/Chrome-RCE-Poc +- https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-POC - https://github.com/TrojanAZhen/Self_Back - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/jjyuorg/reproduce-cve-2024-2887 +- https://github.com/mwlik/v8-resources - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/rycbar77/CVE-2024-2887 - https://github.com/rycbar77/V8Exploits +- https://github.com/sicongking/ceshi +- https://github.com/sploitem/v8pwn +- https://github.com/wh1ant/vulnjs +- https://github.com/worthdoingbadly/chrome-118-tools +- https://github.com/xv0nfers/V8-sbx-bypass-collection diff --git a/2024/CVE-2024-28885.md b/2024/CVE-2024-28885.md new file mode 100644 index 0000000000..f4ab60bf63 --- /dev/null +++ b/2024/CVE-2024-28885.md @@ -0,0 +1,18 @@ +### [CVE-2024-28885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28885) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20QAT%20Engine%20for%20OpenSSL%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%20v1.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20discrepancy&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=information%20disclosure&color=brighgreen) + +### Description + +Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2024/CVE-2024-28888.md b/2024/CVE-2024-28888.md new file mode 100644 index 0000000000..b045128cdd --- /dev/null +++ b/2024/CVE-2024-28888.md @@ -0,0 +1,17 @@ +### [CVE-2024-28888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28888) +![](https://img.shields.io/static/v1?label=Product&message=Foxit%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202024.1.0.23997%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1967 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28894.md b/2024/CVE-2024-28894.md new file mode 100644 index 0000000000..779e1d7a5c --- /dev/null +++ b/2024/CVE-2024-28894.md @@ -0,0 +1,20 @@ +### [CVE-2024-28894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28894) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6%20SNMPv2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6%20SNMPv3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Ver.1.51%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Ver.2.30%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20read&color=brighgreen) + +### Description + +Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. + +### POC + +#### Reference +- https://www.cente.jp/obstacle/4960/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-2891.md b/2024/CVE-2024-2891.md index 25d2931bec..304dc09dba 100644 --- a/2024/CVE-2024-2891.md +++ b/2024/CVE-2024-2891.md @@ -15,5 +15,6 @@ A vulnerability, which was classified as critical, was found in Tenda AC7 15.03. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-28953.md b/2024/CVE-2024-28953.md new file mode 100644 index 0000000000..75f7f08247 --- /dev/null +++ b/2024/CVE-2024-28953.md @@ -0,0 +1,18 @@ +### [CVE-2024-28953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28953) +![](https://img.shields.io/static/v1?label=Product&message=EMON%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%2011.44%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20search%20path&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mohammedamin01/mohammedamin01 + diff --git a/2024/CVE-2024-28955.md b/2024/CVE-2024-28955.md new file mode 100644 index 0000000000..99ed9f8eb3 --- /dev/null +++ b/2024/CVE-2024-28955.md @@ -0,0 +1,18 @@ +### [CVE-2024-28955](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28955) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20permission%20assignment%20for%20critical%20resource&color=brighgreen) + +### Description + +Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +- https://github.com/Stuub/CVE-2024-28995 + diff --git a/2024/CVE-2024-28957.md b/2024/CVE-2024-28957.md new file mode 100644 index 0000000000..c18f2089b7 --- /dev/null +++ b/2024/CVE-2024-28957.md @@ -0,0 +1,25 @@ +### [CVE-2024-28957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28957) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6%20SNMPv2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6%20SNMPv3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20IPv6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20TCP%2FIPv4%20SNMPv2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20TCP%2FIPv4%20SNMPv3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Cente%20TCP%2FIPv4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Ver.1.41%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Ver.1.51%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Ver.2.30%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Generation%20of%20Predictable%20Numbers%20or%20Identifiers&color=brighgreen) + +### Description + +Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device. + +### POC + +#### Reference +- https://www.cente.jp/obstacle/4956/ +- https://www.cente.jp/obstacle/4963/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28981.md b/2024/CVE-2024-28981.md new file mode 100644 index 0000000000..2804a3daf5 --- /dev/null +++ b/2024/CVE-2024-28981.md @@ -0,0 +1,17 @@ +### [CVE-2024-28981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28981) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Data%20Integration%20%26%20Analytics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen) + +### Description + +Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/27569056997261--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-1-0-0-including-9-3-x-and-8-3-x-impacted-CVE-2024-28981 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28982.md b/2024/CVE-2024-28982.md new file mode 100644 index 0000000000..4d7cb3b5c7 --- /dev/null +++ b/2024/CVE-2024-28982.md @@ -0,0 +1,17 @@ +### [CVE-2024-28982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28982) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-776%20Improper%20Restriction%20of%20Recursive%20Entity%20References%20in%20DTDs%20('XML%20Entity%20Expansion')&color=brighgreen) + +### Description + +Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/27569195609869--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Restriction-of-XML-External-Entity-Reference-versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28982 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28983.md b/2024/CVE-2024-28983.md new file mode 100644 index 0000000000..7c2c89a906 --- /dev/null +++ b/2024/CVE-2024-28983.md @@ -0,0 +1,17 @@ +### [CVE-2024-28983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28983) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/27569257123725-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28983 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28984.md b/2024/CVE-2024-28984.md new file mode 100644 index 0000000000..1ad02eb22c --- /dev/null +++ b/2024/CVE-2024-28984.md @@ -0,0 +1,17 @@ +### [CVE-2024-28984](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28984) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/27569319605901-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-Versions-before-10-1-0-0-and-9-3-0-7-including-8-3-x-Impacted-CVE-2024-28984 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28986.md b/2024/CVE-2024-28986.md index 6715f6bf5a..06f3bbedb3 100644 --- a/2024/CVE-2024-28986.md +++ b/2024/CVE-2024-28986.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h4xnz/CVE-2025-26399-Exploit +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-28987.md b/2024/CVE-2024-28987.md new file mode 100644 index 0000000000..4b2b41076c --- /dev/null +++ b/2024/CVE-2024-28987.md @@ -0,0 +1,21 @@ +### [CVE-2024-28987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28987) +![](https://img.shields.io/static/v1?label=Product&message=Web%20Help%20Desk&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen) + +### Description + +The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/alecclyde/CVE-2024-28987 +- https://github.com/gh-ost00/CVE-2024-28987-POC +- https://github.com/horizon3ai/CVE-2024-28987 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-2899.md b/2024/CVE-2024-2899.md index 2cc75aeb2c..dc70720519 100644 --- a/2024/CVE-2024-2899.md +++ b/2024/CVE-2024-2899.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, has been found in Tenda AC7 1 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-28995.md b/2024/CVE-2024-28995.md index 90724a4327..07925d2b34 100644 --- a/2024/CVE-2024-28995.md +++ b/2024/CVE-2024-28995.md @@ -13,14 +13,45 @@ SolarWinds Serv-U was susceptible to a directory transversal vulnerability that No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xc4t/CVE-2024-28995 +- https://github.com/12442RF/POC +- https://github.com/AmengDream/amengtools +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV +- https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U +- https://github.com/R4Tw1z/DirTr0n +- https://github.com/Stuub/CVE-2024-28995 +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/bigb0x/CVE-2024-28995 +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/demoAlitalia/CVE-2024-28995 +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/ggfzx/CVE-2024-28995 +- https://github.com/gotr00t0day/CVE-2024-28995 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hsvhora/research_blogs +- https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template +- https://github.com/ibrahmsql/CVE-2024-28995 +- https://github.com/ibrahmsql/CyberSecurity101-Roadmap +- https://github.com/iemotion/POC - https://github.com/krypton-kry/CVE-2024-28995 +- https://github.com/laoa1573/wy876 +- https://github.com/muhammetali20/CVE-2024-28995 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/onewinner/POCS +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/security-xm/yaml-pocs - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-2900.md b/2024/CVE-2024-2900.md index 9d91e6ae1d..b71d1aaa49 100644 --- a/2024/CVE-2024-2900.md +++ b/2024/CVE-2024-2900.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, was found in Tenda AC7 15.03. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2901.md b/2024/CVE-2024-2901.md index 083dffa55f..9e582b9ba5 100644 --- a/2024/CVE-2024-2901.md +++ b/2024/CVE-2024-2901.md @@ -14,4 +14,5 @@ A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-29014.md b/2024/CVE-2024-29014.md new file mode 100644 index 0000000000..2d3f4722a6 --- /dev/null +++ b/2024/CVE-2024-29014.md @@ -0,0 +1,17 @@ +### [CVE-2024-29014](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29014) +![](https://img.shields.io/static/v1?label=Product&message=NetExtender&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.2.339%20and%20earlier%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AmberWolfCyber/NachoVPN + diff --git a/2024/CVE-2024-2902.md b/2024/CVE-2024-2902.md index ebe2c0a039..654d6a948f 100644 --- a/2024/CVE-2024-2902.md +++ b/2024/CVE-2024-2902.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. T #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-29025.md b/2024/CVE-2024-29025.md index 17d6ba0fe3..74c6095716 100644 --- a/2024/CVE-2024-29025.md +++ b/2024/CVE-2024-29025.md @@ -14,6 +14,7 @@ Netty is an asynchronous event-driven network application framework for rapid de #### Github - https://github.com/Azure/kafka-sink-azure-kusto +- https://github.com/nikita15p/nikita15p - https://github.com/th2-net/th2-bom - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-29028.md b/2024/CVE-2024-29028.md index cfa38648af..3064acb15c 100644 --- a/2024/CVE-2024-29028.md +++ b/2024/CVE-2024-29028.md @@ -13,5 +13,5 @@ memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an S - https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos #### Github -No PoCs found on GitHub currently. +- https://github.com/ARPSyndicate/cve-scores diff --git a/2024/CVE-2024-29029.md b/2024/CVE-2024-29029.md index 3ca6f8becd..7bd4f0cfcc 100644 --- a/2024/CVE-2024-29029.md +++ b/2024/CVE-2024-29029.md @@ -14,5 +14,5 @@ memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an S - https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/ #### Github -No PoCs found on GitHub currently. +- https://github.com/ARPSyndicate/cve-scores diff --git a/2024/CVE-2024-2903.md b/2024/CVE-2024-2903.md index c56a56a26e..ab24820ef7 100644 --- a/2024/CVE-2024-2903.md +++ b/2024/CVE-2024-2903.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as cr #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-29030.md b/2024/CVE-2024-29030.md index afef9dc94a..b000d67cb1 100644 --- a/2024/CVE-2024-29030.md +++ b/2024/CVE-2024-29030.md @@ -13,5 +13,5 @@ memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an S - https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/ #### Github -No PoCs found on GitHub currently. +- https://github.com/ARPSyndicate/cve-scores diff --git a/2024/CVE-2024-29041.md b/2024/CVE-2024-29041.md index f1fa086457..1e6c6e632d 100644 --- a/2024/CVE-2024-29041.md +++ b/2024/CVE-2024-29041.md @@ -14,6 +14,12 @@ Express.js minimalist web framework for node. Versions of Express.js prior to 4. No PoCs from references. #### Github +- https://github.com/Icare741/TPTrivy +- https://github.com/VulnZap/vulnzap-vscode-extention +- https://github.com/andrewbearsley/lacework-sca-scan-example - https://github.com/dhushyanth-h-m/Audio_Transcriber +- https://github.com/felipecruz91/biznagafest24 +- https://github.com/gunh0/kr-vulhub +- https://github.com/ifunky/demo-site - https://github.com/qazipoor/React-Clothing-Shop diff --git a/2024/CVE-2024-2905.md b/2024/CVE-2024-2905.md index 4c59052416..3d6bb19c6b 100644 --- a/2024/CVE-2024-2905.md +++ b/2024/CVE-2024-2905.md @@ -1,4 +1,5 @@ ### [CVE-2024-2905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2905) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%2010&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) diff --git a/2024/CVE-2024-29050.md b/2024/CVE-2024-29050.md new file mode 100644 index 0000000000..c55ae44c74 --- /dev/null +++ b/2024/CVE-2024-29050.md @@ -0,0 +1,55 @@ +### [CVE-2024-29050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29050) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20596%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.6897%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5696%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4291%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4291%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2402%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2899%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3447%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3447%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.830%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22618%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27067%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27067%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24821%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.21924%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-197%3A%20Numeric%20Truncation%20Error&color=brighgreen) + +### Description + +Windows Cryptographic Services Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Akrachli/CVE-2024-29050 +- https://github.com/ycdxsb/WindowsPrivilegeEscalation + diff --git a/2024/CVE-2024-29059.md b/2024/CVE-2024-29059.md index 93287409fe..ad2ae5580a 100644 --- a/2024/CVE-2024-29059.md +++ b/2024/CVE-2024-29059.md @@ -31,7 +31,11 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/Ostorlab/KEV - https://github.com/codewhitesec/HttpRemotingObjRefLeak - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/levifleming522/Programmatic-Vulnerability-Remediations - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT diff --git a/2024/CVE-2024-29075.md b/2024/CVE-2024-29075.md new file mode 100644 index 0000000000..96230fdb11 --- /dev/null +++ b/2024/CVE-2024-29075.md @@ -0,0 +1,17 @@ +### [CVE-2024-29075](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29075) +![](https://img.shields.io/static/v1?label=Product&message=Mesh%20Wi-Fi%20router%20RP562B&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20firmware%20version%20v1.0.2%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Active%20debug%20code&color=brighgreen) + +### Description + +Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device . + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xNslabs/SoftBankMeshAPI + diff --git a/2024/CVE-2024-2910.md b/2024/CVE-2024-2910.md new file mode 100644 index 0000000000..e9d247fd5c --- /dev/null +++ b/2024/CVE-2024-2910.md @@ -0,0 +1,17 @@ +### [CVE-2024-2910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2910) +![](https://img.shields.io/static/v1?label=Product&message=RG-EG350&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240318%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-29102.md b/2024/CVE-2024-29102.md index a46f0add4b..ccc5e56bd0 100644 --- a/2024/CVE-2024-29102.md +++ b/2024/CVE-2024-29102.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/david-prv/vulnerable-wordpress-plugins diff --git a/2024/CVE-2024-29131.md b/2024/CVE-2024-29131.md index 6f9d0f9fcf..167f166111 100644 --- a/2024/CVE-2024-29131.md +++ b/2024/CVE-2024-29131.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/haba713/depcheck-gretty-issue diff --git a/2024/CVE-2024-29133.md b/2024/CVE-2024-29133.md index 9fdbfed867..aaad889798 100644 --- a/2024/CVE-2024-29133.md +++ b/2024/CVE-2024-29133.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/haba713/depcheck-gretty-issue diff --git a/2024/CVE-2024-29146.md b/2024/CVE-2024-29146.md new file mode 100644 index 0000000000..ac58ed29aa --- /dev/null +++ b/2024/CVE-2024-29146.md @@ -0,0 +1,18 @@ +### [CVE-2024-29146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29146) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cleartext%20storage%20of%20sensitive%20information&color=brighgreen) + +### Description + +User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29155.md b/2024/CVE-2024-29155.md new file mode 100644 index 0000000000..14ddb27c4b --- /dev/null +++ b/2024/CVE-2024-29155.md @@ -0,0 +1,17 @@ +### [CVE-2024-29155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29155) +![](https://img.shields.io/static/v1?label=Product&message=RN4870&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.44%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SyNSec-den/Proteus + diff --git a/2024/CVE-2024-2918.md b/2024/CVE-2024-2918.md new file mode 100644 index 0000000000..a4b66f7ece --- /dev/null +++ b/2024/CVE-2024-2918.md @@ -0,0 +1,17 @@ +### [CVE-2024-2918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2918) +![](https://img.shields.io/static/v1?label=Product&message=Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202024.1.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request. + +### POC + +#### Reference +- https://devolutions.net/security/advisories/DEVO-2024-0006 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29180.md b/2024/CVE-2024-29180.md index 8ab50f337a..a68d4d67cc 100644 --- a/2024/CVE-2024-29180.md +++ b/2024/CVE-2024-29180.md @@ -15,4 +15,5 @@ Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware developmen #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/seal-community/patches +- https://github.com/vbelouso/morpheus-gsheet-parser diff --git a/2024/CVE-2024-29197.md b/2024/CVE-2024-29197.md index 07cd2988cb..a9e2f44d12 100644 --- a/2024/CVE-2024-29197.md +++ b/2024/CVE-2024-29197.md @@ -13,6 +13,7 @@ Pimcore is an Open Source Data & Experience Management Platform. Any call with t - https://github.com/pimcore/pimcore/security/advisories/GHSA-5737-rqv4-v445 #### Github +- https://github.com/Schnaidr/CVE-2019-9641-php-RCE - https://github.com/Schnaidr/CVE-2024-2856-Stack-overflow-EXP - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/mansploit/CVE-2024-29197-exploit diff --git a/2024/CVE-2024-29201.md b/2024/CVE-2024-29201.md index 80e904fd09..3f44fe30df 100644 --- a/2024/CVE-2024-29201.md +++ b/2024/CVE-2024-29201.md @@ -13,9 +13,28 @@ JumpServer is an open source bastion host and an operation and maintenance secur No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Threekiii/Awesome-POC +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-29202.md b/2024/CVE-2024-29202.md index 2c0d97ff95..70ececbab6 100644 --- a/2024/CVE-2024-29202.md +++ b/2024/CVE-2024-29202.md @@ -13,8 +13,27 @@ JumpServer is an open source bastion host and an operation and maintenance secur No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Threekiii/Awesome-POC +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-29209.md b/2024/CVE-2024-29209.md index 442dcc7eca..5a97458659 100644 --- a/2024/CVE-2024-29209.md +++ b/2024/CVE-2024-29209.md @@ -12,7 +12,7 @@ A medium severity vulnerability has been identified in the update mechanism of t ### POC #### Reference -No PoCs from references. +- https://support.knowbe4.com/hc/en-us/articles/28959755127955-CVE-2024-29209 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-2921.md b/2024/CVE-2024-2921.md index e4ed50246b..45ad58afec 100644 --- a/2024/CVE-2024-2921.md +++ b/2024/CVE-2024-2921.md @@ -10,7 +10,7 @@ Improper access control in PAM vault permissions in Devolutions Server 2024.1.10 ### POC #### Reference -No PoCs from references. +- https://devolutions.net/security/advisories/DEVO-2024-0005 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-29210.md b/2024/CVE-2024-29210.md index 417ecf8ed2..a0dab3a514 100644 --- a/2024/CVE-2024-29210.md +++ b/2024/CVE-2024-29210.md @@ -13,7 +13,7 @@ A local privilege escalation (LPE) vulnerability has been identified in Phish Al ### POC #### Reference -No PoCs from references. +- https://support.knowbe4.com/hc/en-us/articles/28959854203923-CVE-2024-29210 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-29241.md b/2024/CVE-2024-29241.md index d0934c3107..bc5ea4903b 100644 --- a/2024/CVE-2024-29241.md +++ b/2024/CVE-2024-29241.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/LOURC0D3/ENVY-gitbook - https://github.com/LOURC0D3/LOURC0D3 +- https://github.com/gaetangr/synaudit diff --git a/2024/CVE-2024-29269.md b/2024/CVE-2024-29269.md index 169de6a61d..d573f51ce3 100644 --- a/2024/CVE-2024-29269.md +++ b/2024/CVE-2024-29269.md @@ -13,11 +13,34 @@ An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers t No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC - https://github.com/Chocapikk/CVE-2024-29269 +- https://github.com/DMW11525708/wiki - https://github.com/Jhonsonwannaa/CVE-2024-29269 +- https://github.com/K3ysTr0K3R/CVE-2024-29269-EXPLOIT +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV +- https://github.com/Quantum-Hacker/CVE-2024-29269 +- https://github.com/WhosGa/MyWiki - https://github.com/YongYe-Security/CVE-2024-29269 +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/dream434/CVE-2024-29269 +- https://github.com/dream434/dream434 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hack-with-rohit/CVE-2024-29269-RCE +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wutalent/CVE-2024-29269 diff --git a/2024/CVE-2024-2928.md b/2024/CVE-2024-2928.md new file mode 100644 index 0000000000..0cafb14ddc --- /dev/null +++ b/2024/CVE-2024-2928.md @@ -0,0 +1,19 @@ +### [CVE-2024-2928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2928) +![](https://img.shields.io/static/v1?label=Product&message=mlflow%2Fmlflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.11.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-29%20Path%20Traversal%3A%20'%5C..%5Cfilename'&color=brighgreen) + +### Description + +A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EssenceCyber/Exploit-List +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/nuridincersaygili/CVE-2024-2928 + diff --git a/2024/CVE-2024-29291.md b/2024/CVE-2024-29291.md index f11ddf367d..c8a2046ec5 100644 --- a/2024/CVE-2024-29291.md +++ b/2024/CVE-2024-29291.md @@ -13,5 +13,6 @@ - https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784 #### Github +- https://github.com/codebyebrahim/laravel-vuln-checker - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-29292.md b/2024/CVE-2024-29292.md new file mode 100644 index 0000000000..d943030d81 --- /dev/null +++ b/2024/CVE-2024-29292.md @@ -0,0 +1,17 @@ +### [CVE-2024-29292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29292) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. + +### POC + +#### Reference +- https://gist.github.com/QuartzDust/debfd7ddf934a9f5609d7f1a8cd71154 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-2935.md b/2024/CVE-2024-2935.md index 6402b3ed48..7145d7c3cc 100644 --- a/2024/CVE-2024-2935.md +++ b/2024/CVE-2024-2935.md @@ -5,7 +5,7 @@ ### Description -A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258014 is the identifier assigned to this vulnerability. +A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. ### POC diff --git a/2024/CVE-2024-29376.md b/2024/CVE-2024-29376.md new file mode 100644 index 0000000000..72a2f28f01 --- /dev/null +++ b/2024/CVE-2024-29376.md @@ -0,0 +1,17 @@ +### [CVE-2024-29376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29376) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase + diff --git a/2024/CVE-2024-29404.md b/2024/CVE-2024-29404.md new file mode 100644 index 0000000000..5131ba8e7d --- /dev/null +++ b/2024/CVE-2024-29404.md @@ -0,0 +1,17 @@ +### [CVE-2024-29404](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29404) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. + +### POC + +#### Reference +- https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks + +#### Github +- https://github.com/mansk1es/CVE-2024-29404_Razer + diff --git a/2024/CVE-2024-29409.md b/2024/CVE-2024-29409.md new file mode 100644 index 0000000000..943d879e13 --- /dev/null +++ b/2024/CVE-2024-29409.md @@ -0,0 +1,17 @@ +### [CVE-2024-29409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29409) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. + +### POC + +#### Reference +- https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-29415.md b/2024/CVE-2024-29415.md index 331832107f..39ed54398d 100644 --- a/2024/CVE-2024-29415.md +++ b/2024/CVE-2024-29415.md @@ -13,7 +13,12 @@ The ip package through 2.0.1 for Node.js might allow SSRF because some IP addres - https://github.com/indutny/node-ip/issues/150 #### Github +- https://github.com/Dgporte/ExerciciosDockerPB2025 +- https://github.com/Sharpforce/cybersecurity +- https://github.com/felipecruz91/node-ip-vex - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/lucasarasa/exec-docker-abr-2025 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/webpod/ip diff --git a/2024/CVE-2024-29419.md b/2024/CVE-2024-29419.md index b5b699455d..7b4d1775d7 100644 --- a/2024/CVE-2024-29419.md +++ b/2024/CVE-2024-29419.md @@ -13,6 +13,7 @@ There is a Cross-site scripting (XSS) vulnerability in the Wireless settings und No PoCs from references. #### Github +- https://github.com/4hsienyang/CVE-vulns - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-29506.md b/2024/CVE-2024-29506.md index 76b92be9e8..17e4a113c5 100644 --- a/2024/CVE-2024-29506.md +++ b/2024/CVE-2024-29506.md @@ -10,6 +10,7 @@ Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi ### POC #### Reference +- https://bugs.ghostscript.com/show_bug.cgi?id=707510 - https://www.openwall.com/lists/oss-security/2024/07/03/7 #### Github diff --git a/2024/CVE-2024-29507.md b/2024/CVE-2024-29507.md index 7ce0d35b00..aa1cc92ec8 100644 --- a/2024/CVE-2024-29507.md +++ b/2024/CVE-2024-29507.md @@ -10,6 +10,7 @@ Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow v ### POC #### Reference +- https://bugs.ghostscript.com/show_bug.cgi?id=707510 - https://www.openwall.com/lists/oss-security/2024/07/03/7 #### Github diff --git a/2024/CVE-2024-29508.md b/2024/CVE-2024-29508.md index 0137504aba..4337587735 100644 --- a/2024/CVE-2024-29508.md +++ b/2024/CVE-2024-29508.md @@ -10,6 +10,7 @@ Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observab ### POC #### Reference +- https://bugs.ghostscript.com/show_bug.cgi?id=707510 - https://www.openwall.com/lists/oss-security/2024/07/03/7 #### Github diff --git a/2024/CVE-2024-29509.md b/2024/CVE-2024-29509.md index 710374258b..7591aace12 100644 --- a/2024/CVE-2024-29509.md +++ b/2024/CVE-2024-29509.md @@ -10,6 +10,7 @@ Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e ### POC #### Reference +- https://bugs.ghostscript.com/show_bug.cgi?id=707510 - https://www.openwall.com/lists/oss-security/2024/07/03/7 #### Github diff --git a/2024/CVE-2024-29510.md b/2024/CVE-2024-29510.md index 4051faa425..25be5a8c73 100644 --- a/2024/CVE-2024-29510.md +++ b/2024/CVE-2024-29510.md @@ -14,4 +14,6 @@ Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox b #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/swsmith2391/CVE-2024-29510 +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-29511.md b/2024/CVE-2024-29511.md index fabfd1a5b7..25d8846f46 100644 --- a/2024/CVE-2024-29511.md +++ b/2024/CVE-2024-29511.md @@ -10,6 +10,7 @@ Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a direct ### POC #### Reference +- https://bugs.ghostscript.com/show_bug.cgi?id=707510 - https://www.openwall.com/lists/oss-security/2024/07/03/7 #### Github diff --git a/2024/CVE-2024-2961.md b/2024/CVE-2024-2961.md index 2c60774044..56bfe74f8f 100644 --- a/2024/CVE-2024-2961.md +++ b/2024/CVE-2024-2961.md @@ -13,24 +13,45 @@ The iconv() function in the GNU C Library versions 2.39 and older may overflow t No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/4wayhandshake/CVE-2024-2961 +- https://github.com/BTtea/BTteaLFI - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/Threekiii/Awesome-POC +- https://github.com/XiaomingX/awesome-poc-for-red-team - https://github.com/ZonghaoLi777/githubTrending - https://github.com/absolutedesignltd/iconvfix - https://github.com/ambionics/cnext-exploits - https://github.com/aneasystone/github-trending +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/bollwarm/SecToolSet - https://github.com/exfil0/test_iconv +- https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento - https://github.com/johe123qwe/github-trending - https://github.com/kjdfklha/CVE-2024-2961_poc +- https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read - https://github.com/mattaperkins/FIX-CVE-2024-2961 +- https://github.com/mesudmammad1/CVE-2023-26326_Buddyform_exploit - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/omarelshopky/exploit_cve-2023-26326_using_cve-2024-2961 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/regantemudo/PHP-file-read-to-RCE-CVE-2024-2961- - https://github.com/rvizx/CVE-2024-2961 - https://github.com/sampsonv/github-trending +- https://github.com/scriptSails/glibcs +- https://github.com/smartcow99/docker-security-check-using-trivy +- https://github.com/suce0155/CVE-2024-2961_buddyforms_2.7.7 - https://github.com/tanjiti/sec_profile - https://github.com/tarlepp/links-of-the-week - https://github.com/testing-felickz/docker-scout-demo - https://github.com/tnishiox/cve-2024-2961 +- https://github.com/tylzars/awesome-vrre-writeups - https://github.com/wjlin0/wjlin0 +- https://github.com/wubinworks/magento2-cosmic-sting-patch +- https://github.com/wubinworks/magento2-enhanced-xml-security +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoxiaoha/github-trending +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-29643.md b/2024/CVE-2024-29643.md new file mode 100644 index 0000000000..58d2cd24f1 --- /dev/null +++ b/2024/CVE-2024-29643.md @@ -0,0 +1,17 @@ +### [CVE-2024-29643](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29643) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component. + +### POC + +#### Reference +- https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574 + +#### Github +- https://github.com/Christbowel/christbowel + diff --git a/2024/CVE-2024-29671.md b/2024/CVE-2024-29671.md new file mode 100644 index 0000000000..2ee43283a3 --- /dev/null +++ b/2024/CVE-2024-29671.md @@ -0,0 +1,18 @@ +### [CVE-2024-29671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29671) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. + +### POC + +#### Reference +- https://gist.github.com/laskdjlaskdj12/4afc8b5d75640bd28eaf32de3ceda48a +- https://github.com/laskdjlaskdj12/CVE-2024-29671-POC + +#### Github +- https://github.com/laskdjlaskdj12/CVE-2024-29671-POC + diff --git a/2024/CVE-2024-2980.md b/2024/CVE-2024-2980.md index c4e467bd96..34e355145a 100644 --- a/2024/CVE-2024-2980.md +++ b/2024/CVE-2024-2980.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, has been found in Tenda FH120 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2981.md b/2024/CVE-2024-2981.md index 900671e4c8..2a0bda6451 100644 --- a/2024/CVE-2024-2981.md +++ b/2024/CVE-2024-2981.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2982.md b/2024/CVE-2024-2982.md index 1dad9a45d5..c2dfbb762c 100644 --- a/2024/CVE-2024-2982.md +++ b/2024/CVE-2024-2982.md @@ -16,4 +16,5 @@ A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as c #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-29824.md b/2024/CVE-2024-29824.md index ba16ccd5f9..01dfa08b31 100644 --- a/2024/CVE-2024-29824.md +++ b/2024/CVE-2024-29824.md @@ -13,10 +13,39 @@ An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV +- https://github.com/POC-2025/nuclei +- https://github.com/R4be1/CVE-2024-29824 +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/binana354/nuclei +- https://github.com/byt3n33dl3/thc-Nuclei +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/dashmeet2023/Automated-Vulnerability-Checker +- https://github.com/dev-thefirewall/nuclei-test +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/horizon3ai/CVE-2024-29824 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/mitigatesh/nuclei +- https://github.com/niphon-sn/Vulnerability-Scanning-Tools - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/projectdiscovery/nuclei +- https://github.com/runZeroInc/nuclei +- https://github.com/snakesec/nuclei +- https://github.com/test-org-appsec/nuclei +- https://github.com/testuser4040-coder/nuclei - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-2983.md b/2024/CVE-2024-2983.md index 60f08d6442..54c97cfe25 100644 --- a/2024/CVE-2024-2983.md +++ b/2024/CVE-2024-2983.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-2984.md b/2024/CVE-2024-2984.md index 7d903d6dd3..e9793ba77f 100644 --- a/2024/CVE-2024-2984.md +++ b/2024/CVE-2024-2984.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-29844.md b/2024/CVE-2024-29844.md index cfa7630715..e2529ed4ff 100644 --- a/2024/CVE-2024-29844.md +++ b/2024/CVE-2024-29844.md @@ -5,7 +5,7 @@ ### Description -Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. +Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. ### POC diff --git a/2024/CVE-2024-29847.md b/2024/CVE-2024-29847.md new file mode 100644 index 0000000000..bfe431a4b3 --- /dev/null +++ b/2024/CVE-2024-29847.md @@ -0,0 +1,19 @@ +### [CVE-2024-29847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29847) +![](https://img.shields.io/static/v1?label=Product&message=EPM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2024%20September%20Security%20Update%3C%202024%20September%20Security%20Update%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Threekiii/CVE +- https://github.com/sinsinology/CVE-2024-29847 +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-2985.md b/2024/CVE-2024-2985.md index 596a9b9d64..bde96f9c00 100644 --- a/2024/CVE-2024-2985.md +++ b/2024/CVE-2024-2985.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-29857.md b/2024/CVE-2024-29857.md index 82174f4c99..760f4cfb44 100644 --- a/2024/CVE-2024-29857.md +++ b/2024/CVE-2024-29857.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/cdupuis/aspnetapp +- https://github.com/haba713/depcheck-gretty-issue +- https://github.com/wskvfhprrk/FOMO-pay - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-29863.md b/2024/CVE-2024-29863.md index 68b2bd25d2..202fc443e5 100644 --- a/2024/CVE-2024-29863.md +++ b/2024/CVE-2024-29863.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pawlokk/qlikview-poc-CVE-2024-29863 +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-29865.md b/2024/CVE-2024-29865.md index ad064ca97c..e934fc6bce 100644 --- a/2024/CVE-2024-29865.md +++ b/2024/CVE-2024-29865.md @@ -10,7 +10,7 @@ Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the us ### POC #### Reference -No PoCs from references. +- https://servicedesk.logpoint.com/hc/en-us/articles/17710372214045-Self-XSS-on-LDAP-authentication #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-29868.md b/2024/CVE-2024-29868.md index c93ee5ab52..57427b73bf 100644 --- a/2024/CVE-2024-29868.md +++ b/2024/CVE-2024-29868.md @@ -13,5 +13,6 @@ Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerabilit No PoCs from references. #### Github +- https://github.com/DEVisions/CVE-2024-29868 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-29881.md b/2024/CVE-2024-29881.md index 00723adda9..20a5c740c9 100644 --- a/2024/CVE-2024-29881.md +++ b/2024/CVE-2024-29881.md @@ -13,5 +13,7 @@ TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulner No PoCs from references. #### Github +- https://github.com/amakhu/cdp - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/rectitude-open/filament-tinyeditor-6 diff --git a/2024/CVE-2024-29889.md b/2024/CVE-2024-29889.md index 14c0a223a5..76e436c58c 100644 --- a/2024/CVE-2024-29889.md +++ b/2024/CVE-2024-29889.md @@ -13,6 +13,9 @@ GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an au No PoCs from references. #### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/Orange-Cyberdefense/CVE-repository +- https://github.com/Orange-Cyberdefense/glpwnme - https://github.com/PhDLeToanThang/itil-helpdesk - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-29943.md b/2024/CVE-2024-29943.md index 303c5fa968..1f1ca69907 100644 --- a/2024/CVE-2024-29943.md +++ b/2024/CVE-2024-29943.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/bjrjk/CVE-2024-29943 - https://github.com/mgaudet/SpiderMonkeyBibliography - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-2995.md b/2024/CVE-2024-2995.md index e19bf396f3..4f49384123 100644 --- a/2024/CVE-2024-2995.md +++ b/2024/CVE-2024-2995.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t diff --git a/2024/CVE-2024-2997.md b/2024/CVE-2024-2997.md index 116f8dfb61..2093d7cb2e 100644 --- a/2024/CVE-2024-2997.md +++ b/2024/CVE-2024-2997.md @@ -15,5 +15,7 @@ No PoCs from references. #### Github - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/lfillaz/CVE-2024-2997 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-29972.md b/2024/CVE-2024-29972.md index 97ff65341f..b90ed0b6ba 100644 --- a/2024/CVE-2024-29972.md +++ b/2024/CVE-2024-29972.md @@ -15,5 +15,7 @@ - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ #### Github +- https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc +- https://github.com/WanLiChangChengWanLiChang/CVE-2024-29972 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-29973.md b/2024/CVE-2024-29973.md index 5ea7c1016c..257d73112a 100644 --- a/2024/CVE-2024-29973.md +++ b/2024/CVE-2024-29973.md @@ -15,12 +15,33 @@ - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/NanoWraith/CVE-2024-29973 - https://github.com/Ostorlab/KEV +- https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc - https://github.com/RevoltSecurities/CVE-2024-29973 +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/bigb0x/CVE-2024-29973 +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/k3lpi3b4nsh33/CVE-2024-29973 +- https://github.com/laoa1573/wy876 - https://github.com/momika233/CVE-2024-29973 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/opendr-io/causality +- https://github.com/p0et08/CVE-2024-29973 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC +- https://github.com/zxcod3/CVE-2024-29973 diff --git a/2024/CVE-2024-29974.md b/2024/CVE-2024-29974.md index 999de91f7e..a657c49973 100644 --- a/2024/CVE-2024-29974.md +++ b/2024/CVE-2024-29974.md @@ -15,5 +15,6 @@ - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ #### Github +- https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-29975.md b/2024/CVE-2024-29975.md index 0eff9319f5..cb83359cbf 100644 --- a/2024/CVE-2024-29975.md +++ b/2024/CVE-2024-29975.md @@ -15,5 +15,6 @@ - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ #### Github +- https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-29976.md b/2024/CVE-2024-29976.md index bbfb3dae6c..debbdeecde 100644 --- a/2024/CVE-2024-29976.md +++ b/2024/CVE-2024-29976.md @@ -15,5 +15,6 @@ - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ #### Github +- https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-29978.md b/2024/CVE-2024-29978.md new file mode 100644 index 0000000000..502944f383 --- /dev/null +++ b/2024/CVE-2024-29978.md @@ -0,0 +1,18 @@ +### [CVE-2024-29978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29978) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Plaintext%20storage%20of%20a%20password&color=brighgreen) + +### Description + +User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-2998.md b/2024/CVE-2024-2998.md index a70bf84ace..20a35db64e 100644 --- a/2024/CVE-2024-2998.md +++ b/2024/CVE-2024-2998.md @@ -10,7 +10,7 @@ A vulnerability was found in Bdtask Multi-Store Inventory Management System up t ### POC #### Reference -No PoCs from references. +- https://drive.google.com/file/d/1cE1gmFmPCjomWmHbBEvWCYg0dPEWkFoR/view?usp=drivesdk #### Github - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities diff --git a/2024/CVE-2024-29988.md b/2024/CVE-2024-29988.md index 4f8118afc8..af1c6e304e 100644 --- a/2024/CVE-2024-29988.md +++ b/2024/CVE-2024-29988.md @@ -32,7 +32,9 @@ No PoCs from references. #### Github - https://github.com/Sploitus/CVE-2024-29988-exploit - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gbsvb13/CyberSecurity_2024_study - https://github.com/mrobsidian1/CVE-2024-29988-MS-Exchange-RCE - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pirocorp/Reconnaissance-Fundamentals - https://github.com/toxyl/lscve diff --git a/2024/CVE-2024-29994.md b/2024/CVE-2024-29994.md new file mode 100644 index 0000000000..eef45f5167 --- /dev/null +++ b/2024/CVE-2024-29994.md @@ -0,0 +1,34 @@ +### [CVE-2024-29994](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29994) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ItsSamikshaVijay/TargetCTFWriteup + diff --git a/2024/CVE-2024-29995.md b/2024/CVE-2024-29995.md new file mode 100644 index 0000000000..959a03d6a7 --- /dev/null +++ b/2024/CVE-2024-29995.md @@ -0,0 +1,45 @@ +### [CVE-2024-29995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29995) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22825%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-208%3A%20Observable%20Timing%20Discrepancy&color=brighgreen) + +### Description + +Windows Kerberos Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MichalSha/KerberosSmartcardPaddingOracleAttack + diff --git a/2024/CVE-2024-29996.md b/2024/CVE-2024-29996.md index e6c0856466..f05b4b65cb 100644 --- a/2024/CVE-2024-29996.md +++ b/2024/CVE-2024-29996.md @@ -50,5 +50,6 @@ Windows Common Log File System Driver Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab - https://github.com/myseq/ms_patch_tuesday diff --git a/2024/CVE-2024-29997.md b/2024/CVE-2024-29997.md new file mode 100644 index 0000000000..b170c52026 --- /dev/null +++ b/2024/CVE-2024-29997.md @@ -0,0 +1,34 @@ +### [CVE-2024-29997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29997) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-29998.md b/2024/CVE-2024-29998.md new file mode 100644 index 0000000000..7214eba83c --- /dev/null +++ b/2024/CVE-2024-29998.md @@ -0,0 +1,34 @@ +### [CVE-2024-29998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29998) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-29999.md b/2024/CVE-2024-29999.md new file mode 100644 index 0000000000..5c0d735ad7 --- /dev/null +++ b/2024/CVE-2024-29999.md @@ -0,0 +1,34 @@ +### [CVE-2024-29999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29999) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30000.md b/2024/CVE-2024-30000.md new file mode 100644 index 0000000000..39543f58d3 --- /dev/null +++ b/2024/CVE-2024-30000.md @@ -0,0 +1,34 @@ +### [CVE-2024-30000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30000) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30001.md b/2024/CVE-2024-30001.md new file mode 100644 index 0000000000..06bb34f019 --- /dev/null +++ b/2024/CVE-2024-30001.md @@ -0,0 +1,34 @@ +### [CVE-2024-30001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30001) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30002.md b/2024/CVE-2024-30002.md new file mode 100644 index 0000000000..6d48a799c4 --- /dev/null +++ b/2024/CVE-2024-30002.md @@ -0,0 +1,34 @@ +### [CVE-2024-30002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30002) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30003.md b/2024/CVE-2024-30003.md new file mode 100644 index 0000000000..4a1017b676 --- /dev/null +++ b/2024/CVE-2024-30003.md @@ -0,0 +1,34 @@ +### [CVE-2024-30003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30003) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30004.md b/2024/CVE-2024-30004.md new file mode 100644 index 0000000000..19c7cabf4e --- /dev/null +++ b/2024/CVE-2024-30004.md @@ -0,0 +1,34 @@ +### [CVE-2024-30004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30004) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30005.md b/2024/CVE-2024-30005.md new file mode 100644 index 0000000000..e48ce091f6 --- /dev/null +++ b/2024/CVE-2024-30005.md @@ -0,0 +1,34 @@ +### [CVE-2024-30005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30005) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30012.md b/2024/CVE-2024-30012.md new file mode 100644 index 0000000000..e61a176990 --- /dev/null +++ b/2024/CVE-2024-30012.md @@ -0,0 +1,34 @@ +### [CVE-2024-30012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30012) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30021.md b/2024/CVE-2024-30021.md new file mode 100644 index 0000000000..46ae4df3a3 --- /dev/null +++ b/2024/CVE-2024-30021.md @@ -0,0 +1,34 @@ +### [CVE-2024-30021](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30021) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5820%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4412%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2461%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2960%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3593%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Mobile Broadband Driver Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab + diff --git a/2024/CVE-2024-30025.md b/2024/CVE-2024-30025.md index a6d7272e90..b767601174 100644 --- a/2024/CVE-2024-30025.md +++ b/2024/CVE-2024-30025.md @@ -50,5 +50,6 @@ Windows Common Log File System Driver Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab - https://github.com/myseq/ms_patch_tuesday diff --git a/2024/CVE-2024-30037.md b/2024/CVE-2024-30037.md index 20a3a31c4f..be5e27ae1e 100644 --- a/2024/CVE-2024-30037.md +++ b/2024/CVE-2024-30037.md @@ -50,5 +50,6 @@ Windows Common Log File System Driver Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab - https://github.com/myseq/ms_patch_tuesday diff --git a/2024/CVE-2024-30040.md b/2024/CVE-2024-30040.md index 38538abca5..b71de55dc7 100644 --- a/2024/CVE-2024-30040.md +++ b/2024/CVE-2024-30040.md @@ -36,6 +36,7 @@ Windows MSHTML Platform Security Feature Bypass Vulnerability No PoCs from references. #### Github +- https://github.com/DeclanMWorley/VulnerabilityScannerLab - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/myseq/ms_patch_tuesday diff --git a/2024/CVE-2024-30043.md b/2024/CVE-2024-30043.md index a7a1de2477..507ac8c160 100644 --- a/2024/CVE-2024-30043.md +++ b/2024/CVE-2024-30043.md @@ -20,4 +20,5 @@ No PoCs from references. - https://github.com/W01fh4cker/CVE-2024-30043-XXE - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-30051.md b/2024/CVE-2024-30051.md index 13e69dafd1..4b61fb0243 100644 --- a/2024/CVE-2024-30051.md +++ b/2024/CVE-2024-30051.md @@ -34,5 +34,10 @@ Windows DWM Core Library Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/felixsta/Using_CVSS +- https://github.com/fortra/CVE-2024-30051 +- https://github.com/giriaryan694-a11y/exposed-win-zero-days +- https://github.com/immortalp0ny/mypocs - https://github.com/myseq/ms_patch_tuesday +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-30052.md b/2024/CVE-2024-30052.md new file mode 100644 index 0000000000..f3d2e98fbd --- /dev/null +++ b/2024/CVE-2024-30052.md @@ -0,0 +1,28 @@ +### [CVE-2024-30052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30052) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202017%20version%2015.9%20(includes%2015.0%20-%2015.8)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202019%20version%2016.11%20(includes%2016.0%20-%2016.10)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=15.9.0%3C%2015.9.63%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.11.0%3C%2016.11.37%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.10%3C%2017.10.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.4.0%3C%2017.4.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-693%3A%20Protection%20Mechanism%20Failure&color=brighgreen) + +### Description + +Visual Studio Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/ynwarcs/CVE-2024-30052 + diff --git a/2024/CVE-2024-30078.md b/2024/CVE-2024-30078.md index b3e6c5d0cb..ef34230a79 100644 --- a/2024/CVE-2024-30078.md +++ b/2024/CVE-2024-30078.md @@ -51,9 +51,16 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve +- https://github.com/0xor0ne/awesome-list - https://github.com/52by/CVE-2024-30078 +- https://github.com/Andromeda254/cve - https://github.com/GhostTroops/TOP +- https://github.com/Jailman/CVE_2024_30078_A_POC +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 - https://github.com/Jappie3/starred +- https://github.com/a-roshbaik/CVE_2024_30078_POC_WIFI +- https://github.com/ahur4/nvd-client +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/blkph0x/CVE_2024_30078_POC_WIFI - https://github.com/enomothem/PenTestNote - https://github.com/kvx07/CVE_2024_30078_A_POC @@ -62,4 +69,6 @@ No PoCs from references. - https://github.com/nkontopoul/checkwifivulnerability - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/stryngs/edgedressing +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-30084.md b/2024/CVE-2024-30084.md index 613c6638a1..3cde4b33d0 100644 --- a/2024/CVE-2024-30084.md +++ b/2024/CVE-2024-30084.md @@ -50,5 +50,6 @@ Windows Kernel-Mode Driver Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/ghostbyt3/WinDriver-EXP - https://github.com/myseq/ms_patch_tuesday diff --git a/2024/CVE-2024-30085.md b/2024/CVE-2024-30085.md index 6656284b40..a5f1ed6063 100644 --- a/2024/CVE-2024-30085.md +++ b/2024/CVE-2024-30085.md @@ -30,5 +30,9 @@ Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/Adamkadaban/CVE-2024-30085 +- https://github.com/ghostbyt3/WinDriver-EXP +- https://github.com/murdok1982/Exploit-PoC-para-CVE-2024-30085 - https://github.com/myseq/ms_patch_tuesday +- https://github.com/star-sg/CVE diff --git a/2024/CVE-2024-30088.md b/2024/CVE-2024-30088.md index 34dcc87980..4d298446f8 100644 --- a/2024/CVE-2024-30088.md +++ b/2024/CVE-2024-30088.md @@ -37,9 +37,28 @@ No PoCs from references. #### Github - https://github.com/0xsyr0/OSCP +- https://github.com/AMatheusFeitosaM/OSCP-Cheat +- https://github.com/Admin9961/CVE-2024-30088 +- https://github.com/Faizan-Khanx/OSCP - https://github.com/GhostTroops/TOP +- https://github.com/Jappie3/starred +- https://github.com/Justintroup85/exploits-forsale-collateral-damage +- https://github.com/NextGenPentesters/CVE-2024-30088- +- https://github.com/ReflectedThanatos/OSCP-cheatsheet +- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories +- https://github.com/SantoriuHen/NotesHck +- https://github.com/Technetium1/stars +- https://github.com/Uriel-SG/HTB-Support +- https://github.com/VishuGahlyan/OSCP +- https://github.com/Zombie-Kaiser/CVE-2024-30088-Windows-poc +- https://github.com/exploits-forsale/collateral-damage +- https://github.com/fazilbaig1/oscp +- https://github.com/gmh5225/awesome-game-security - https://github.com/myseq/ms_patch_tuesday - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/tanjiti/sec_profile +- https://github.com/tykawaii98/CVE-2024-30088 +- https://github.com/ycdxsb/WindowsPrivilegeEscalation - https://github.com/youcannotseemeagain/ele diff --git a/2024/CVE-2024-30090.md b/2024/CVE-2024-30090.md new file mode 100644 index 0000000000..5b16191ce6 --- /dev/null +++ b/2024/CVE-2024-30090.md @@ -0,0 +1,58 @@ +### [CVE-2024-30090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30090) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20680%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7070%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5936%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4529%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4529%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2527%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3019%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3737%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3737%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.950%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22720%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27170%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27170%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24919%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-822%3A%20Untrusted%20Pointer%20Dereference&color=brighgreen) + +### Description + +Microsoft Streaming Service Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Dor00tkit/CVE-2024-30090 +- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories +- https://github.com/ZERODETECTION/LPE +- https://github.com/ghostbyt3/WinDriver-EXP +- https://github.com/ycdxsb/WindowsPrivilegeEscalation + diff --git a/2024/CVE-2024-30105.md b/2024/CVE-2024-30105.md new file mode 100644 index 0000000000..3357edd6a8 --- /dev/null +++ b/2024/CVE-2024-30105.md @@ -0,0 +1,28 @@ +### [CVE-2024-30105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30105) +![](https://img.shields.io/static/v1?label=Product&message=.NET%208.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%208.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.10%3C%2017.10.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.4.0%3C%2017.4.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%207.4.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +.NET and Visual Studio Denial of Service Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Commandcracker/vintagestory-docker +- https://github.com/MOHAN-SINGH-0/cybersecurity-Task-3 + diff --git a/2024/CVE-2024-3011.md b/2024/CVE-2024-3011.md index a9abca6971..f287a5975b 100644 --- a/2024/CVE-2024-3011.md +++ b/2024/CVE-2024-3011.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified a #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-3012.md b/2024/CVE-2024-3012.md index 4945a7f61d..5f8cba255c 100644 --- a/2024/CVE-2024-3012.md +++ b/2024/CVE-2024-3012.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30126.md b/2024/CVE-2024-30126.md new file mode 100644 index 0000000000..c0ee54cee3 --- /dev/null +++ b/2024/CVE-2024-30126.md @@ -0,0 +1,17 @@ +### [CVE-2024-30126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30126) +![](https://img.shields.io/static/v1?label=Product&message=BigFix%20Compliance&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sonalvijit/cve + diff --git a/2024/CVE-2024-3013.md b/2024/CVE-2024-3013.md index 2be467737b..5c5346296d 100644 --- a/2024/CVE-2024-3013.md +++ b/2024/CVE-2024-3013.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t diff --git a/2024/CVE-2024-30171.md b/2024/CVE-2024-30171.md index 932a59171b..6966ccda7e 100644 --- a/2024/CVE-2024-30171.md +++ b/2024/CVE-2024-30171.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/cdupuis/aspnetapp +- https://github.com/haba713/depcheck-gretty-issue - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-30172.md b/2024/CVE-2024-30172.md index 8c928a3b74..545d036285 100644 --- a/2024/CVE-2024-30172.md +++ b/2024/CVE-2024-30172.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/cdupuis/aspnetapp +- https://github.com/haba713/depcheck-gretty-issue +- https://github.com/wskvfhprrk/FOMO-pay - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-30176.md b/2024/CVE-2024-30176.md new file mode 100644 index 0000000000..7b9ce66040 --- /dev/null +++ b/2024/CVE-2024-30176.md @@ -0,0 +1,17 @@ +### [CVE-2024-30176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30176) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. + +### POC + +#### Reference +- https://servicedesk.logpoint.com/hc/en-us/articles/18435146614301-Username-Enumeration-on-Shared-Widgets + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-30240.md b/2024/CVE-2024-30240.md index e0114f2183..4e1b9ef336 100644 --- a/2024/CVE-2024-30240.md +++ b/2024/CVE-2024-30240.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/xbz0n/xbz0n diff --git a/2024/CVE-2024-30269.md b/2024/CVE-2024-30269.md index 96e4f6ab10..b78902b50e 100644 --- a/2024/CVE-2024-30269.md +++ b/2024/CVE-2024-30269.md @@ -13,5 +13,17 @@ DataEase, an open source data visualization and analysis tool, has a database co No PoCs from references. #### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 diff --git a/2024/CVE-2024-30270.md b/2024/CVE-2024-30270.md index f07f7210ae..3c727e64c3 100644 --- a/2024/CVE-2024-30270.md +++ b/2024/CVE-2024-30270.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/Alchemist3dot14/CVE-2024-30270-PoC +- https://github.com/ismailmazumder/SL7CVELabsBuilder - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/securelayer7/Research diff --git a/2024/CVE-2024-30370.md b/2024/CVE-2024-30370.md new file mode 100644 index 0000000000..a6e639bb97 --- /dev/null +++ b/2024/CVE-2024-30370.md @@ -0,0 +1,17 @@ +### [CVE-2024-30370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30370) +![](https://img.shields.io/static/v1?label=Product&message=WinRAR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.00%20beta%204%20(64-bit)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-693%3A%20Protection%20Mechanism%20Failure&color=brighgreen) + +### Description + +RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/uixss/TriniRar + diff --git a/2024/CVE-2024-3044.md b/2024/CVE-2024-3044.md new file mode 100644 index 0000000000..d36489bcbe --- /dev/null +++ b/2024/CVE-2024-3044.md @@ -0,0 +1,17 @@ +### [CVE-2024-3044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3044) +![](https://img.shields.io/static/v1?label=Product&message=LibreOffice&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7.6%3C%207.6.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-356%20Product%20UI%20does%20not%20Warn%20User%20of%20Unsafe%20Actions&color=brighgreen) + +### Description + +Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Icare1337/LibreOffice_Tips_Bug_Bounty + diff --git a/2024/CVE-2024-30485.md b/2024/CVE-2024-30485.md new file mode 100644 index 0000000000..64df104a35 --- /dev/null +++ b/2024/CVE-2024-30485.md @@ -0,0 +1,18 @@ +### [CVE-2024-30485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30485) +![](https://img.shields.io/static/v1?label=Product&message=Finale%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-30485 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-30491.md b/2024/CVE-2024-30491.md index d8b926e968..e95695a44f 100644 --- a/2024/CVE-2024-30491.md +++ b/2024/CVE-2024-30491.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/truonghuuphuc/CVE-2024-30491-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-3050.md b/2024/CVE-2024-3050.md index 2d1d0ef783..b32f5c9585 100644 --- a/2024/CVE-2024-3050.md +++ b/2024/CVE-2024-3050.md @@ -15,4 +15,5 @@ The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses fro #### Github - https://github.com/DojoSecurity/DojoSecurity - https://github.com/afine-com/research +- https://github.com/vemusx/vemusx diff --git a/2024/CVE-2024-30545.md b/2024/CVE-2024-30545.md new file mode 100644 index 0000000000..e33aa0c7d9 --- /dev/null +++ b/2024/CVE-2024-30545.md @@ -0,0 +1,17 @@ +### [CVE-2024-30545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30545) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Author%20Bio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social Author Bio allows Stored XSS.This issue affects Social Author Bio: from n/a through 2.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-30553.md b/2024/CVE-2024-30553.md new file mode 100644 index 0000000000..bde00d5f8b --- /dev/null +++ b/2024/CVE-2024-30553.md @@ -0,0 +1,17 @@ +### [CVE-2024-30553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30553) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Twitter%20Mega%20Fan%20Box%20Widget%20&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joby Joseph WP Twitter Mega Fan Box Widget allows Stored XSS.This issue affects WP Twitter Mega Fan Box Widget : from n/a through 1.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-30554.md b/2024/CVE-2024-30554.md new file mode 100644 index 0000000000..38d932bd4e --- /dev/null +++ b/2024/CVE-2024-30554.md @@ -0,0 +1,17 @@ +### [CVE-2024-30554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30554) +![](https://img.shields.io/static/v1?label=Product&message=DD%20Rating&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wouter Dijkstra DD Rating allows Stored XSS.This issue affects DD Rating: from n/a through 1.7.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-30583.md b/2024/CVE-2024-30583.md index d64f90c17d..7c08725c0c 100644 --- a/2024/CVE-2024-30583.md +++ b/2024/CVE-2024-30583.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterfa #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30584.md b/2024/CVE-2024-30584.md index 82f77e7389..e470305203 100644 --- a/2024/CVE-2024-30584.md +++ b/2024/CVE-2024-30584.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security p #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30585.md b/2024/CVE-2024-30585.md index c1a9450b48..3803a20e03 100644 --- a/2024/CVE-2024-30585.md +++ b/2024/CVE-2024-30585.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId p #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30586.md b/2024/CVE-2024-30586.md index 1b29da7d93..445227f49b 100644 --- a/2024/CVE-2024-30586.md +++ b/2024/CVE-2024-30586.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30587.md b/2024/CVE-2024-30587.md index 8a1d313306..deffb1cbe0 100644 --- a/2024/CVE-2024-30587.md +++ b/2024/CVE-2024-30587.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls param #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30588.md b/2024/CVE-2024-30588.md index 66997919ea..599dac0ae1 100644 --- a/2024/CVE-2024-30588.md +++ b/2024/CVE-2024-30588.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStart #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30589.md b/2024/CVE-2024-30589.md index 009bb45c64..66118fe1d5 100644 --- a/2024/CVE-2024-30589.md +++ b/2024/CVE-2024-30589.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the e #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30590.md b/2024/CVE-2024-30590.md index e1b8b4c91d..39eb375b94 100644 --- a/2024/CVE-2024-30590.md +++ b/2024/CVE-2024-30590.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTi #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30591.md b/2024/CVE-2024-30591.md index 5f19c2d18d..41d1a6378c 100644 --- a/2024/CVE-2024-30591.md +++ b/2024/CVE-2024-30591.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time param #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30592.md b/2024/CVE-2024-30592.md index 3a6c191f77..9770d817a6 100644 --- a/2024/CVE-2024-30592.md +++ b/2024/CVE-2024-30592.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page param #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30593.md b/2024/CVE-2024-30593.md index ec321af0d4..43cd6d1caa 100644 --- a/2024/CVE-2024-30593.md +++ b/2024/CVE-2024-30593.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the de #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30594.md b/2024/CVE-2024-30594.md index 3148a98c0c..332b84b83b 100644 --- a/2024/CVE-2024-30594.md +++ b/2024/CVE-2024-30594.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30595.md b/2024/CVE-2024-30595.md index 94966820b2..0974ed4abc 100644 --- a/2024/CVE-2024-30595.md +++ b/2024/CVE-2024-30595.md @@ -14,4 +14,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId p #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30596.md b/2024/CVE-2024-30596.md index ea61ce4447..cc315a8873 100644 --- a/2024/CVE-2024-30596.md +++ b/2024/CVE-2024-30596.md @@ -15,4 +15,5 @@ Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId p #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30597.md b/2024/CVE-2024-30597.md index ba66b873d1..2a8f209125 100644 --- a/2024/CVE-2024-30597.md +++ b/2024/CVE-2024-30597.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the securit #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30598.md b/2024/CVE-2024-30598.md index 973a456955..38b772dbf6 100644 --- a/2024/CVE-2024-30598.md +++ b/2024/CVE-2024-30598.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the securit #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30599.md b/2024/CVE-2024-30599.md index 19e1b14a5c..d9b6af83e8 100644 --- a/2024/CVE-2024-30599.md +++ b/2024/CVE-2024-30599.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parame #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30600.md b/2024/CVE-2024-30600.md index 683a8345d4..4d59298306 100644 --- a/2024/CVE-2024-30600.md +++ b/2024/CVE-2024-30600.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime par #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30601.md b/2024/CVE-2024-30601.md index 1c7557a2f1..5131ae4141 100644 --- a/2024/CVE-2024-30601.md +++ b/2024/CVE-2024-30601.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter o #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30602.md b/2024/CVE-2024-30602.md index 7af3f2a6d6..d7d280651d 100644 --- a/2024/CVE-2024-30602.md +++ b/2024/CVE-2024-30602.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime p #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30603.md b/2024/CVE-2024-30603.md index b4330819a5..56c3270a11 100644 --- a/2024/CVE-2024-30603.md +++ b/2024/CVE-2024-30603.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter o #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30604.md b/2024/CVE-2024-30604.md index 6e61634a65..1aa5aa8573 100644 --- a/2024/CVE-2024-30604.md +++ b/2024/CVE-2024-30604.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30606.md b/2024/CVE-2024-30606.md index d777d4000e..e81a178db7 100644 --- a/2024/CVE-2024-30606.md +++ b/2024/CVE-2024-30606.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter o #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30607.md b/2024/CVE-2024-30607.md index 3e648d4ddd..4cbfd2431d 100644 --- a/2024/CVE-2024-30607.md +++ b/2024/CVE-2024-30607.md @@ -15,4 +15,5 @@ Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId paramet #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30612.md b/2024/CVE-2024-30612.md index c61bff57e9..e01c38747d 100644 --- a/2024/CVE-2024-30612.md +++ b/2024/CVE-2024-30612.md @@ -15,4 +15,5 @@ Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, lim #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30613.md b/2024/CVE-2024-30613.md index 2be5878437..545d13fa83 100644 --- a/2024/CVE-2024-30613.md +++ b/2024/CVE-2024-30613.md @@ -14,4 +14,5 @@ Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-3062.md b/2024/CVE-2024-3062.md new file mode 100644 index 0000000000..2172d44bbb --- /dev/null +++ b/2024/CVE-2024-3062.md @@ -0,0 +1,17 @@ +### [CVE-2024-3062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3062) +![](https://img.shields.io/static/v1?label=Product&message=Save%20as%20Image%20Plugin%20by%20Pdfcrowd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1526985d-2f8f-4b2a-97f3-633c51d024b8/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-30622.md b/2024/CVE-2024-30622.md index 1ff247d660..802d9a0662 100644 --- a/2024/CVE-2024-30622.md +++ b/2024/CVE-2024-30622.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterfac #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30623.md b/2024/CVE-2024-30623.md index 1c68a18fce..4149bb0f12 100644 --- a/2024/CVE-2024-30623.md +++ b/2024/CVE-2024-30623.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parame #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30624.md b/2024/CVE-2024-30624.md index 1dd1488f1b..3655fdb158 100644 --- a/2024/CVE-2024-30624.md +++ b/2024/CVE-2024-30624.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parame #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30625.md b/2024/CVE-2024-30625.md index eeaf352b4b..18309fe60f 100644 --- a/2024/CVE-2024-30625.md +++ b/2024/CVE-2024-30625.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys para #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30626.md b/2024/CVE-2024-30626.md index 07667f85d4..b75ea2b553 100644 --- a/2024/CVE-2024-30626.md +++ b/2024/CVE-2024-30626.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTim #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30627.md b/2024/CVE-2024-30627.md index 513d1db09f..3d33d2e2f3 100644 --- a/2024/CVE-2024-30627.md +++ b/2024/CVE-2024-30627.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId pa #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30628.md b/2024/CVE-2024-30628.md index 271c680103..e25af800e0 100644 --- a/2024/CVE-2024-30628.md +++ b/2024/CVE-2024-30628.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parame #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30629.md b/2024/CVE-2024-30629.md index ce9965822e..b02ae74ff3 100644 --- a/2024/CVE-2024-30629.md +++ b/2024/CVE-2024-30629.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 param #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30630.md b/2024/CVE-2024-30630.md index 9041eb463f..92696391b0 100644 --- a/2024/CVE-2024-30630.md +++ b/2024/CVE-2024-30630.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parame #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30631.md b/2024/CVE-2024-30631.md index b584bd7da6..be995d3c71 100644 --- a/2024/CVE-2024-30631.md +++ b/2024/CVE-2024-30631.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartT #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30632.md b/2024/CVE-2024-30632.md index c756993024..8352f12abe 100644 --- a/2024/CVE-2024-30632.md +++ b/2024/CVE-2024-30632.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30633.md b/2024/CVE-2024-30633.md index 4190b423ab..eeb6cc2e93 100644 --- a/2024/CVE-2024-30633.md +++ b/2024/CVE-2024-30633.md @@ -14,4 +14,5 @@ Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security pa #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30634.md b/2024/CVE-2024-30634.md index d4ff2ebb6b..9bfc33edf7 100644 --- a/2024/CVE-2024-30634.md +++ b/2024/CVE-2024-30634.md @@ -14,4 +14,5 @@ Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterfa #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30635.md b/2024/CVE-2024-30635.md index eb8acc2227..8c0646b4af 100644 --- a/2024/CVE-2024-30635.md +++ b/2024/CVE-2024-30635.md @@ -14,4 +14,5 @@ Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the fun #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30636.md b/2024/CVE-2024-30636.md index 9b4a313270..d4589c3f27 100644 --- a/2024/CVE-2024-30636.md +++ b/2024/CVE-2024-30636.md @@ -14,4 +14,5 @@ Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassw #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30637.md b/2024/CVE-2024-30637.md index 61b47ebac9..f4f518e9b9 100644 --- a/2024/CVE-2024-30637.md +++ b/2024/CVE-2024-30637.md @@ -14,4 +14,5 @@ Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWri #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30638.md b/2024/CVE-2024-30638.md index ad54e62d2b..bf45956e4d 100644 --- a/2024/CVE-2024-30638.md +++ b/2024/CVE-2024-30638.md @@ -14,4 +14,5 @@ Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys par #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30639.md b/2024/CVE-2024-30639.md index 4d54bc543b..177b7871fe 100644 --- a/2024/CVE-2024-30639.md +++ b/2024/CVE-2024-30639.md @@ -14,4 +14,5 @@ Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parame #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-30645.md b/2024/CVE-2024-30645.md index c2b950f08d..cffde1964b 100644 --- a/2024/CVE-2024-30645.md +++ b/2024/CVE-2024-30645.md @@ -15,5 +15,6 @@ Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the dev #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-3077.md b/2024/CVE-2024-3077.md new file mode 100644 index 0000000000..52dfda0b64 --- /dev/null +++ b/2024/CVE-2024-3077.md @@ -0,0 +1,18 @@ +### [CVE-2024-3077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3077) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-126%3A%20Buffer%20Ovead&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +An malicious BLE device can crash BLE victim device by sending malformed gatt packet + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zoolab-org/blueman.artifact + diff --git a/2024/CVE-2024-30801.md b/2024/CVE-2024-30801.md new file mode 100644 index 0000000000..6e990a864c --- /dev/null +++ b/2024/CVE-2024-30801.md @@ -0,0 +1,18 @@ +### [CVE-2024-30801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30801) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul + diff --git a/2024/CVE-2024-30802.md b/2024/CVE-2024-30802.md index 57a641e7aa..b9289828d6 100644 --- a/2024/CVE-2024-30802.md +++ b/2024/CVE-2024-30802.md @@ -13,5 +13,6 @@ An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to es - https://github.com/WarmBrew/web_vul/blob/main/TTX.md #### Github -No PoCs found on GitHub currently. +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul diff --git a/2024/CVE-2024-30804.md b/2024/CVE-2024-30804.md index 5ea4daf42c..3e986427bd 100644 --- a/2024/CVE-2024-30804.md +++ b/2024/CVE-2024-30804.md @@ -13,5 +13,7 @@ An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v. No PoCs from references. #### Github +- https://github.com/BlackTom900131/awesome-game-security - https://github.com/gmh5225/awesome-game-security +- https://github.com/trevor0106/game-security diff --git a/2024/CVE-2024-30840.md b/2024/CVE-2024-30840.md index a8bc7fee26..27141f6574 100644 --- a/2024/CVE-2024-30840.md +++ b/2024/CVE-2024-30840.md @@ -14,5 +14,6 @@ A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to ca #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-30848.md b/2024/CVE-2024-30848.md index 2c75411d4c..ae425f39df 100644 --- a/2024/CVE-2024-30848.md +++ b/2024/CVE-2024-30848.md @@ -13,5 +13,5 @@ Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0 - https://github.com/Excis3/CVE-Disclosure/blob/main/CVE-2024-30848.md #### Github -No PoCs found on GitHub currently. +- https://github.com/Excis3/CVE-Disclosure diff --git a/2024/CVE-2024-30875.md b/2024/CVE-2024-30875.md new file mode 100644 index 0000000000..8d57482711 --- /dev/null +++ b/2024/CVE-2024-30875.md @@ -0,0 +1,18 @@ +### [CVE-2024-30875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30875) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQuery UI. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ant1sec-ops/CVE-2024-30875 +- https://github.com/Tirthikas/XSSplore + diff --git a/2024/CVE-2024-30896.md b/2024/CVE-2024-30896.md new file mode 100644 index 0000000000..694e3afcb4 --- /dev/null +++ b/2024/CVE-2024-30896.md @@ -0,0 +1,18 @@ +### [CVE-2024-30896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30896) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/XenoM0rph97/CVE-2024-30896 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-30939.md b/2024/CVE-2024-30939.md index 429ee0efc6..df57a11f5a 100644 --- a/2024/CVE-2024-30939.md +++ b/2024/CVE-2024-30939.md @@ -10,6 +10,7 @@ An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0 ### POC #### Reference +- https://medium.com/%40deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad - https://medium.com/@deepsahu1/yealink-ip-phone-account-take-over-9bf9e7b847c0?source=friends_link&sk=b0d664dd5b3aad5b758e4934aca997ad #### Github diff --git a/2024/CVE-2024-3094.md b/2024/CVE-2024-3094.md index 786a96ad16..1b834ff4d9 100644 --- a/2024/CVE-2024-3094.md +++ b/2024/CVE-2024-3094.md @@ -22,24 +22,33 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers #### Github - https://github.com/0x7Fancy/0x7Fancy.github.io +- https://github.com/0xAj-Krishna/biggest-hack - https://github.com/0xlane/xz-cve-2024-3094 +- https://github.com/24Owais/threat-intel-cve-2024-3094 - https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione - https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check +- https://github.com/CHDevSec/RedPhaton - https://github.com/Cas-Cornelissen/xz-vulnerability-ansible - https://github.com/CyberGuard-Foundation/CVE-2024-3094 +- https://github.com/CyberSecAI/cve_info_refs_crawler +- https://github.com/DANO-AMP/CVE-2024-3094 - https://github.com/EGI-Federation/SVG-advisories - https://github.com/FabioBaroni/CVE-2024-3094-checker - https://github.com/Fatal016/xz_lab - https://github.com/Fractal-Tess/CVE-2024-3094 +- https://github.com/Fraunhofer-AISEC/supply-graph +- https://github.com/GauravGhandat-23/AI-Driven-Adaptive-SOC-Assistant-AI-SOCA - https://github.com/Getshell/xzDoor - https://github.com/GhostTroops/TOP - https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check - https://github.com/HaveFun83/awesome-stars - https://github.com/Horizon-Software-Development/CVE-2024-3094 +- https://github.com/Ikram124/CVE-2024-3094-analysis - https://github.com/JVS23/cybsec-project-2024 - https://github.com/Jappie3/starred - https://github.com/JonathanSiemering/stars - https://github.com/Juul/xz-backdoor-scan +- https://github.com/KaminaDuck/ansible-CVE-2024-3094 - https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container - https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094 - https://github.com/Mustafa1986/CVE-2024-3094 @@ -52,17 +61,23 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/Technetium1/stars - https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker - https://github.com/Thiagocsoaresbh/heroku-test +- https://github.com/Titus-soc/-CVE-2024-3094-Vulnerability-Checker-Fixer-Public +- https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit - https://github.com/Yuma-Tsushima07/CVE-2024-3094 - https://github.com/ackemed/detectar_cve-2024-3094 - https://github.com/adibue/brew-xz-patcher +- https://github.com/akatiyar0312/self-healing-agent-adk - https://github.com/alexzeitgeist/starred - https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer - https://github.com/amlweems/xzbot - https://github.com/aneasystone/github-trending - https://github.com/anhnmt/ansible-check-xz-utils +- https://github.com/anxkhn/my-awesome-stars - https://github.com/ashwani95/CVE-2024-3094 - https://github.com/awdemos/demos - https://github.com/badsectorlabs/ludus_xz_backdoor +- https://github.com/been22426/CVE-2024-3094 +- https://github.com/bernardo1024/Veatures - https://github.com/bioless/xz_cve-2024-3094_detection - https://github.com/bollwarm/SecToolSet - https://github.com/brinhosa/CVE-2024-3094-One-Liner @@ -76,11 +91,13 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/chadsr/stars - https://github.com/chavezvic/update-checker-Penguin - https://github.com/christoofar/safexz +- https://github.com/cihan-atas/cyberexam-rooms - https://github.com/crfearnworks/ansible-CVE-2024-3094 - https://github.com/crosscode-nl/snowflake - https://github.com/cxyfreedom/website-hot-hub - https://github.com/dah4k/CVE-2024-3094 - https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector +- https://github.com/dinhkhaphancs/software-bug-assistant - https://github.com/donmccaughey/xz_pkg - https://github.com/dparksports/detect_intrusion - https://github.com/drdry2/CVE-2024-3094-EXPLOIT @@ -89,23 +106,28 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/emirkmo/xz-backdoor-github - https://github.com/enomothem/PenTestNote - https://github.com/felipecosta09/cve-2024-3094 +- https://github.com/felipecruz91/high-profile-demo - https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094- - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/gaahrdner/starred - https://github.com/galacticquest/cve-2024-3094-detect - https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script +- https://github.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer - https://github.com/gustavorobertux/CVE-2024-3094 - https://github.com/hackingetico21/revisaxzutils - https://github.com/hanmin0512/Data_splunk - https://github.com/harekrishnarai/xz-utils-vuln-checker - https://github.com/hazemkya/CVE-2024-3094-checker +- https://github.com/hiitaro/CVE-Searcher - https://github.com/hoanbi1812000/hoanbi1812000 - https://github.com/iakat/stars - https://github.com/iheb2b/CVE-2024-3094-Checker - https://github.com/initMAX/Zabbix-Templates - https://github.com/initMAX/zabbix-templates +- https://github.com/iomarmochtar/sandock - https://github.com/isuruwa/CVE-2024-3094 - https://github.com/jafshare/GithubTrending +- https://github.com/janepierresgithub/CVEAnalysisRepository - https://github.com/jbnetwork-git/linux-tools - https://github.com/jfrog/cve-2024-3094-tools - https://github.com/johe123qwe/github-trending @@ -113,12 +135,15 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/k4t3pr0/Check-CVE-2024-3094 - https://github.com/kornelski/cargo-deb - https://github.com/kun-g/Scraping-Github-trending +- https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094 - https://github.com/lemon-mint/stars - https://github.com/lockness-Ko/xz-vulnerable-honeypot +- https://github.com/ltdenard/cve_lookup - https://github.com/lu-zero/autotools-rs - https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker - https://github.com/marcelofmatos/ssh-xz-backdoor - https://github.com/marcoramilli/marcoramilli +- https://github.com/marklechner/cvewb - https://github.com/mauvehed/starred - https://github.com/mesutgungor/xz-backdoor-vulnerability - https://github.com/mightysai1997/CVE-2024-3094 @@ -126,23 +151,32 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/mightysai1997/xzbot - https://github.com/mmomtchev/ffmpeg - https://github.com/mmomtchev/magickwand.js +- https://github.com/mrk336/CVE-2024-3094 - https://github.com/neuralinhibitor/xzwhy - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/orhun/flawz - https://github.com/pentestfunctions/CVE-2024-3094 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/preyalameta02/software_bug_assistant - https://github.com/prototux/xz-backdoor-recreation - https://github.com/przemoc/xz-backdoor-links +- https://github.com/przymusp/XZ-Attack - https://github.com/r0binak/xzk8s - https://github.com/reuteras/CVE-2024-3094 - https://github.com/rezigned/xz-backdoor - https://github.com/rezigned/xz-backdoor-container-image - https://github.com/robertdebock/ansible-playbook-cve-2024-3094 - https://github.com/robertdebock/ansible-role-cve_2024_3094 +- https://github.com/robertdfrench/ifuncd-up +- https://github.com/rockethm/seminarioTAC +- https://github.com/ruslanbay/nixos-hyperv +- https://github.com/sahilbansal17/awesome-gists - https://github.com/samokat-oss/pisc - https://github.com/sampsonv/github-trending - https://github.com/sarutobi12/sarutobi12 - https://github.com/schu/notebook - https://github.com/securitycipher/daily-bugbounty-writeups +- https://github.com/shefirot/CVE-2024-3094 - https://github.com/silentEAG/awesome-stars - https://github.com/sunlei/awesome-stars - https://github.com/tanjiti/sec_profile @@ -150,11 +184,13 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/trngtam10d/trngtam10d - https://github.com/ulikunitz/xz - https://github.com/unresolv/stars +- https://github.com/valeriot30/cve-2024-3094 - https://github.com/vuduclyunitn/software_supply_chain_papers - https://github.com/weltregie/liblzma-scan - https://github.com/wgetnz/CVE-2024-3094-check - https://github.com/zayidu/zayidu - https://github.com/zgimszhd61/cve-2024-3094-detect-tool +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoxiaoha/github-trending - https://github.com/zoroqi/my-awesome diff --git a/2024/CVE-2024-30961.md b/2024/CVE-2024-30961.md new file mode 100644 index 0000000000..d95cd364d6 --- /dev/null +++ b/2024/CVE-2024-30961.md @@ -0,0 +1,17 @@ +### [CVE-2024-30961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30961) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-30963.md b/2024/CVE-2024-30963.md new file mode 100644 index 0000000000..57fc1d083e --- /dev/null +++ b/2024/CVE-2024-30963.md @@ -0,0 +1,17 @@ +### [CVE-2024-30963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30963) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-30964.md b/2024/CVE-2024-30964.md new file mode 100644 index 0000000000..cb582ba5d2 --- /dev/null +++ b/2024/CVE-2024-30964.md @@ -0,0 +1,17 @@ +### [CVE-2024-30964](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30964) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-30979.md b/2024/CVE-2024-30979.md index 539edf1b66..6284a8e211 100644 --- a/2024/CVE-2024-30979.md +++ b/2024/CVE-2024-30979.md @@ -10,6 +10,7 @@ Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30979-stored-cross-site-scripting-xss-in-cyber-cafe-management-system-project-ccms-1-44b10f50817b - https://medium.com/@shanunirwan/cve-2024-30979-stored-cross-site-scripting-xss-in-cyber-cafe-management-system-project-ccms-1-44b10f50817b #### Github diff --git a/2024/CVE-2024-30980.md b/2024/CVE-2024-30980.md index b338e6437c..cf1f244fcd 100644 --- a/2024/CVE-2024-30980.md +++ b/2024/CVE-2024-30980.md @@ -10,6 +10,7 @@ SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30980-sql-injection-vulnerability-in-cyber-cafe-management-system-using-php-mysql-v1-0-30bffd26dab7 - https://medium.com/@shanunirwan/cve-2024-30980-sql-injection-vulnerability-in-cyber-cafe-management-system-using-php-mysql-v1-0-30bffd26dab7 #### Github diff --git a/2024/CVE-2024-30981.md b/2024/CVE-2024-30981.md index 0992fc2280..d1414ae762 100644 --- a/2024/CVE-2024-30981.md +++ b/2024/CVE-2024-30981.md @@ -10,6 +10,7 @@ SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Caf ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30981-sql-injection-vulnerability-in-cyber-cafe-management-system-using-php-mysql-v1-0-534676f9bdeb - https://medium.com/@shanunirwan/cve-2024-30981-sql-injection-vulnerability-in-cyber-cafe-management-system-using-php-mysql-v1-0-534676f9bdeb #### Github diff --git a/2024/CVE-2024-30985.md b/2024/CVE-2024-30985.md index cea6613c86..993b7ea9ff 100644 --- a/2024/CVE-2024-30985.md +++ b/2024/CVE-2024-30985.md @@ -10,6 +10,7 @@ SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Man ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30985-sql-injection-vulnerability-in-client-management-system-using-php-mysql-1-1-c21fecbda062 - https://medium.com/@shanunirwan/cve-2024-30985-sql-injection-vulnerability-in-client-management-system-using-php-mysql-1-1-c21fecbda062 #### Github diff --git a/2024/CVE-2024-30986.md b/2024/CVE-2024-30986.md index 998786532d..29b33e90af 100644 --- a/2024/CVE-2024-30986.md +++ b/2024/CVE-2024-30986.md @@ -10,6 +10,7 @@ Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul C ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30986-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3fb702d9d510 - https://medium.com/@shanunirwan/cve-2024-30986-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3fb702d9d510 #### Github diff --git a/2024/CVE-2024-30987.md b/2024/CVE-2024-30987.md index c636a37313..753607e354 100644 --- a/2024/CVE-2024-30987.md +++ b/2024/CVE-2024-30987.md @@ -10,6 +10,7 @@ Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Clie ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30987-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-b6a7a177d254 - https://medium.com/@shanunirwan/cve-2024-30987-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-b6a7a177d254 #### Github diff --git a/2024/CVE-2024-30988.md b/2024/CVE-2024-30988.md index 797860fc97..0058b7ab94 100644 --- a/2024/CVE-2024-30988.md +++ b/2024/CVE-2024-30988.md @@ -10,6 +10,7 @@ Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30988-cross-site-scripting-vulnerability-in-client-management-system-using-php-mysql-1-1-e7a677936c23 - https://medium.com/@shanunirwan/cve-2024-30988-cross-site-scripting-vulnerability-in-client-management-system-using-php-mysql-1-1-e7a677936c23 #### Github diff --git a/2024/CVE-2024-30989.md b/2024/CVE-2024-30989.md index 7e610d2b3e..6954dde1ca 100644 --- a/2024/CVE-2024-30989.md +++ b/2024/CVE-2024-30989.md @@ -10,6 +10,7 @@ Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Cli ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30989-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3cfa1c54e4a6 - https://medium.com/@shanunirwan/cve-2024-30989-multiple-stored-cross-site-scripting-vulnerabilities-in-client-management-system-3cfa1c54e4a6 #### Github diff --git a/2024/CVE-2024-30990.md b/2024/CVE-2024-30990.md index d94e413fdc..bcdfcc0332 100644 --- a/2024/CVE-2024-30990.md +++ b/2024/CVE-2024-30990.md @@ -10,6 +10,7 @@ SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Manageme ### POC #### Reference +- https://medium.com/%40shanunirwan/cve-2024-30990-sql-injection-vulnerability-in-invoices-page-of-client-management-system-using-php-58baa94a1761 - https://medium.com/@shanunirwan/cve-2024-30990-sql-injection-vulnerability-in-invoices-page-of-client-management-system-using-php-58baa94a1761 #### Github diff --git a/2024/CVE-2024-31007.md b/2024/CVE-2024-31007.md new file mode 100644 index 0000000000..136285d0b2 --- /dev/null +++ b/2024/CVE-2024-31007.md @@ -0,0 +1,17 @@ +### [CVE-2024-31007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31007) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer Overflow vulnerability in IrfanView 32bit v.4.66 allows a local attacker to cause a denial of service via a crafted file. Affected component is IrfanView 32bit 4.66 with plugin formats.dll. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kirito999/IrfanViewBug + diff --git a/2024/CVE-2024-3105.md b/2024/CVE-2024-3105.md index 2f4914f2f1..cf1d4d5970 100644 --- a/2024/CVE-2024-3105.md +++ b/2024/CVE-2024-3105.md @@ -13,5 +13,6 @@ The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for Wo No PoCs from references. #### Github +- https://github.com/hunThubSpace/CVE-2024-3105-PoC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-31061.md b/2024/CVE-2024-31061.md index b6326a395c..6beed30497 100644 --- a/2024/CVE-2024-31061.md +++ b/2024/CVE-2024-31061.md @@ -14,5 +14,5 @@ Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and bef - https://portswigger.net/web-security/cross-site-scripting/stored #### Github -No PoCs found on GitHub currently. +- https://github.com/sahildari/sahildari diff --git a/2024/CVE-2024-31062.md b/2024/CVE-2024-31062.md index a56d6b1e80..236621ca3f 100644 --- a/2024/CVE-2024-31062.md +++ b/2024/CVE-2024-31062.md @@ -14,5 +14,5 @@ Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and bef - https://portswigger.net/web-security/cross-site-scripting/stored #### Github -No PoCs found on GitHub currently. +- https://github.com/sahildari/sahildari diff --git a/2024/CVE-2024-31063.md b/2024/CVE-2024-31063.md index d1ec6fe24c..e41803eb8f 100644 --- a/2024/CVE-2024-31063.md +++ b/2024/CVE-2024-31063.md @@ -14,5 +14,5 @@ Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and bef - https://portswigger.net/web-security/cross-site-scripting/stored #### Github -No PoCs found on GitHub currently. +- https://github.com/sahildari/sahildari diff --git a/2024/CVE-2024-31064.md b/2024/CVE-2024-31064.md index 818ad48f6d..d38ec40716 100644 --- a/2024/CVE-2024-31064.md +++ b/2024/CVE-2024-31064.md @@ -13,5 +13,5 @@ Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and bef - https://github.com/sahildari/cve/blob/master/CVE-2024-31064.md #### Github -No PoCs found on GitHub currently. +- https://github.com/sahildari/sahildari diff --git a/2024/CVE-2024-31065.md b/2024/CVE-2024-31065.md index e80dd80205..7cf5106447 100644 --- a/2024/CVE-2024-31065.md +++ b/2024/CVE-2024-31065.md @@ -14,5 +14,5 @@ Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and bef - https://portswigger.net/web-security/cross-site-scripting/stored #### Github -No PoCs found on GitHub currently. +- https://github.com/sahildari/sahildari diff --git a/2024/CVE-2024-31074.md b/2024/CVE-2024-31074.md new file mode 100644 index 0000000000..3fa46e9682 --- /dev/null +++ b/2024/CVE-2024-31074.md @@ -0,0 +1,18 @@ +### [CVE-2024-31074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31074) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20QAT%20Engine%20for%20OpenSSL%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%20v1.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20timing%20discrepancy&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=information%20disclosure&color=brighgreen) + +### Description + +Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2024/CVE-2024-31079.md b/2024/CVE-2024-31079.md new file mode 100644 index 0000000000..f917255242 --- /dev/null +++ b/2024/CVE-2024-31079.md @@ -0,0 +1,19 @@ +### [CVE-2024-31079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31079) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Open%20Source&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.25.0%3C%201.26.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=R30%3C%20R32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/spicehq/nginx-demo + diff --git a/2024/CVE-2024-31114.md b/2024/CVE-2024-31114.md new file mode 100644 index 0000000000..8b70f1517d --- /dev/null +++ b/2024/CVE-2024-31114.md @@ -0,0 +1,18 @@ +### [CVE-2024-31114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31114) +![](https://img.shields.io/static/v1?label=Product&message=Shortcode%20Addons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%203.2.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-31114 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-31141.md b/2024/CVE-2024-31141.md new file mode 100644 index 0000000000..b807074dfc --- /dev/null +++ b/2024/CVE-2024-31141.md @@ -0,0 +1,19 @@ +### [CVE-2024-31141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31141) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Kafka%20Clients&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.3.0%3C%3D%203.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen) + +### Description + +Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables.In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products.This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0.Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none".Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds.For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property.For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/anders-wartoft/LogGenerator +- https://github.com/inaki76/demo-sistema-distribuido + diff --git a/2024/CVE-2024-31152.md b/2024/CVE-2024-31152.md new file mode 100644 index 0000000000..f04729c71e --- /dev/null +++ b/2024/CVE-2024-31152.md @@ -0,0 +1,17 @@ +### [CVE-2024-31152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31152) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6012&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R0.40e6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1982 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31204.md b/2024/CVE-2024-31204.md new file mode 100644 index 0000000000..77f42535c0 --- /dev/null +++ b/2024/CVE-2024-31204.md @@ -0,0 +1,19 @@ +### [CVE-2024-31204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31204) +![](https://img.shields.io/static/v1?label=Product&message=mailcow-dockerized&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202024-04%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEV_MODE. The system saves exception details into a session array without proper sanitization or encoding. These details are later rendered into HTML and executed in a JavaScript block within the user's browser, without adequate escaping of HTML entities. This flaw allows for Cross-Site Scripting (XSS) attacks, where attackers can inject malicious scripts into the admin panel by triggering exceptions with controlled input. The exploitation method involves using any function that might throw an exception with user-controllable argument. This issue can lead to session hijacking and unauthorized administrative actions, posing a significant security risk. Version 2024-04 contains a fix for the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Tirthikas/XSSplore +- https://github.com/ismailmazumder/SL7CVELabsBuilder +- https://github.com/securelayer7/Research + diff --git a/2024/CVE-2024-31207.md b/2024/CVE-2024-31207.md index a08e553acf..1b5e0a3eaf 100644 --- a/2024/CVE-2024-31207.md +++ b/2024/CVE-2024-31207.md @@ -14,6 +14,7 @@ Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend buil No PoCs from references. #### Github +- https://github.com/dhushyanth-h-m/PetFinder - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nics-tw/sbom2vans diff --git a/2024/CVE-2024-3121.md b/2024/CVE-2024-3121.md new file mode 100644 index 0000000000..a80a623ea0 --- /dev/null +++ b/2024/CVE-2024-3121.md @@ -0,0 +1,18 @@ +### [CVE-2024-3121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3121) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code&color=brighgreen) + +### Description + +A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/dark-ninja10/CVE-2024-3121 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-31211.md b/2024/CVE-2024-31211.md index 78f4e90f27..685c5e692e 100644 --- a/2024/CVE-2024-31211.md +++ b/2024/CVE-2024-31211.md @@ -13,6 +13,8 @@ WordPress is an open publishing platform for the Web. Unserialization of instanc No PoCs from references. #### Github +- https://github.com/Abdurahmon3236/-CVE-2024-31211 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tpcybersec/TP-VulnBox - https://github.com/truocphan/TP-VulnBox diff --git a/2024/CVE-2024-31228.md b/2024/CVE-2024-31228.md new file mode 100644 index 0000000000..fd4bc00beb --- /dev/null +++ b/2024/CVE-2024-31228.md @@ -0,0 +1,17 @@ +### [CVE-2024-31228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31228) +![](https://img.shields.io/static/v1?label=Product&message=redis&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.2.5%2C%20%3C%206.2.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen) + +### Description + +Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Abhinandan-Khurana/rediergeon + diff --git a/2024/CVE-2024-31317.md b/2024/CVE-2024-31317.md new file mode 100644 index 0000000000..bc201fa3c8 --- /dev/null +++ b/2024/CVE-2024-31317.md @@ -0,0 +1,30 @@ +### [CVE-2024-31317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31317) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Anonymous941/zygote-injection-toolkit +- https://github.com/FreeXR/exploits +- https://github.com/PenumbraOS/docs +- https://github.com/PenumbraOS/pinitd +- https://github.com/WebLDix/CVE-2024-31317-PoC-Deployer +- https://github.com/agg23/android_31317_exploit_rs +- https://github.com/agg23/cve-2024-31317 +- https://github.com/canyie/CVE-2024-0044 +- https://github.com/fuhei/CVE-2024-31317 +- https://github.com/jmywh1/CVE-2024-31317 +- https://github.com/mianliupindao/CVE-2024-31317-PoC-Deployer +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/rifting/Zygotroller +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-31319.md b/2024/CVE-2024-31319.md index f4931f66fa..12ae7ab358 100644 --- a/2024/CVE-2024-31319.md +++ b/2024/CVE-2024-31319.md @@ -13,5 +13,6 @@ In updateNotificationChannelFromPrivilegedListener of NotificationManagerService No PoCs from references. #### Github +- https://github.com/MssGmz99/fix-02-failure-CVE-2024-31319-CVE-2024-0039 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-31320.md b/2024/CVE-2024-31320.md new file mode 100644 index 0000000000..e7c35f5620 --- /dev/null +++ b/2024/CVE-2024-31320.md @@ -0,0 +1,18 @@ +### [CVE-2024-31320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31320) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012L%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-31320- +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-31333.md b/2024/CVE-2024-31333.md new file mode 100644 index 0000000000..a22df7c928 --- /dev/null +++ b/2024/CVE-2024-31333.md @@ -0,0 +1,17 @@ +### [CVE-2024-31333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31333) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%20SoC%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Unknown&color=brighgreen) + +### Description + +In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-31337.md b/2024/CVE-2024-31337.md new file mode 100644 index 0000000000..99caf3a5ca --- /dev/null +++ b/2024/CVE-2024-31337.md @@ -0,0 +1,17 @@ +### [CVE-2024-31337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31337) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%20SoC%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xspade/cve-finder + diff --git a/2024/CVE-2024-31344.md b/2024/CVE-2024-31344.md new file mode 100644 index 0000000000..33a918ffb3 --- /dev/null +++ b/2024/CVE-2024-31344.md @@ -0,0 +1,17 @@ +### [CVE-2024-31344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31344) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Login%20Styler%20%E2%80%93%20White%20Label%20Admin%20Login%20Page%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-3137.md b/2024/CVE-2024-3137.md new file mode 100644 index 0000000000..e935562cad --- /dev/null +++ b/2024/CVE-2024-3137.md @@ -0,0 +1,17 @@ +### [CVE-2024-3137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3137) +![](https://img.shields.io/static/v1?label=Product&message=uvdesk%2Fcommunity-skeleton&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Improper Privilege Management in uvdesk/community-skeleton + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sahildari/sahildari + diff --git a/2024/CVE-2024-31370.md b/2024/CVE-2024-31370.md new file mode 100644 index 0000000000..a93641c706 --- /dev/null +++ b/2024/CVE-2024-31370.md @@ -0,0 +1,17 @@ +### [CVE-2024-31370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31370) +![](https://img.shields.io/static/v1?label=Product&message=AIKit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.14.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xbz0n/xbz0n + diff --git a/2024/CVE-2024-31387.md b/2024/CVE-2024-31387.md new file mode 100644 index 0000000000..ee3b00a09d --- /dev/null +++ b/2024/CVE-2024-31387.md @@ -0,0 +1,17 @@ +### [CVE-2024-31387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31387) +![](https://img.shields.io/static/v1?label=Product&message=Popup%20Like%20box&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-31392.md b/2024/CVE-2024-31392.md new file mode 100644 index 0000000000..609e679c9f --- /dev/null +++ b/2024/CVE-2024-31392.md @@ -0,0 +1,17 @@ +### [CVE-2024-31392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31392) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20124%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Firefox%20on%20iOS%20would%20show%20pages%20with%20mixed%20content%20secure&color=brighgreen) + +### Description + +If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1875925 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31420.md b/2024/CVE-2024-31420.md index c41988bfc2..b9403857ce 100644 --- a/2024/CVE-2024-31420.md +++ b/2024/CVE-2024-31420.md @@ -1,7 +1,5 @@ ### [CVE-2024-31420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31420) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Virtualization%204&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=cnv&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=kubevirt&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20Pointer%20Dereference&color=brighgreen) diff --git a/2024/CVE-2024-31448.md b/2024/CVE-2024-31448.md new file mode 100644 index 0000000000..4296240ab3 --- /dev/null +++ b/2024/CVE-2024-31448.md @@ -0,0 +1,17 @@ +### [CVE-2024-31448](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31448) +![](https://img.shields.io/static/v1?label=Product&message=iTop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to upgrade should validate CSV content before importing it. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Harshit-Mashru/iTop-CVEs-exploit + diff --git a/2024/CVE-2024-31449.md b/2024/CVE-2024-31449.md new file mode 100644 index 0000000000..41c12f3f69 --- /dev/null +++ b/2024/CVE-2024-31449.md @@ -0,0 +1,22 @@ +### [CVE-2024-31449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31449) +![](https://img.shields.io/static/v1?label=Product&message=redis&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.6%2C%20%3C%206.2.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Abhinandan-Khurana/rediergeon +- https://github.com/Threekiii/CVE +- https://github.com/daeseong1209/CVE-2024-31449 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024 + diff --git a/2024/CVE-2024-31459.md b/2024/CVE-2024-31459.md index eaf7198532..8c4675c15c 100644 --- a/2024/CVE-2024-31459.md +++ b/2024/CVE-2024-31459.md @@ -14,5 +14,6 @@ Cacti provides an operational monitoring and fault management framework. Prior t - https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r #### Github -No PoCs found on GitHub currently. +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Threekiii/Awesome-POC diff --git a/2024/CVE-2024-31497.md b/2024/CVE-2024-31497.md index dba8897ec7..679f6c4198 100644 --- a/2024/CVE-2024-31497.md +++ b/2024/CVE-2024-31497.md @@ -15,13 +15,17 @@ In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an - https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/ #### Github +- https://github.com/CyberSecAI/cve_info_refs_crawler - https://github.com/HugoBond/CVE-2024-31497-POC - https://github.com/PazDak/LoonSecurity +- https://github.com/RUB-NDS/SSH-Client-Signatures-Artifacts - https://github.com/ViktorNaum/CVE-2024-31497-POC +- https://github.com/ahornyai/lattice_talk - https://github.com/daedalus/BreakingECDSAwithLLL - https://github.com/edutko/cve-2024-31497 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sh1k4ku/CVE-2024-31497 - https://github.com/tanjiti/sec_profile +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-31502.md b/2024/CVE-2024-31502.md index dbe67a31d0..dddaaa67f6 100644 --- a/2024/CVE-2024-31502.md +++ b/2024/CVE-2024-31502.md @@ -13,5 +13,5 @@ An issue in Insurance Management System v.1.0.0 and before allows a remote attac - https://github.com/sahildari/cve/blob/master/CVE-2024-31502.md #### Github -No PoCs found on GitHub currently. +- https://github.com/sahildari/sahildari diff --git a/2024/CVE-2024-3154.md b/2024/CVE-2024-3154.md index 2a4dba80e0..2cbe6879eb 100644 --- a/2024/CVE-2024-3154.md +++ b/2024/CVE-2024-3154.md @@ -19,5 +19,7 @@ A flaw was found in cri-o, where an arbitrary systemd property can be injected v #### Github - https://github.com/cdxiaodong/CVE-2024-3154-communication - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/seasonny/systemd-injection-checker-webhook diff --git a/2024/CVE-2024-3156.md b/2024/CVE-2024-3156.md index 8cdf288a88..280dcde987 100644 --- a/2024/CVE-2024-3156.md +++ b/2024/CVE-2024-3156.md @@ -14,4 +14,6 @@ Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allo #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-3157.md b/2024/CVE-2024-3157.md index 8e3c60aecf..30303985bc 100644 --- a/2024/CVE-2024-3157.md +++ b/2024/CVE-2024-3157.md @@ -14,4 +14,6 @@ Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-31580.md b/2024/CVE-2024-31580.md new file mode 100644 index 0000000000..35df7e89c8 --- /dev/null +++ b/2024/CVE-2024-31580.md @@ -0,0 +1,17 @@ +### [CVE-2024-31580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31580) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kshartman/voicemail-transcriber + diff --git a/2024/CVE-2024-31585.md b/2024/CVE-2024-31585.md new file mode 100644 index 0000000000..26e890a9f6 --- /dev/null +++ b/2024/CVE-2024-31585.md @@ -0,0 +1,17 @@ +### [CVE-2024-31585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31585) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Tkwapong85/nessus-vulnerability-assessment-001 + diff --git a/2024/CVE-2024-3159.md b/2024/CVE-2024-3159.md index b00ed5b5fd..6fb7f52d23 100644 --- a/2024/CVE-2024-3159.md +++ b/2024/CVE-2024-3159.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-3163.md b/2024/CVE-2024-3163.md new file mode 100644 index 0000000000..d2f4171261 --- /dev/null +++ b/2024/CVE-2024-3163.md @@ -0,0 +1,17 @@ +### [CVE-2024-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3163) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Property%20Listings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f89c8654-5486-4939-880d-101f33d359c0/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31666.md b/2024/CVE-2024-31666.md index 7a2d9a5b77..105c21696b 100644 --- a/2024/CVE-2024-31666.md +++ b/2024/CVE-2024-31666.md @@ -13,5 +13,6 @@ An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary cod No PoCs from references. #### Github +- https://github.com/hapa3/CVE-2024-31666 - https://github.com/hapa3/cms diff --git a/2024/CVE-2024-31695.md b/2024/CVE-2024-31695.md new file mode 100644 index 0000000000..ab30faf53f --- /dev/null +++ b/2024/CVE-2024-31695.md @@ -0,0 +1,17 @@ +### [CVE-2024-31695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31695) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/FpAuth/FpAuthAnalysis + diff --git a/2024/CVE-2024-31744.md b/2024/CVE-2024-31744.md index 5c2c31999d..7b00089a31 100644 --- a/2024/CVE-2024-31744.md +++ b/2024/CVE-2024-31744.md @@ -13,5 +13,6 @@ In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec - https://github.com/jasper-software/jasper/issues/381 #### Github -No PoCs found on GitHub currently. +- https://github.com/NASP-THU/ProphetFuzz +- https://github.com/waugustus/waugustus diff --git a/2024/CVE-2024-31745.md b/2024/CVE-2024-31745.md index c7a6f51c41..9dd2052403 100644 --- a/2024/CVE-2024-31745.md +++ b/2024/CVE-2024-31745.md @@ -13,5 +13,7 @@ No PoCs from references. #### Github +- https://github.com/NASP-THU/ProphetFuzz - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/waugustus/waugustus diff --git a/2024/CVE-2024-31747.md b/2024/CVE-2024-31747.md index 6b4b817883..9d6363b21a 100644 --- a/2024/CVE-2024-31747.md +++ b/2024/CVE-2024-31747.md @@ -10,6 +10,7 @@ An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 12 ### POC #### Reference +- https://medium.com/%40deepsahu1/yealink-vp59-microsoft-teams-phone-lock-bypass-b7fee9dd9c8c - https://medium.com/@deepsahu1/yealink-vp59-microsoft-teams-phone-lock-bypass-b7fee9dd9c8c #### Github diff --git a/2024/CVE-2024-31750.md b/2024/CVE-2024-31750.md index 8100a5b649..18873bfefc 100644 --- a/2024/CVE-2024-31750.md +++ b/2024/CVE-2024-31750.md @@ -13,6 +13,24 @@ SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/opendr-io/causality - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-3177.md b/2024/CVE-2024-3177.md new file mode 100644 index 0000000000..4fb04e002e --- /dev/null +++ b/2024/CVE-2024-3177.md @@ -0,0 +1,19 @@ +### [CVE-2024-3177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3177) +![](https://img.shields.io/static/v1?label=Product&message=Kubernetes&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%201.27.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cgv-Dev/Metasploit-Module-TFM +- https://github.com/noirfate/k8s_debug +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-31771.md b/2024/CVE-2024-31771.md index da7035b525..3d8dc514ca 100644 --- a/2024/CVE-2024-31771.md +++ b/2024/CVE-2024-31771.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/restdone/CVE-2024-31771 +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-31805.md b/2024/CVE-2024-31805.md new file mode 100644 index 0000000000..aa866c6790 --- /dev/null +++ b/2024/CVE-2024-31805.md @@ -0,0 +1,17 @@ +### [CVE-2024-31805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31805) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31806.md b/2024/CVE-2024-31806.md new file mode 100644 index 0000000000..87ac216618 --- /dev/null +++ b/2024/CVE-2024-31806.md @@ -0,0 +1,17 @@ +### [CVE-2024-31806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31806) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31807.md b/2024/CVE-2024-31807.md new file mode 100644 index 0000000000..23085d4790 --- /dev/null +++ b/2024/CVE-2024-31807.md @@ -0,0 +1,17 @@ +### [CVE-2024-31807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31807) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31808.md b/2024/CVE-2024-31808.md new file mode 100644 index 0000000000..a09d423d93 --- /dev/null +++ b/2024/CVE-2024-31808.md @@ -0,0 +1,17 @@ +### [CVE-2024-31808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31808) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31809.md b/2024/CVE-2024-31809.md new file mode 100644 index 0000000000..5dad9ef148 --- /dev/null +++ b/2024/CVE-2024-31809.md @@ -0,0 +1,17 @@ +### [CVE-2024-31809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31809) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31810.md b/2024/CVE-2024-31810.md new file mode 100644 index 0000000000..8243887247 --- /dev/null +++ b/2024/CVE-2024-31810.md @@ -0,0 +1,17 @@ +### [CVE-2024-31810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31810) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31811.md b/2024/CVE-2024-31811.md new file mode 100644 index 0000000000..db0b929919 --- /dev/null +++ b/2024/CVE-2024-31811.md @@ -0,0 +1,17 @@ +### [CVE-2024-31811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31811) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31812.md b/2024/CVE-2024-31812.md new file mode 100644 index 0000000000..a7a8a54464 --- /dev/null +++ b/2024/CVE-2024-31812.md @@ -0,0 +1,17 @@ +### [CVE-2024-31812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31812) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31813.md b/2024/CVE-2024-31813.md new file mode 100644 index 0000000000..3b7b8f70ef --- /dev/null +++ b/2024/CVE-2024-31813.md @@ -0,0 +1,17 @@ +### [CVE-2024-31813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31813) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31814.md b/2024/CVE-2024-31814.md new file mode 100644 index 0000000000..6932cbe884 --- /dev/null +++ b/2024/CVE-2024-31814.md @@ -0,0 +1,17 @@ +### [CVE-2024-31814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31814) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31815.md b/2024/CVE-2024-31815.md new file mode 100644 index 0000000000..f3eec6d6ad --- /dev/null +++ b/2024/CVE-2024-31815.md @@ -0,0 +1,17 @@ +### [CVE-2024-31815](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31815) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31816.md b/2024/CVE-2024-31816.md new file mode 100644 index 0000000000..289da845ef --- /dev/null +++ b/2024/CVE-2024-31816.md @@ -0,0 +1,17 @@ +### [CVE-2024-31816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31816) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31817.md b/2024/CVE-2024-31817.md new file mode 100644 index 0000000000..2b0723d23c --- /dev/null +++ b/2024/CVE-2024-31817.md @@ -0,0 +1,17 @@ +### [CVE-2024-31817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31817) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-31819.md b/2024/CVE-2024-31819.md index c4628e8883..c02a6a21ba 100644 --- a/2024/CVE-2024-31819.md +++ b/2024/CVE-2024-31819.md @@ -18,5 +18,8 @@ An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execut - https://github.com/Chocapikk/Chocapikk - https://github.com/Chocapikk/My-CVEs - https://github.com/Jhonsonwannaa/CVE-2024-31819 +- https://github.com/dream434/CVE-2024-31819 +- https://github.com/dream434/dream434 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-3183.md b/2024/CVE-2024-3183.md index bf120582fd..bc76502a3d 100644 --- a/2024/CVE-2024-3183.md +++ b/2024/CVE-2024-3183.md @@ -25,6 +25,8 @@ A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypt No PoCs from references. #### Github +- https://github.com/Cyxow/CVE-2024-3183-POC - https://github.com/dkadev/awesome-stars - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/nu11zy/ipapocket diff --git a/2024/CVE-2024-31835.md b/2024/CVE-2024-31835.md new file mode 100644 index 0000000000..3e54255666 --- /dev/null +++ b/2024/CVE-2024-31835.md @@ -0,0 +1,17 @@ +### [CVE-2024-31835](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31835) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/paragbagul111/CVE-2024-31835 + diff --git a/2024/CVE-2024-31868.md b/2024/CVE-2024-31868.md index f5e292fb52..953314418e 100644 --- a/2024/CVE-2024-31868.md +++ b/2024/CVE-2024-31868.md @@ -1,7 +1,7 @@ ### [CVE-2024-31868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31868) ![](https://img.shields.io/static/v1?label=Product&message=Apache%20Zeppelin&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0.8.2%3C%200.11.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-31903.md b/2024/CVE-2024-31903.md new file mode 100644 index 0000000000..14f4e65d01 --- /dev/null +++ b/2024/CVE-2024-31903.md @@ -0,0 +1,18 @@ +### [CVE-2024-31903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31903) +![](https://img.shields.io/static/v1?label=Product&message=Sterling%20B2B%20Integrator%20Standard%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0.0%3C%3D%206.1.2.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ReversecLabs/ibm-sterling-b2b-integrator-poc +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-31952.md b/2024/CVE-2024-31952.md new file mode 100644 index 0000000000..2920b8da94 --- /dev/null +++ b/2024/CVE-2024-31952.md @@ -0,0 +1,17 @@ +### [CVE-2024-31952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31952) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pwn2carr/pwn2carr + diff --git a/2024/CVE-2024-31953.md b/2024/CVE-2024-31953.md new file mode 100644 index 0000000000..92f8c5c5e4 --- /dev/null +++ b/2024/CVE-2024-31953.md @@ -0,0 +1,17 @@ +### [CVE-2024-31953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31953) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pwn2carr/pwn2carr + diff --git a/2024/CVE-2024-31964.md b/2024/CVE-2024-31964.md index 60bfedb674..2c34af31b4 100644 --- a/2024/CVE-2024-31964.md +++ b/2024/CVE-2024-31964.md @@ -13,5 +13,7 @@ A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 No PoCs from references. #### Github +- https://github.com/d-Raco/CVE-2024-31964 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-31970.md b/2024/CVE-2024-31970.md index ea9c9f0c2a..76fb1a85d0 100644 --- a/2024/CVE-2024-31970.md +++ b/2024/CVE-2024-31970.md @@ -5,7 +5,7 @@ ### Description -AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. +** DISPUTED ** AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. NOTE: The vendor has disputed this, finding the report not applicable. According to AdTran, SSH has never been accessible (from WAN) on SmartOS official builds. Furthermore, the vendor adds that test build 11.1.0.101-202106231430 was never released to end users. ### POC diff --git a/2024/CVE-2024-31971.md b/2024/CVE-2024-31971.md index c4829b5ecd..86788e6ff1 100644 --- a/2024/CVE-2024-31971.md +++ b/2024/CVE-2024-31971.md @@ -5,7 +5,7 @@ ### Description -**UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. +** UNSUPPORTED WHEN ASSIGNED ** Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. ### POC diff --git a/2024/CVE-2024-31972.md b/2024/CVE-2024-31972.md new file mode 100644 index 0000000000..9af6089728 --- /dev/null +++ b/2024/CVE-2024-31972.md @@ -0,0 +1,17 @@ +### [CVE-2024-31972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31972) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediately when a user logs into the admin page. This affects /admin/wifi/wlan1 and /admin/wifi/wlan_guest. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-31973.md b/2024/CVE-2024-31973.md new file mode 100644 index 0000000000..311cac1d7b --- /dev/null +++ b/2024/CVE-2024-31973.md @@ -0,0 +1,17 @@ +### [CVE-2024-31973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31973) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-31975.md b/2024/CVE-2024-31975.md new file mode 100644 index 0000000000..3e3ab5608d --- /dev/null +++ b/2024/CVE-2024-31975.md @@ -0,0 +1,17 @@ +### [CVE-2024-31975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31975) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-31976.md b/2024/CVE-2024-31976.md new file mode 100644 index 0000000000..6db482a3e1 --- /dev/null +++ b/2024/CVE-2024-31976.md @@ -0,0 +1,17 @@ +### [CVE-2024-31976](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31976) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-31977.md b/2024/CVE-2024-31977.md index 579e85da23..5f00db8c18 100644 --- a/2024/CVE-2024-31977.md +++ b/2024/CVE-2024-31977.md @@ -5,7 +5,7 @@ ### Description -Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.5.5.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. +Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. ### POC @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/actuator/cve +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-31982.md b/2024/CVE-2024-31982.md index dcf0ff65bb..0acbb28cc7 100644 --- a/2024/CVE-2024-31982.md +++ b/2024/CVE-2024-31982.md @@ -13,9 +13,20 @@ XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 a - https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982 #### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/NanoWraith/CVE-2024-31982 - https://github.com/Ostorlab/KEV +- https://github.com/adysec/POC - https://github.com/bigb0x/CVE-2024-31982 +- https://github.com/defHawk-tech/CVEs - https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/laoa1573/wy876 +- https://github.com/mridulchamoli93/htb-md- - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile +- https://github.com/th3gokul/CVE-2024-31982 diff --git a/2024/CVE-2024-31989.md b/2024/CVE-2024-31989.md index 336b9b9759..40e38ed549 100644 --- a/2024/CVE-2024-31989.md +++ b/2024/CVE-2024-31989.md @@ -14,4 +14,5 @@ Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/vt0x78/CVE-2024-31989 diff --git a/2024/CVE-2024-31998.md b/2024/CVE-2024-31998.md new file mode 100644 index 0000000000..b22703b4cd --- /dev/null +++ b/2024/CVE-2024-31998.md @@ -0,0 +1,17 @@ +### [CVE-2024-31998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31998) +![](https://img.shields.io/static/v1?label=Product&message=iTop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Harshit-Mashru/iTop-CVEs-exploit + diff --git a/2024/CVE-2024-3200.md b/2024/CVE-2024-3200.md new file mode 100644 index 0000000000..c2f63fdf5e --- /dev/null +++ b/2024/CVE-2024-3200.md @@ -0,0 +1,17 @@ +### [CVE-2024-3200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3200) +![](https://img.shields.io/static/v1?label=Product&message=wpForo%20Forum&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AkihiroSuda/vexllm + diff --git a/2024/CVE-2024-32002.md b/2024/CVE-2024-32002.md index 1a96266d8b..5ca0ed89a2 100644 --- a/2024/CVE-2024-32002.md +++ b/2024/CVE-2024-32002.md @@ -14,6 +14,7 @@ Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42 No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve - https://github.com/10cks/CVE-2024-32002-EXP - https://github.com/10cks/CVE-2024-32002-POC @@ -22,31 +23,73 @@ No PoCs from references. - https://github.com/10cks/CVE-2024-32002-linux-submod - https://github.com/10cks/CVE-2024-32002-submod - https://github.com/10cks/hook +- https://github.com/12442RF/POC - https://github.com/1mxml/CVE-2024-32002-poc - https://github.com/431m/rcetest - https://github.com/AD-Appledog/CVE-2024-32002 - https://github.com/AD-Appledog/wakuwaku +- https://github.com/AboSteam/POPC +- https://github.com/AkihiroSuda/vexllm +- https://github.com/Anomaly-8/ZPOZAS_lab2 +- https://github.com/BahrainMobilityInternational/BMI-02 - https://github.com/Basyaact/CVE-2024-32002-PoC_Chinese - https://github.com/CrackerCat/CVE-2024-32002_EXP +- https://github.com/DMW11525708/wiki +- https://github.com/Dgporte/ExerciciosDockerPB2025 +- https://github.com/Dre4m017/fuzzy +- https://github.com/EQSTLab/git_rce +- https://github.com/EQSTLab/hook +- https://github.com/FlojBoj/CVE-2024-32002 +- https://github.com/Gandhiprakash07/Trail01 - https://github.com/GhostTroops/TOP - https://github.com/Goplush/CVE-2024-32002-git-rce - https://github.com/Hector65432/cve-2024-32002-1 - https://github.com/Hector65432/cve-2024-32002-2 +- https://github.com/IK-20211125/CVE-2025-48384 - https://github.com/JJoosh/CVE-2024-32002 - https://github.com/JJoosh/CVE-2024-32002-Reverse-Shell - https://github.com/JakobTheDev/cve-2024-32002-poc-aw - https://github.com/JakobTheDev/cve-2024-32002-poc-rce - https://github.com/JakobTheDev/cve-2024-32002-submodule-aw - https://github.com/JakobTheDev/cve-2024-32002-submodule-rce +- https://github.com/JoaoLeonello/cve-2024-32002-poc +- https://github.com/Julian-gmz/hook_CVE-2024-32002 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Leviticus-Triage/ChromSploit-Framework +- https://github.com/Linxloop/fork_POC +- https://github.com/LoongBa/ReplaceAllGit - https://github.com/M507/CVE-2024-32002 +- https://github.com/Masamuneee/CVE-2024-32002-POC +- https://github.com/Masamuneee/hook +- https://github.com/NishanthAnand21/CVE-2024-32002-PoC +- https://github.com/O-Carneiro/cve_2024_32002_hook +- https://github.com/O-Carneiro/cve_2024_32002_rce +- https://github.com/PierrunoYT/ai-code-reviewer +- https://github.com/Reh46/WEB1 - https://github.com/Roronoawjd/git_rce - https://github.com/Roronoawjd/hook +- https://github.com/SpycioKon/CVE-2024-32002 +- https://github.com/Sriramv1979/sriscreener +- https://github.com/TSY244/CVE-2024-32002-git-rce +- https://github.com/TSY244/CVE-2024-32002-git-rce-father-poc +- https://github.com/VuNgocTan/rce_on_git - https://github.com/WOOOOONG/CVE-2024-32002 - https://github.com/WOOOOONG/hook - https://github.com/WOOOOONG/submod +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/cve-2024-32002-poc +- https://github.com/Yuan08o/pocs - https://github.com/YuanlooSec/CVE-2024-32002-poc +- https://github.com/YukaFake/CVE-2024-32002 +- https://github.com/YukaFake/CVE-2024-32002-Reverse-Shell +- https://github.com/Z3r0u53r/hehe - https://github.com/Zhang-Yiiliin/test_cve_2024_32002 - https://github.com/Zombie-Kaiser/Zombie-Kaiser +- https://github.com/abdulrahmanasdfghj/brubru +- https://github.com/abglnv/SH-2024-ORCH +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/aitorcastel/poc_CVE-2024-32002 - https://github.com/aitorcastel/poc_CVE-2024-32002_submodule - https://github.com/ak-phyo/gitrce_poc @@ -56,14 +99,31 @@ No PoCs from references. - https://github.com/amalmurali47/git_rce - https://github.com/amalmurali47/hook - https://github.com/aneasystone/github-trending +- https://github.com/ashutosh0408/CVE-2024-32002 +- https://github.com/ashutosh0408/Cve-2024-32002-poc - https://github.com/bfengj/CVE-2024-32002-Exploit - https://github.com/bfengj/CVE-2024-32002-hook - https://github.com/bfengj/Security-Paper-Learing +- https://github.com/biswa2112/git_rce +- https://github.com/blackninja23/CVE-2024-32002 +- https://github.com/bonnettheo/CVE-2024-32002 +- https://github.com/botaktrade/ExnessID.com +- https://github.com/charlesgargasson/CVE-2024-32002 +- https://github.com/charlesgargasson/charlesgargasson +- https://github.com/chrisWalker11/running-CVE-2024-32002-locally-for-tesing +- https://github.com/chunnni/cicd_git_rce +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/coffeescholar/ReplaceAllGit - https://github.com/cojoben/git_rce +- https://github.com/daemon-reconfig/CVE-2024-32002 - https://github.com/dzx825/32002 +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fadhilthomas/hook - https://github.com/fadhilthomas/poc-cve-2024-32002 +- https://github.com/grecosamuel/CVE-2024-32002 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/happymimimix/Git-Auto-Updater +- https://github.com/iemotion/POC - https://github.com/jafshare/GithubTrending - https://github.com/jerrydotlam/cve-2024-32002-1 - https://github.com/jerrydotlam/cve-2024-32002-2 @@ -72,22 +132,36 @@ No PoCs from references. - https://github.com/jweny/CVE-2024-32002_EXP - https://github.com/jweny/CVE-2024-32002_HOOK - https://github.com/kun-g/Scraping-Github-trending +- https://github.com/laoa1573/wy876 - https://github.com/logzio/trivy-to-logzio - https://github.com/markuta/CVE-2024-32002 - https://github.com/markuta/hooky - https://github.com/myseq/ms_patch_tuesday - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/p1tsi/misc - https://github.com/pkjmesra/PKScreener +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/pysnow1/gitrce +- https://github.com/reactor16/gitexpl +- https://github.com/robertsirc/sle-bci-demo - https://github.com/safebuffer/CVE-2024-32002 - https://github.com/sampsonv/github-trending +- https://github.com/sanan2004/CVE-2024-32002 - https://github.com/seekerzz/MyRSSSync +- https://github.com/suvani-ctrl/VAPT__sample +- https://github.com/sysonlai/CVE-2024-32002-hook - https://github.com/tanjiti/sec_profile - https://github.com/testing-felickz/docker-scout-demo +- https://github.com/th4s1s/CVE-2024-32002-PoC +- https://github.com/th4s1s/better-sqlite - https://github.com/tobelight/cve_2024_32002 - https://github.com/tobelight/cve_2024_32002_hook - https://github.com/vincepsh/CVE-2024-32002 - https://github.com/vincepsh/CVE-2024-32002-hook +- https://github.com/winstest/test2 +- https://github.com/wjdgnsdl213/git_rce +- https://github.com/wjdgnsdl213/hook - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki @@ -95,4 +169,5 @@ No PoCs from references. - https://github.com/ycdxsb/CVE-2024-32002-submod - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart - https://github.com/zhaoxiaoha/github-trending +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-32004.md b/2024/CVE-2024-32004.md index 7687bf2d9b..4c6dc826ef 100644 --- a/2024/CVE-2024-32004.md +++ b/2024/CVE-2024-32004.md @@ -14,7 +14,14 @@ No PoCs from references. #### Github - https://github.com/10cks/CVE-2024-32004-POC +- https://github.com/BahrainMobilityInternational/BMI-02 +- https://github.com/Gandhiprakash07/Trail01 +- https://github.com/PierrunoYT/ai-code-reviewer +- https://github.com/Reh46/WEB1 - https://github.com/Wadewfsssss/CVE-2024-32004 +- https://github.com/abdulrahmanasdfghj/brubru +- https://github.com/botaktrade/ExnessID.com - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/robertsirc/sle-bci-demo - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-32019.md b/2024/CVE-2024-32019.md index 3b27c82b38..c8f72da7ca 100644 --- a/2024/CVE-2024-32019.md +++ b/2024/CVE-2024-32019.md @@ -13,5 +13,14 @@ Netdata is an open source observability tool. In affected versions the `ndsudo` - https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 #### Github -No PoCs found on GitHub currently. +- https://github.com/AliElKhatteb/CVE-2024-32019-POC +- https://github.com/AzureADTrent/CVE-2024-32019-POC +- https://github.com/C0deInBlack/CVE-2024-32019-poc +- https://github.com/T1erno/CVE-2024-32019-Netdata-ndsudo-Privilege-Escalation-PoC +- https://github.com/dollarboysushil/CVE-2024-32019-Netdata-ndsudo-PATH-Vulnerability-Privilege-Escalation +- https://github.com/juanbelin/CVE-2024-32019-POC +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sPhyos/cve-2024-32019-PoC +- https://github.com/x0da6h/POC-for-CVE-2024-32019 +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-32020.md b/2024/CVE-2024-32020.md index 98d8108a6c..319bf25624 100644 --- a/2024/CVE-2024-32020.md +++ b/2024/CVE-2024-32020.md @@ -13,5 +13,10 @@ Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42 - https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj #### Github +- https://github.com/BahrainMobilityInternational/BMI-02 +- https://github.com/Gandhiprakash07/Trail01 +- https://github.com/Reh46/WEB1 +- https://github.com/abdulrahmanasdfghj/brubru +- https://github.com/botaktrade/ExnessID.com - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-32021.md b/2024/CVE-2024-32021.md index 6bd6c493cd..3285cbed84 100644 --- a/2024/CVE-2024-32021.md +++ b/2024/CVE-2024-32021.md @@ -13,5 +13,10 @@ Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42 - https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 #### Github +- https://github.com/BahrainMobilityInternational/BMI-02 +- https://github.com/Gandhiprakash07/Trail01 +- https://github.com/Reh46/WEB1 +- https://github.com/abdulrahmanasdfghj/brubru +- https://github.com/botaktrade/ExnessID.com - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-32022.md b/2024/CVE-2024-32022.md index 339af3d267..0d712a52b2 100644 --- a/2024/CVE-2024-32022.md +++ b/2024/CVE-2024-32022.md @@ -14,4 +14,9 @@ Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable #### Github - https://github.com/OrenGitHub/dhscanner +- https://github.com/jayB133/codeql-workshop +- https://github.com/sylwia-budzynska/2025-codergirls-codeql-workshop +- https://github.com/sylwia-budzynska/2025-soss-codeql-workshop +- https://github.com/sylwia-budzynska/codeql-workshop +- https://github.com/sylwia-budzynska/orangecon-2024-codeql-workshop diff --git a/2024/CVE-2024-32025.md b/2024/CVE-2024-32025.md index 4ecfea54ae..20f64eb2e6 100644 --- a/2024/CVE-2024-32025.md +++ b/2024/CVE-2024-32025.md @@ -13,5 +13,9 @@ Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable - https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss #### Github -No PoCs found on GitHub currently. +- https://github.com/jayB133/codeql-workshop +- https://github.com/sylwia-budzynska/2025-codergirls-codeql-workshop +- https://github.com/sylwia-budzynska/2025-soss-codeql-workshop +- https://github.com/sylwia-budzynska/codeql-workshop +- https://github.com/sylwia-budzynska/orangecon-2024-codeql-workshop diff --git a/2024/CVE-2024-32026.md b/2024/CVE-2024-32026.md index b1f43bbd76..c55526ef6b 100644 --- a/2024/CVE-2024-32026.md +++ b/2024/CVE-2024-32026.md @@ -13,5 +13,9 @@ Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable - https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss #### Github -No PoCs found on GitHub currently. +- https://github.com/jayB133/codeql-workshop +- https://github.com/sylwia-budzynska/2025-codergirls-codeql-workshop +- https://github.com/sylwia-budzynska/2025-soss-codeql-workshop +- https://github.com/sylwia-budzynska/codeql-workshop +- https://github.com/sylwia-budzynska/orangecon-2024-codeql-workshop diff --git a/2024/CVE-2024-32027.md b/2024/CVE-2024-32027.md index c5d26c2564..7f8adc63f8 100644 --- a/2024/CVE-2024-32027.md +++ b/2024/CVE-2024-32027.md @@ -13,5 +13,9 @@ Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22.6.1 is vul - https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss #### Github -No PoCs found on GitHub currently. +- https://github.com/jayB133/codeql-workshop +- https://github.com/sylwia-budzynska/2025-codergirls-codeql-workshop +- https://github.com/sylwia-budzynska/2025-soss-codeql-workshop +- https://github.com/sylwia-budzynska/codeql-workshop +- https://github.com/sylwia-budzynska/orangecon-2024-codeql-workshop diff --git a/2024/CVE-2024-32030.md b/2024/CVE-2024-32030.md index abedc07177..92c2e93fed 100644 --- a/2024/CVE-2024-32030.md +++ b/2024/CVE-2024-32030.md @@ -17,5 +17,6 @@ Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allo - https://github.com/Drun1baby/CVE-Reproduction-And-Analysis - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Threekiii/CVE +- https://github.com/huseyinstif/CVE-2024-32030-Nuclei-Template - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-32083.md b/2024/CVE-2024-32083.md new file mode 100644 index 0000000000..1847e1a3c3 --- /dev/null +++ b/2024/CVE-2024-32083.md @@ -0,0 +1,17 @@ +### [CVE-2024-32083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32083) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Logo&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-32104.md b/2024/CVE-2024-32104.md index deaec83a38..eb6218c21b 100644 --- a/2024/CVE-2024-32104.md +++ b/2024/CVE-2024-32104.md @@ -13,5 +13,6 @@ Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This No PoCs from references. #### Github +- https://github.com/Cerberus-HiproPlus/CVE-2024-32104 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-32113.md b/2024/CVE-2024-32113.md index 916bdd9c4b..7e86138c65 100644 --- a/2024/CVE-2024-32113.md +++ b/2024/CVE-2024-32113.md @@ -13,15 +13,19 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/DoTTak/Apache-OFBiz-1-Day-Analysis - https://github.com/Mr-xn/CVE-2024-32113 - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV - https://github.com/RacerZ-fighting/CVE-2024-32113-POC - https://github.com/RacerZ-fighting/RacerZ-fighting +- https://github.com/Tamerabdalrazaq/Linux-Stateful-Firewall - https://github.com/Threekiii/CVE +- https://github.com/YongYe-Security/CVE-2024-32113 - https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit - https://github.com/enomothem/PenTestNote - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/guinea-offensive-security/Ofbiz-RCE - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-32136.md b/2024/CVE-2024-32136.md index c8de2efa23..b6acbe658f 100644 --- a/2024/CVE-2024-32136.md +++ b/2024/CVE-2024-32136.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xbz0n/CVE-2024-32136 +- https://github.com/xbz0n/xbz0n diff --git a/2024/CVE-2024-32151.md b/2024/CVE-2024-32151.md new file mode 100644 index 0000000000..4ef6fb62a1 --- /dev/null +++ b/2024/CVE-2024-32151.md @@ -0,0 +1,18 @@ +### [CVE-2024-32151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32151) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Storing%20passwords%20in%20a%20recoverable%20format&color=brighgreen) + +### Description + +User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3219.md b/2024/CVE-2024-3219.md index 9a6ebac765..6ebbd53d1c 100644 --- a/2024/CVE-2024-3219.md +++ b/2024/CVE-2024-3219.md @@ -1,11 +1,11 @@ ### [CVE-2024-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3219) ![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.12.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.8.20%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description -There is a MEDIUM severity vulnerability affecting CPython.The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer.Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. +The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer.Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. ### POC diff --git a/2024/CVE-2024-32258.md b/2024/CVE-2024-32258.md index 22b52d51cc..457b70244e 100644 --- a/2024/CVE-2024-32258.md +++ b/2024/CVE-2024-32258.md @@ -17,4 +17,5 @@ The network server of fceux 2.7.0 has a path traversal vulnerability, allowing a - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/liyansong2018/CVE-2024-32258 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/secnotes/CVE-2024-32258 diff --git a/2024/CVE-2024-32281.md b/2024/CVE-2024-32281.md index ba532d9ea8..634e05bb8d 100644 --- a/2024/CVE-2024-32281.md +++ b/2024/CVE-2024-32281.md @@ -14,4 +14,5 @@ Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32282.md b/2024/CVE-2024-32282.md index 699e4ca56d..ff89cf3cc1 100644 --- a/2024/CVE-2024-32282.md +++ b/2024/CVE-2024-32282.md @@ -14,4 +14,5 @@ Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32283.md b/2024/CVE-2024-32283.md index 01bf2d9052..2edd43016f 100644 --- a/2024/CVE-2024-32283.md +++ b/2024/CVE-2024-32283.md @@ -14,4 +14,5 @@ Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexe #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32285.md b/2024/CVE-2024-32285.md index 9f5d15ca3d..078880cb20 100644 --- a/2024/CVE-2024-32285.md +++ b/2024/CVE-2024-32285.md @@ -14,4 +14,5 @@ Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via t #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32286.md b/2024/CVE-2024-32286.md index ed7d53a84e..b75be08e94 100644 --- a/2024/CVE-2024-32286.md +++ b/2024/CVE-2024-32286.md @@ -14,4 +14,5 @@ Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability locat #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32287.md b/2024/CVE-2024-32287.md index b4249ba8f8..d73b76873a 100644 --- a/2024/CVE-2024-32287.md +++ b/2024/CVE-2024-32287.md @@ -14,4 +14,5 @@ Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via t #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32288.md b/2024/CVE-2024-32288.md index 0de5ccc03d..667eecd305 100644 --- a/2024/CVE-2024-32288.md +++ b/2024/CVE-2024-32288.md @@ -14,4 +14,5 @@ Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability locat #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32290.md b/2024/CVE-2024-32290.md index fd976543a0..d4ecf0822e 100644 --- a/2024/CVE-2024-32290.md +++ b/2024/CVE-2024-32290.md @@ -14,4 +14,5 @@ Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via t #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32292.md b/2024/CVE-2024-32292.md index b258fcb0dd..d34d3ef301 100644 --- a/2024/CVE-2024-32292.md +++ b/2024/CVE-2024-32292.md @@ -14,4 +14,5 @@ Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablil #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32293.md b/2024/CVE-2024-32293.md index 3806681296..b7151b4db5 100644 --- a/2024/CVE-2024-32293.md +++ b/2024/CVE-2024-32293.md @@ -14,4 +14,5 @@ Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via t #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32299.md b/2024/CVE-2024-32299.md index 971aca5b63..c158e5a6c6 100644 --- a/2024/CVE-2024-32299.md +++ b/2024/CVE-2024-32299.md @@ -14,4 +14,5 @@ Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW pa #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32301.md b/2024/CVE-2024-32301.md index 9f6408b96e..2775b0ca20 100644 --- a/2024/CVE-2024-32301.md +++ b/2024/CVE-2024-32301.md @@ -14,4 +14,5 @@ Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the P #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32302.md b/2024/CVE-2024-32302.md index 1b8035b779..528d68a35d 100644 --- a/2024/CVE-2024-32302.md +++ b/2024/CVE-2024-32302.md @@ -14,4 +14,5 @@ Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32303.md b/2024/CVE-2024-32303.md index df643d5d68..b05aaac867 100644 --- a/2024/CVE-2024-32303.md +++ b/2024/CVE-2024-32303.md @@ -14,4 +14,5 @@ Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32305.md b/2024/CVE-2024-32305.md index 9dd2735fb6..acaedf42f7 100644 --- a/2024/CVE-2024-32305.md +++ b/2024/CVE-2024-32305.md @@ -14,4 +14,5 @@ Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via t #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32306.md b/2024/CVE-2024-32306.md index c239165d53..5a37281b0c 100644 --- a/2024/CVE-2024-32306.md +++ b/2024/CVE-2024-32306.md @@ -14,4 +14,5 @@ Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability locate #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32307.md b/2024/CVE-2024-32307.md index ba19652ea6..32b097b592 100644 --- a/2024/CVE-2024-32307.md +++ b/2024/CVE-2024-32307.md @@ -14,4 +14,5 @@ Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located v #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32310.md b/2024/CVE-2024-32310.md index e3fa581264..0833d37a23 100644 --- a/2024/CVE-2024-32310.md +++ b/2024/CVE-2024-32310.md @@ -14,4 +14,5 @@ Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32311.md b/2024/CVE-2024-32311.md index bcd6ddfaad..d0c014cab9 100644 --- a/2024/CVE-2024-32311.md +++ b/2024/CVE-2024-32311.md @@ -14,4 +14,5 @@ Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPw #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32312.md b/2024/CVE-2024-32312.md index 31bc42f371..6140b84227 100644 --- a/2024/CVE-2024-32312.md +++ b/2024/CVE-2024-32312.md @@ -14,4 +14,5 @@ Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32313.md b/2024/CVE-2024-32313.md index fde6263e93..31534b80c7 100644 --- a/2024/CVE-2024-32313.md +++ b/2024/CVE-2024-32313.md @@ -14,4 +14,5 @@ Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located v #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32314.md b/2024/CVE-2024-32314.md index f33ff06302..36af57d818 100644 --- a/2024/CVE-2024-32314.md +++ b/2024/CVE-2024-32314.md @@ -14,4 +14,5 @@ Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32315.md b/2024/CVE-2024-32315.md index 2304d8ccb1..99a6eecb94 100644 --- a/2024/CVE-2024-32315.md +++ b/2024/CVE-2024-32315.md @@ -14,4 +14,5 @@ Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32316.md b/2024/CVE-2024-32316.md index deffa2a678..d1056163c6 100644 --- a/2024/CVE-2024-32316.md +++ b/2024/CVE-2024-32316.md @@ -14,4 +14,5 @@ Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fr #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32317.md b/2024/CVE-2024-32317.md index 455836cf9e..82eb006870 100644 --- a/2024/CVE-2024-32317.md +++ b/2024/CVE-2024-32317.md @@ -14,4 +14,5 @@ Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vuln #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32318.md b/2024/CVE-2024-32318.md index 80611e9738..b719f95d44 100644 --- a/2024/CVE-2024-32318.md +++ b/2024/CVE-2024-32318.md @@ -14,4 +14,5 @@ Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the v #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-32320.md b/2024/CVE-2024-32320.md index 4b1f199c48..84da47ab9e 100644 --- a/2024/CVE-2024-32320.md +++ b/2024/CVE-2024-32320.md @@ -14,5 +14,6 @@ Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the t #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-32325.md b/2024/CVE-2024-32325.md new file mode 100644 index 0000000000..fe002c5f98 --- /dev/null +++ b/2024/CVE-2024-32325.md @@ -0,0 +1,17 @@ +### [CVE-2024-32325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32325) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-32326.md b/2024/CVE-2024-32326.md new file mode 100644 index 0000000000..e27eeaa051 --- /dev/null +++ b/2024/CVE-2024-32326.md @@ -0,0 +1,17 @@ +### [CVE-2024-32326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32326) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-32332.md b/2024/CVE-2024-32332.md new file mode 100644 index 0000000000..16ab4c7eaf --- /dev/null +++ b/2024/CVE-2024-32332.md @@ -0,0 +1,17 @@ +### [CVE-2024-32332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32332) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-32333.md b/2024/CVE-2024-32333.md new file mode 100644 index 0000000000..3d68a70997 --- /dev/null +++ b/2024/CVE-2024-32333.md @@ -0,0 +1,17 @@ +### [CVE-2024-32333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32333) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-32334.md b/2024/CVE-2024-32334.md new file mode 100644 index 0000000000..fba4fd4a39 --- /dev/null +++ b/2024/CVE-2024-32334.md @@ -0,0 +1,17 @@ +### [CVE-2024-32334](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32334) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-32335.md b/2024/CVE-2024-32335.md new file mode 100644 index 0000000000..65a2369574 --- /dev/null +++ b/2024/CVE-2024-32335.md @@ -0,0 +1,17 @@ +### [CVE-2024-32335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32335) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-32428.md b/2024/CVE-2024-32428.md new file mode 100644 index 0000000000..8f54bbc99b --- /dev/null +++ b/2024/CVE-2024-32428.md @@ -0,0 +1,17 @@ +### [CVE-2024-32428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32428) +![](https://img.shields.io/static/v1?label=Product&message=MWW%20Disclaimer%20Buttons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moss Web Works MWW Disclaimer Buttons allows Stored XSS.This issue affects MWW Disclaimer Buttons: from n/a through 3.0.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-3246.md b/2024/CVE-2024-3246.md index 483b44d22f..630ed94f9e 100644 --- a/2024/CVE-2024-3246.md +++ b/2024/CVE-2024-3246.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/david-prv/vulnerable-wordpress-plugins diff --git a/2024/CVE-2024-32462.md b/2024/CVE-2024-32462.md new file mode 100644 index 0000000000..af5ba0da37 --- /dev/null +++ b/2024/CVE-2024-32462.md @@ -0,0 +1,17 @@ +### [CVE-2024-32462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32462) +![](https://img.shields.io/static/v1?label=Product&message=flatpak&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.10.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-88%3A%20Improper%20Neutralization%20of%20Argument%20Delimiters%20in%20a%20Command%20('Argument%20Injection')&color=brighgreen) + +### Description + +Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-32462 + diff --git a/2024/CVE-2024-32465.md b/2024/CVE-2024-32465.md index b406ea1b6d..f8c61308cb 100644 --- a/2024/CVE-2024-32465.md +++ b/2024/CVE-2024-32465.md @@ -13,5 +13,11 @@ Git is a revision control system. The Git project recommends to avoid working in No PoCs from references. #### Github +- https://github.com/BahrainMobilityInternational/BMI-02 +- https://github.com/Gandhiprakash07/Trail01 +- https://github.com/Reh46/WEB1 +- https://github.com/abdulrahmanasdfghj/brubru +- https://github.com/botaktrade/ExnessID.com +- https://github.com/robertsirc/sle-bci-demo - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-32468.md b/2024/CVE-2024-32468.md new file mode 100644 index 0000000000..547c2c0c15 --- /dev/null +++ b/2024/CVE-2024-32468.md @@ -0,0 +1,17 @@ +### [CVE-2024-32468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32468) +![](https://img.shields.io/static/v1?label=Product&message=deno&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20deno_doc%3A%20%20%3C%200.119.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages. + +### POC + +#### Reference +- https://github.com/denoland/deno/security/advisories/GHSA-qqwr-j9mm-fhw6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3248.md b/2024/CVE-2024-3248.md index 716710201f..5158dac5df 100644 --- a/2024/CVE-2024-3248.md +++ b/2024/CVE-2024-3248.md @@ -13,5 +13,6 @@ In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infini - https://forum.xpdfreader.com/viewtopic.php?t=43657 #### Github -No PoCs found on GitHub currently. +- https://github.com/NASP-THU/ProphetFuzz +- https://github.com/waugustus/waugustus diff --git a/2024/CVE-2024-3250.md b/2024/CVE-2024-3250.md index 090f9d9e52..7d6694ffdb 100644 --- a/2024/CVE-2024-3250.md +++ b/2024/CVE-2024-3250.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-32523.md b/2024/CVE-2024-32523.md index 85e769b8a6..57632a7ff1 100644 --- a/2024/CVE-2024-32523.md +++ b/2024/CVE-2024-32523.md @@ -15,4 +15,6 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/truonghuuphuc/CVE-2024-32523-Poc +- https://github.com/truonghuuphuc/Poc +- https://github.com/tucommenceapousser/CVE-2024-32523-Poc diff --git a/2024/CVE-2024-32591.md b/2024/CVE-2024-32591.md new file mode 100644 index 0000000000..60356a4073 --- /dev/null +++ b/2024/CVE-2024-32591.md @@ -0,0 +1,17 @@ +### [CVE-2024-32591](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32591) +![](https://img.shields.io/static/v1?label=Product&message=Backend%20Designer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniele De Rosa Backend Designer allows Stored XSS.This issue affects Backend Designer: from n/a through 1.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-32635.md b/2024/CVE-2024-32635.md new file mode 100644 index 0000000000..2de30b3bf7 --- /dev/null +++ b/2024/CVE-2024-32635.md @@ -0,0 +1,22 @@ +### [CVE-2024-32635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32635) +![](https://img.shields.io/static/v1?label=Product&message=JT2Go&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V2312&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.2.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.3.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2312.0005%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-32637.md b/2024/CVE-2024-32637.md new file mode 100644 index 0000000000..cf2bebf18c --- /dev/null +++ b/2024/CVE-2024-32637.md @@ -0,0 +1,22 @@ +### [CVE-2024-32637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32637) +![](https://img.shields.io/static/v1?label=Product&message=JT2Go&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V2312&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.2.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.3.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2312.0005%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-32651.md b/2024/CVE-2024-32651.md index 29cb7185a7..1f48e0cd07 100644 --- a/2024/CVE-2024-32651.md +++ b/2024/CVE-2024-32651.md @@ -14,6 +14,11 @@ changedetection.io is an open source web page change detection, website watcher, - https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-4r7v-whpg-8rx3 #### Github +- https://github.com/Mr-Tree-S/POC_EXP +- https://github.com/TU-M/Trickster-HTB +- https://github.com/eetukarttunen/security-testing - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE - https://github.com/zcrosman/cve-2024-32651 diff --git a/2024/CVE-2024-32700.md b/2024/CVE-2024-32700.md index cb8f29cc52..7dc6d41f40 100644 --- a/2024/CVE-2024-32700.md +++ b/2024/CVE-2024-32700.md @@ -13,5 +13,6 @@ Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kogne No PoCs from references. #### Github +- https://github.com/nastar-id/CVE-2024-32700 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-32709.md b/2024/CVE-2024-32709.md index 2cf3424944..66721eb612 100644 --- a/2024/CVE-2024-32709.md +++ b/2024/CVE-2024-32709.md @@ -13,8 +13,25 @@ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/truonghuuphuc/CVE-2024-32709-Poc +- https://github.com/truonghuuphuc/Poc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-3272.md b/2024/CVE-2024-3272.md index 8dad66738c..d57433ee0d 100644 --- a/2024/CVE-2024-3272.md +++ b/2024/CVE-2024-3272.md @@ -16,12 +16,29 @@ No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/OIivr/Turvan6rkus-CVE-2024-3273 - https://github.com/WanLiChangChengWanLiChang/WanLiChangChengWanLiChang +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/aliask/dinkleberry +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/toxyl/lscve - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-3273.md b/2024/CVE-2024-3273.md index 398491e337..fb85e733a3 100644 --- a/2024/CVE-2024-3273.md +++ b/2024/CVE-2024-3273.md @@ -16,21 +16,41 @@ No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0xMarcio/cve +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC - https://github.com/Chocapikk/CVE-2024-3273 +- https://github.com/DMW11525708/wiki - https://github.com/GhostTroops/TOP - https://github.com/K3ysTr0K3R/CVE-2024-3273-EXPLOIT - https://github.com/K3ysTr0K3R/K3ysTr0K3R +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/OIivr/Turvan6rkus-CVE-2024-3273 - https://github.com/Ostorlab/KEV - https://github.com/ThatNotEasy/CVE-2024-3273 - https://github.com/WanLiChangChengWanLiChang/WanLiChangChengWanLiChang +- https://github.com/WhosGa/MyWiki +- https://github.com/X-Projetion/CVE-2024-3273-D-Link-Remote-Code-Execution-RCE +- https://github.com/Yuan08o/pocs - https://github.com/adhikara13/CVE-2024-3273 +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/framboise-pi/dns320_powerpost +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/mrrobot0o/CVE-2024-3273- - https://github.com/netlas-io/netlas-dorks - https://github.com/nickswink/D-Link-NAS-Devices-Unauthenticated-RCE - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/tanjiti/sec_profile - https://github.com/toxyl/lscve - https://github.com/wangjiezhe/awesome-stars diff --git a/2024/CVE-2024-32735.md b/2024/CVE-2024-32735.md index 5a66a4922c..a97befcd79 100644 --- a/2024/CVE-2024-32735.md +++ b/2024/CVE-2024-32735.md @@ -13,5 +13,5 @@ An issue regarding missing authentication for certain utilities exists in CyberP - https://www.tenable.com/security/research/tra-2024-14 #### Github -No PoCs found on GitHub currently. +- https://github.com/opendr-io/causality diff --git a/2024/CVE-2024-32736.md b/2024/CVE-2024-32736.md index af824222ba..5d622e56ec 100644 --- a/2024/CVE-2024-32736.md +++ b/2024/CVE-2024-32736.md @@ -13,5 +13,5 @@ A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior t - https://www.tenable.com/security/research/tra-2024-14 #### Github -No PoCs found on GitHub currently. +- https://github.com/opendr-io/causality diff --git a/2024/CVE-2024-32737.md b/2024/CVE-2024-32737.md index 712b164794..ce1b02a9d7 100644 --- a/2024/CVE-2024-32737.md +++ b/2024/CVE-2024-32737.md @@ -13,5 +13,5 @@ A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior t - https://www.tenable.com/security/research/tra-2024-14 #### Github -No PoCs found on GitHub currently. +- https://github.com/opendr-io/causality diff --git a/2024/CVE-2024-32738.md b/2024/CVE-2024-32738.md index 36726f11d0..b60fd3a377 100644 --- a/2024/CVE-2024-32738.md +++ b/2024/CVE-2024-32738.md @@ -13,5 +13,6 @@ A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior t - https://www.tenable.com/security/research/tra-2024-14 #### Github -No PoCs found on GitHub currently. +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/opendr-io/causality diff --git a/2024/CVE-2024-32739.md b/2024/CVE-2024-32739.md index 2f2179cbb7..3fbf8ce200 100644 --- a/2024/CVE-2024-32739.md +++ b/2024/CVE-2024-32739.md @@ -13,5 +13,5 @@ A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior t - https://www.tenable.com/security/research/tra-2024-14 #### Github -No PoCs found on GitHub currently. +- https://github.com/opendr-io/causality diff --git a/2024/CVE-2024-32752.md b/2024/CVE-2024-32752.md index 53bbddda87..e4dea15583 100644 --- a/2024/CVE-2024-32752.md +++ b/2024/CVE-2024-32752.md @@ -1,11 +1,13 @@ ### [CVE-2024-32752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32752) -![](https://img.shields.io/static/v1?label=Product&message=Software%20House%20iSTAR%20Pro%2C%20ICU&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20ALL%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=iSTAR%20Configuration%20Utility%20(ICU)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=iSTAR%20Pro%2C%20Edge%20and%20eX&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=iSTAR%20Ultra%20and%20Ultra%20LT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%3A%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) ### Description -Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration. +The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticatedcommunications with ICU, which may allow an attacker to gain unauthorized access ### POC diff --git a/2024/CVE-2024-32830.md b/2024/CVE-2024-32830.md new file mode 100644 index 0000000000..c2f0401651 --- /dev/null +++ b/2024/CVE-2024-32830.md @@ -0,0 +1,19 @@ +### [CVE-2024-32830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32830) +![](https://img.shields.io/static/v1?label=Product&message=BuddyForms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/ptrstr/CVE-2024-32830-poc +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-32896.md b/2024/CVE-2024-32896.md new file mode 100644 index 0000000000..e2665dbc89 --- /dev/null +++ b/2024/CVE-2024-32896.md @@ -0,0 +1,17 @@ +### [CVE-2024-32896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32896) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%20kernel%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ChalkingCode/ExploitedDucks + diff --git a/2024/CVE-2024-32911.md b/2024/CVE-2024-32911.md new file mode 100644 index 0000000000..9e4c85af4c --- /dev/null +++ b/2024/CVE-2024-32911.md @@ -0,0 +1,17 @@ +### [CVE-2024-32911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32911) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%20kernel%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SyNSec-den/Proteus + diff --git a/2024/CVE-2024-3293.md b/2024/CVE-2024-3293.md index 7b5f847c69..c9a6b557c8 100644 --- a/2024/CVE-2024-3293.md +++ b/2024/CVE-2024-3293.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/truonghuuphuc/CVE-2024-3293-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-32958.md b/2024/CVE-2024-32958.md index 2c472a75d1..321adca3a8 100644 --- a/2024/CVE-2024-32958.md +++ b/2024/CVE-2024-32958.md @@ -13,5 +13,6 @@ Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash A No PoCs from references. #### Github +- https://github.com/Cr0nu3/Cr0nu3 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3296.md b/2024/CVE-2024-3296.md index 7576c0dcf7..dd8c17fdd3 100644 --- a/2024/CVE-2024-3296.md +++ b/2024/CVE-2024-3296.md @@ -1,9 +1,6 @@ ### [CVE-2024-3296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3296) -![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=upstream&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Observable%20Discrepancy&color=brighgreen) diff --git a/2024/CVE-2024-32962.md b/2024/CVE-2024-32962.md index 359e1f3e85..cd0fca8d7e 100644 --- a/2024/CVE-2024-32962.md +++ b/2024/CVE-2024-32962.md @@ -13,5 +13,6 @@ xml-crypto is an xml digital signature and encryption library for Node.js. In af - https://github.com/node-saml/xml-crypto/security/advisories/GHSA-2xp3-57p7-qf4v #### Github -No PoCs found on GitHub currently. +- https://github.com/absholi7ly/Poc-CVE-2024-32962-xml-crypto +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-33060.md b/2024/CVE-2024-33060.md new file mode 100644 index 0000000000..81cdbfb8da --- /dev/null +++ b/2024/CVE-2024-33060.md @@ -0,0 +1,17 @@ +### [CVE-2024-33060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33060) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Memory corruption when two threads try to map and unmap a single node simultaneously. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-33111.md b/2024/CVE-2024-33111.md index 685a040767..43917e3856 100644 --- a/2024/CVE-2024-33111.md +++ b/2024/CVE-2024-33111.md @@ -13,6 +13,7 @@ D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) - https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md #### Github +- https://github.com/FaLLenSKiLL1/CVE-2024-33111 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-33113.md b/2024/CVE-2024-33113.md index 19037452e9..c33979cedd 100644 --- a/2024/CVE-2024-33113.md +++ b/2024/CVE-2024-33113.md @@ -13,8 +13,10 @@ D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sm - https://github.com/yj94/Yj_learning/blob/main/Week16/D-LINK-POC.md #### Github +- https://github.com/FaLLenSKiLL1/CVE-2024-33113 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/ibaiw/2024Hvv - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tekua/CVE-2024-33113 - https://github.com/yj94/Yj_learning diff --git a/2024/CVE-2024-3313.md b/2024/CVE-2024-3313.md index 79f09a3de7..e14a321991 100644 --- a/2024/CVE-2024-3313.md +++ b/2024/CVE-2024-3313.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/tekua/CVE-2024-33113 diff --git a/2024/CVE-2024-33180.md b/2024/CVE-2024-33180.md new file mode 100644 index 0000000000..a91a03141d --- /dev/null +++ b/2024/CVE-2024-33180.md @@ -0,0 +1,17 @@ +### [CVE-2024-33180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33180) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/IoTBec/code + diff --git a/2024/CVE-2024-33209.md b/2024/CVE-2024-33209.md new file mode 100644 index 0000000000..7831d4130e --- /dev/null +++ b/2024/CVE-2024-33209.md @@ -0,0 +1,17 @@ +### [CVE-2024-33209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33209) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/paragbagul111/CVE-2024-33209 + diff --git a/2024/CVE-2024-33210.md b/2024/CVE-2024-33210.md new file mode 100644 index 0000000000..6730aa1660 --- /dev/null +++ b/2024/CVE-2024-33210.md @@ -0,0 +1,17 @@ +### [CVE-2024-33210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33210) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/paragbagul111/CVE-2024-33210 + diff --git a/2024/CVE-2024-33218.md b/2024/CVE-2024-33218.md index 3078a6064c..07202f6156 100644 --- a/2024/CVE-2024-33218.md +++ b/2024/CVE-2024-33218.md @@ -13,5 +13,7 @@ An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boos No PoCs from references. #### Github +- https://github.com/BlackTom900131/awesome-game-security - https://github.com/gmh5225/awesome-game-security +- https://github.com/trevor0106/game-security diff --git a/2024/CVE-2024-33219.md b/2024/CVE-2024-33219.md new file mode 100644 index 0000000000..9ca3d31f97 --- /dev/null +++ b/2024/CVE-2024-33219.md @@ -0,0 +1,17 @@ +### [CVE-2024-33219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33219) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SplineUser/SplineUser + diff --git a/2024/CVE-2024-33231.md b/2024/CVE-2024-33231.md new file mode 100644 index 0000000000..37b6b18ea1 --- /dev/null +++ b/2024/CVE-2024-33231.md @@ -0,0 +1,17 @@ +### [CVE-2024-33231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33231) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdzdev/CVE-2024-33231 + diff --git a/2024/CVE-2024-33297.md b/2024/CVE-2024-33297.md new file mode 100644 index 0000000000..9c92f5fb37 --- /dev/null +++ b/2024/CVE-2024-33297.md @@ -0,0 +1,17 @@ +### [CVE-2024-33297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33297) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MathSabo/CVE-2024-33297 + diff --git a/2024/CVE-2024-33298.md b/2024/CVE-2024-33298.md new file mode 100644 index 0000000000..c8ebcdeabb --- /dev/null +++ b/2024/CVE-2024-33298.md @@ -0,0 +1,17 @@ +### [CVE-2024-33298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33298) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MathSabo/CVE-2024-33298 + diff --git a/2024/CVE-2024-33299.md b/2024/CVE-2024-33299.md new file mode 100644 index 0000000000..ecc3a6623e --- /dev/null +++ b/2024/CVE-2024-33299.md @@ -0,0 +1,17 @@ +### [CVE-2024-33299](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33299) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MathSabo/CVE-2024-33299 + diff --git a/2024/CVE-2024-3332.md b/2024/CVE-2024-3332.md new file mode 100644 index 0000000000..45fc61e445 --- /dev/null +++ b/2024/CVE-2024-3332.md @@ -0,0 +1,17 @@ +### [CVE-2024-3332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3332) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zoolab-org/blueman.artifact + diff --git a/2024/CVE-2024-3333.md b/2024/CVE-2024-3333.md index c3d6118562..dd13604b40 100644 --- a/2024/CVE-2024-3333.md +++ b/2024/CVE-2024-3333.md @@ -13,6 +13,8 @@ The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored No PoCs from references. #### Github +- https://github.com/Indrani-19/vulnerability-scanner - https://github.com/JohnnyBradvo/CVE-2024-3333 +- https://github.com/Saumya-Suvarna/vulnerability_scanner - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-33365.md b/2024/CVE-2024-33365.md index 96adaea603..abe6b3ba16 100644 --- a/2024/CVE-2024-33365.md +++ b/2024/CVE-2024-33365.md @@ -11,6 +11,7 @@ Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn all #### Reference - https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2024-33365/README.md +- https://hackmd.io/%40JohnathanHuuTri/rJNbEItJC - https://hackmd.io/@JohnathanHuuTri/rJNbEItJC #### Github diff --git a/2024/CVE-2024-33371.md b/2024/CVE-2024-33371.md new file mode 100644 index 0000000000..c84f518e5e --- /dev/null +++ b/2024/CVE-2024-33371.md @@ -0,0 +1,17 @@ +### [CVE-2024-33371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33371) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component. + +### POC + +#### Reference +- https://gitee.com/zchuanwen/cve/issues/I9HQRY + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33401.md b/2024/CVE-2024-33401.md new file mode 100644 index 0000000000..3fd859db2a --- /dev/null +++ b/2024/CVE-2024-33401.md @@ -0,0 +1,17 @@ +### [CVE-2024-33401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33401) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to run arbitrary code via the mnum parameter. + +### POC + +#### Reference +- https://gitee.com/zchuanwen/cve123/issues/I9I18D + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33433.md b/2024/CVE-2024-33433.md new file mode 100644 index 0000000000..1579ccc1a0 --- /dev/null +++ b/2024/CVE-2024-33433.md @@ -0,0 +1,17 @@ +### [CVE-2024-33433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33433) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4hsienyang/CVE-vulns + diff --git a/2024/CVE-2024-3344.md b/2024/CVE-2024-3344.md new file mode 100644 index 0000000000..4268b2bbc8 --- /dev/null +++ b/2024/CVE-2024-3344.md @@ -0,0 +1,17 @@ +### [CVE-2024-3344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3344) +![](https://img.shields.io/static/v1?label=Product&message=Otter%20Blocks%20%E2%80%93%20Gutenberg%20Blocks%2C%20Page%20Builder%20for%20Gutenberg%20Editor%20%26%20FSE&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.6.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sravani1915/VulnerabilityScannerProject + diff --git a/2024/CVE-2024-3345.md b/2024/CVE-2024-3345.md new file mode 100644 index 0000000000..02f1418c27 --- /dev/null +++ b/2024/CVE-2024-3345.md @@ -0,0 +1,18 @@ +### [CVE-2024-3345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3345) +![](https://img.shields.io/static/v1?label=Product&message=ShopLentor%20%E2%80%93%20WooCommerce%20Builder%20for%20Elementor%20%26%20Gutenberg%20%2B12%20Modules%20%E2%80%93%20All%20in%20One%20Solution%20(formerly%20WooLentor)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.8.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Saumya-Suvarna/vulnerability_scanner +- https://github.com/haardikdharma10/go-service + diff --git a/2024/CVE-2024-33452.md b/2024/CVE-2024-33452.md new file mode 100644 index 0000000000..8a4d36abfb --- /dev/null +++ b/2024/CVE-2024-33452.md @@ -0,0 +1,17 @@ +### [CVE-2024-33452](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. + +### POC + +#### Reference +- https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33453.md b/2024/CVE-2024-33453.md new file mode 100644 index 0000000000..8f10e13a12 --- /dev/null +++ b/2024/CVE-2024-33453.md @@ -0,0 +1,17 @@ +### [CVE-2024-33453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33453) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ant1sec-ops/CVE-2024-33453 + diff --git a/2024/CVE-2024-33510.md b/2024/CVE-2024-33510.md new file mode 100644 index 0000000000..08b3ed3386 --- /dev/null +++ b/2024/CVE-2024-33510.md @@ -0,0 +1,18 @@ +### [CVE-2024-33510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33510) +![](https://img.shields.io/static/v1?label=Product&message=FortiOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiProxy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control&color=brighgreen) + +### Description + +An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/afine-com/research + diff --git a/2024/CVE-2024-33599.md b/2024/CVE-2024-33599.md index 9132e3efa1..e6d2cc92ca 100644 --- a/2024/CVE-2024-33599.md +++ b/2024/CVE-2024-33599.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/ghostbyt3/patch-tuesday +- https://github.com/smartcow99/docker-security-check-using-trivy - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-33600.md b/2024/CVE-2024-33600.md index 207496cc87..1c5cb70d3f 100644 --- a/2024/CVE-2024-33600.md +++ b/2024/CVE-2024-33600.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/smartcow99/docker-security-check-using-trivy - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-33601.md b/2024/CVE-2024-33601.md index 09e114948d..140929ad0a 100644 --- a/2024/CVE-2024-33601.md +++ b/2024/CVE-2024-33601.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/smartcow99/docker-security-check-using-trivy - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-33602.md b/2024/CVE-2024-33602.md index a297729d50..fea9a8be26 100644 --- a/2024/CVE-2024-33602.md +++ b/2024/CVE-2024-33602.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/GrigGM/05-virt-04-docker-hw +- https://github.com/smartcow99/docker-security-check-using-trivy - https://github.com/testing-felickz/docker-scout-demo diff --git a/2024/CVE-2024-33605.md b/2024/CVE-2024-33605.md new file mode 100644 index 0000000000..ed9b6e9bd4 --- /dev/null +++ b/2024/CVE-2024-33605.md @@ -0,0 +1,18 @@ +### [CVE-2024-33605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33605) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20limitation%20of%20a%20pathname%20to%20a%20restricted%20directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33610.md b/2024/CVE-2024-33610.md new file mode 100644 index 0000000000..5589942bb0 --- /dev/null +++ b/2024/CVE-2024-33610.md @@ -0,0 +1,18 @@ +### [CVE-2024-33610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33610) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33616.md b/2024/CVE-2024-33616.md new file mode 100644 index 0000000000..08a9deceab --- /dev/null +++ b/2024/CVE-2024-33616.md @@ -0,0 +1,18 @@ +### [CVE-2024-33616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33616) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authentication%20bypass&color=brighgreen) + +### Description + +Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33617.md b/2024/CVE-2024-33617.md new file mode 100644 index 0000000000..eb4caf4ea8 --- /dev/null +++ b/2024/CVE-2024-33617.md @@ -0,0 +1,18 @@ +### [CVE-2024-33617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33617) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20QAT%20Engine%20for%20OpenSSL%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%20v1.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insufficient%20control%20flow%20management&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=information%20disclosure&color=brighgreen) + +### Description + +Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2024/CVE-2024-33644.md b/2024/CVE-2024-33644.md index 9083aaeaca..8d15fdfc2c 100644 --- a/2024/CVE-2024-33644.md +++ b/2024/CVE-2024-33644.md @@ -13,5 +13,6 @@ Improper Control of Generation of Code ('Code Injection') vulnerability in WPCus No PoCs from references. #### Github +- https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-33663.md b/2024/CVE-2024-33663.md new file mode 100644 index 0000000000..c3e3bda73c --- /dev/null +++ b/2024/CVE-2024-33663.md @@ -0,0 +1,18 @@ +### [CVE-2024-33663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33663) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. + +### POC + +#### Reference +- https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-python-jose-cve-2024-33663 + +#### Github +- https://github.com/HasnainKousar/is601_module14 +- https://github.com/blemis/anscomm + diff --git a/2024/CVE-2024-33664.md b/2024/CVE-2024-33664.md index 2f62899c1b..39eee12d5e 100644 --- a/2024/CVE-2024-33664.md +++ b/2024/CVE-2024-33664.md @@ -11,7 +11,9 @@ python-jose through 3.3.0 allows attackers to cause a denial of service (resourc #### Reference - https://github.com/mpdavis/python-jose/issues/344 +- https://www.vicarius.io/vsociety/posts/jwt-bomb-in-python-jose-cve-2024-33664 #### Github -No PoCs found on GitHub currently. +- https://github.com/blemis/anscomm +- https://github.com/iotdscreator/iotdscreator-dataset diff --git a/2024/CVE-2024-33665.md b/2024/CVE-2024-33665.md new file mode 100644 index 0000000000..ca21c946c0 --- /dev/null +++ b/2024/CVE-2024-33665.md @@ -0,0 +1,17 @@ +### [CVE-2024-33665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33665) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/eleni1029/250714_Weakness_Scan + diff --git a/2024/CVE-2024-33699.md b/2024/CVE-2024-33699.md new file mode 100644 index 0000000000..236cfb184c --- /dev/null +++ b/2024/CVE-2024-33699.md @@ -0,0 +1,17 @@ +### [CVE-2024-33699](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33699) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6012&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R0.40e6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-620%3A%20Unverified%20Password%20Change&color=brighgreen) + +### Description + +The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33700.md b/2024/CVE-2024-33700.md new file mode 100644 index 0000000000..a28aeb6ea1 --- /dev/null +++ b/2024/CVE-2024-33700.md @@ -0,0 +1,17 @@ +### [CVE-2024-33700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33700) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6012&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20R0.40e6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1998 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33752.md b/2024/CVE-2024-33752.md index 18f71142c1..72bc2bb53f 100644 --- a/2024/CVE-2024-33752.md +++ b/2024/CVE-2024-33752.md @@ -13,8 +13,25 @@ An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 a No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Myanemo/Myanemo +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-3381.md b/2024/CVE-2024-3381.md index d4043e0adb..f70859a9f3 100644 --- a/2024/CVE-2024-3381.md +++ b/2024/CVE-2024-3381.md @@ -13,5 +13,6 @@ No PoCs from references. #### Github +- https://github.com/felixwiehl/Get-PANOS-Advisories - https://github.com/stayfesch/Get-PANOS-Advisories diff --git a/2024/CVE-2024-3382.md b/2024/CVE-2024-3382.md index 8441b450ac..032278e74d 100644 --- a/2024/CVE-2024-3382.md +++ b/2024/CVE-2024-3382.md @@ -15,6 +15,7 @@ A memory leak exists in Palo Alto Networks PAN-OS software that enables an attac No PoCs from references. #### Github +- https://github.com/felixwiehl/Get-PANOS-Advisories - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/stayfesch/Get-PANOS-Advisories diff --git a/2024/CVE-2024-33856.md b/2024/CVE-2024-33856.md index 3542eab3b9..f2507e22d6 100644 --- a/2024/CVE-2024-33856.md +++ b/2024/CVE-2024-33856.md @@ -10,7 +10,8 @@ An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a va ### POC #### Reference -No PoCs from references. +- https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint +- https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-33857.md b/2024/CVE-2024-33857.md index 58f249d1d4..63d5f3c102 100644 --- a/2024/CVE-2024-33857.md +++ b/2024/CVE-2024-33857.md @@ -10,7 +10,8 @@ An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validat ### POC #### Reference -No PoCs from references. +- https://servicedesk.logpoint.com/hc/en-us/articles/18533639896093-Server-Side-Request-Forgery-SSRF-on-Threat-Intelligence +- https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-33858.md b/2024/CVE-2024-33858.md index 2cd87943ec..f78ded2abf 100644 --- a/2024/CVE-2024-33858.md +++ b/2024/CVE-2024-33858.md @@ -10,7 +10,7 @@ An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability ### POC #### Reference -No PoCs from references. +- https://servicedesk.logpoint.com/hc/en-us/articles/18533668045725-Path-Injection-on-Enrichment-Sources-leading-to-arbitrary-file-write-in-tmp-folder #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-33859.md b/2024/CVE-2024-33859.md index a16b8e5c6d..11f6edfcdf 100644 --- a/2024/CVE-2024-33859.md +++ b/2024/CVE-2024-33859.md @@ -10,7 +10,7 @@ An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wa ### POC #### Reference -No PoCs from references. +- https://servicedesk.logpoint.com/hc/en-us/articles/18533927651357-XSS-in-Interesting-Fields-in-Logpoint-Web-UI #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-33860.md b/2024/CVE-2024-33860.md index 8bdb03de79..8e7c10088d 100644 --- a/2024/CVE-2024-33860.md +++ b/2024/CVE-2024-33860.md @@ -10,7 +10,7 @@ An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion ### POC #### Reference -No PoCs from references. +- https://servicedesk.logpoint.com/hc/en-us/articles/18533986803741-Local-File-Inclusion-in-File-System-Collector #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-33871.md b/2024/CVE-2024-33871.md new file mode 100644 index 0000000000..5ab49396b0 --- /dev/null +++ b/2024/CVE-2024-33871.md @@ -0,0 +1,17 @@ +### [CVE-2024-33871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33871) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Romern/Romern + diff --git a/2024/CVE-2024-33883.md b/2024/CVE-2024-33883.md index 119a6bfb8c..602cf3b9fe 100644 --- a/2024/CVE-2024-33883.md +++ b/2024/CVE-2024-33883.md @@ -13,6 +13,8 @@ The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js la No PoCs from references. #### Github +- https://github.com/0x0806/JWT-Security-Assessment +- https://github.com/Grantzile/PoC-CVE-2024-33883 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/seal-community/patches diff --git a/2024/CVE-2024-33898.md b/2024/CVE-2024-33898.md new file mode 100644 index 0000000000..9dd47e1ee7 --- /dev/null +++ b/2024/CVE-2024-33898.md @@ -0,0 +1,17 @@ +### [CVE-2024-33898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33898) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. + +### POC + +#### Reference +- https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-002 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33899.md b/2024/CVE-2024-33899.md index 03c9967347..f1b1cb49df 100644 --- a/2024/CVE-2024-33899.md +++ b/2024/CVE-2024-33899.md @@ -13,5 +13,5 @@ RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoo - https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 #### Github -No PoCs found on GitHub currently. +- https://github.com/DEVESH-N2/repo diff --git a/2024/CVE-2024-33901.md b/2024/CVE-2024-33901.md index 8f579b2fa0..74a2b8736d 100644 --- a/2024/CVE-2024-33901.md +++ b/2024/CVE-2024-33901.md @@ -13,5 +13,5 @@ - https://gist.github.com/Fastor01/30c6d89c842feb1865ec2cd2d3806838 #### Github -No PoCs found on GitHub currently. +- https://github.com/gmikisilva/CVE-2024-33901-ProofOfConcept diff --git a/2024/CVE-2024-33905.md b/2024/CVE-2024-33905.md index d06f4d94b0..b79a2b2647 100644 --- a/2024/CVE-2024-33905.md +++ b/2024/CVE-2024-33905.md @@ -10,6 +10,7 @@ In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the p ### POC #### Reference +- https://medium.com/%40pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90 - https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90 #### Github diff --git a/2024/CVE-2024-33911.md b/2024/CVE-2024-33911.md index a9605f0899..caaec0e3e4 100644 --- a/2024/CVE-2024-33911.md +++ b/2024/CVE-2024-33911.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/xbz0n/CVE-2024-33911 +- https://github.com/xbz0n/xbz0n diff --git a/2024/CVE-2024-3393.md b/2024/CVE-2024-3393.md new file mode 100644 index 0000000000..60c0a12756 --- /dev/null +++ b/2024/CVE-2024-3393.md @@ -0,0 +1,20 @@ +### [CVE-2024-3393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3393) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20NGFW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PAN-OS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-754%20Improper%20Check%20for%20Unusual%20or%20Exceptional%20Conditions&color=brighgreen) + +### Description + +A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/FelixFoxf/-CVE-2024-3393 +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-33943.md b/2024/CVE-2024-33943.md new file mode 100644 index 0000000000..e6393cdad8 --- /dev/null +++ b/2024/CVE-2024-33943.md @@ -0,0 +1,17 @@ +### [CVE-2024-33943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33943) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Under%20Construction&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyKite Ultimate Under Construction allows Stored XSS.This issue affects Ultimate Under Construction: from n/a through 1.9.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-33996.md b/2024/CVE-2024-33996.md new file mode 100644 index 0000000000..39c533fc14 --- /dev/null +++ b/2024/CVE-2024-33996.md @@ -0,0 +1,17 @@ +### [CVE-2024-33996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33996) +![](https://img.shields.io/static/v1?label=Product&message=Moodle&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4.0%3C%3D%204.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-33997.md b/2024/CVE-2024-33997.md new file mode 100644 index 0000000000..d74e29411f --- /dev/null +++ b/2024/CVE-2024-33997.md @@ -0,0 +1,17 @@ +### [CVE-2024-33997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33997) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-33998.md b/2024/CVE-2024-33998.md new file mode 100644 index 0000000000..542500c96d --- /dev/null +++ b/2024/CVE-2024-33998.md @@ -0,0 +1,17 @@ +### [CVE-2024-33998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33998) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-33999.md b/2024/CVE-2024-33999.md new file mode 100644 index 0000000000..9f9e98e769 --- /dev/null +++ b/2024/CVE-2024-33999.md @@ -0,0 +1,17 @@ +### [CVE-2024-33999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33999) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The referrer URL used by MFA required additional sanitizing, rather than being used directly. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-3400.md b/2024/CVE-2024-3400.md index f9036450e4..c66ad0624f 100644 --- a/2024/CVE-2024-3400.md +++ b/2024/CVE-2024-3400.md @@ -17,40 +17,73 @@ A command injection as a result of arbitrary file creation vulnerability in the - https://unit42.paloaltonetworks.com/cve-2024-3400/ #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0x0d3ad/CVE-2024-3400 +- https://github.com/0xAj-Krishna/biggest-hack - https://github.com/0xMarcio/cve - https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection +- https://github.com/12442RF/POC - https://github.com/20142995/nuclei-templates +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/AboSteam/POPC - https://github.com/AdaniKamal/CVE-2024-3400 - https://github.com/CONDITIONBLACK/CVE-2024-3400-POC - https://github.com/CerTusHack/CVE-2024-3400-PoC - https://github.com/Chocapikk/CVE-2024-3400 +- https://github.com/Cyb3rTim/Cyber-Threat-Intelligence-Dashboard +- https://github.com/CyberBibs/Labs +- https://github.com/CyberBibs/SOC274---Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400- +- https://github.com/CyprianAtsyor/letsdefend-cve2024-3400-case-study +- https://github.com/DMW11525708/wiki - https://github.com/DrewskyDev/CVE-2024-3400 - https://github.com/FoxyProxys/CVE-2024-3400 - https://github.com/GhostTroops/TOP - https://github.com/H4lo/awesome-IoT-security-article - https://github.com/HackingLZ/panrapidcheck +- https://github.com/Just-Hack-For-Fun/NOPTrace-Configs - https://github.com/Kr0ff/cve-2024-3400 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/LoanVitor/CVE-2024-3400- +- https://github.com/MarcUrbano/CVE-PoC-Hunter - https://github.com/MrR0b0t19/CVE-2024-3400 - https://github.com/MurrayR0123/CVE-2024-3400-Compromise-Checker - https://github.com/Ostorlab/KEV - https://github.com/Ravaan21/CVE-2024-3400 - https://github.com/T43cr0wl3r/Gorilla_Sessions - https://github.com/Tig3rHu/Awesome_IOT_Vul_lib +- https://github.com/Veridano/veridano-mcp-server - https://github.com/W01fh4cker/CVE-2024-3400-RCE-Scan +- https://github.com/WatchDog1307/SOC-Web-attack-investigation +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/CVE-2024-3400-poc +- https://github.com/Yuan08o/pocs - https://github.com/Yuvvi01/CVE-2024-3400 - https://github.com/ZephrFish/CVE-2024-3400-Canary +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/ak1t4/CVE-2024-3400 - https://github.com/andrelia-hacks/CVE-2024-3400 - https://github.com/aneasystone/github-trending +- https://github.com/barkandbite/iranian-apt-detection +- https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/codeblueprint/CVE-2024-3400 +- https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/eswar152319/eswar - https://github.com/fatguru/dorks +- https://github.com/febrian96r/Cybersecurity-Portfolio +- https://github.com/febrian96r/febrian96r - https://github.com/fireinrain/github-trending - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/h4x0r-dz/CVE-2024-3400 +- https://github.com/hackerhijeck/CVE-Exploit - https://github.com/hahasagined/CVE-2024-3400 +- https://github.com/hashdr1ft/SOC274-Palo-Alto-Networks-PAN-OS-Command-Injection-Vulnerability-Exploitation-CVE-2024-3400 +- https://github.com/iemotion/POC - https://github.com/ihebski/CVE-2024-3400 - https://github.com/index2014/CVE-2024-3400-Checker - https://github.com/iwallarm/cve-2024-3400 @@ -58,28 +91,43 @@ A command injection as a result of arbitrary file creation vulnerability in the - https://github.com/k4nfr3/nmap-scripts - https://github.com/kerberoshacker/CVE-2024-3400-POC - https://github.com/kerberoshacker2/CVE-2024-3400-POC +- https://github.com/laoa1573/wy876 - https://github.com/lirantal/cve-cvss-calculator +- https://github.com/lodetomasi/zero-day-llm-ensemble +- https://github.com/maheavula/Incident-Investigation-Response - https://github.com/marconesler/CVE-2024-3400 - https://github.com/momika233/CVE-2024-3400 +- https://github.com/nanwinata/CVE-2024-3400 - https://github.com/netlas-io/netlas-dorks - https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/ozanunal0/viper +- https://github.com/patrickmgarrity/threatcon1-lab - https://github.com/phantomradar/cve-2024-3400-poc +- https://github.com/picuslabs/Picus-Emerging-Threat-Response +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/pwnj0hn/CVE-2024-3400 - https://github.com/retkoussa/CVE-2024-3400 - https://github.com/schooldropout1337/CVE-2024-3400 - https://github.com/schooldropout1337/gorilla +- https://github.com/shreyxploit/ThreatLens - https://github.com/stronglier/CVE-2024-3400 - https://github.com/swaybs/CVE-2024-3400 - https://github.com/sxyrxyy/CVE-2024-3400-Check +- https://github.com/t0chka1312/r3g4l1z-container2 - https://github.com/tanjiti/sec_profile - https://github.com/terminalJunki3/CVE-2024-3400-Checker - https://github.com/tfrederick74656/cve-2024-3400-poc - https://github.com/tk-sawada/IPLineFinder - https://github.com/toxyl/lscve +- https://github.com/v3153/v3153 - https://github.com/vulsio/go-cve-dictionary - https://github.com/wjlin0/poc-doc +- https://github.com/workshop748/CVE-2024-3400 - https://github.com/wy876/POC - https://github.com/wy876/wiki +- https://github.com/xr0r/Dorks - https://github.com/zam89/CVE-2024-3400-pot +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-34000.md b/2024/CVE-2024-34000.md new file mode 100644 index 0000000000..76e543d7be --- /dev/null +++ b/2024/CVE-2024-34000.md @@ -0,0 +1,17 @@ +### [CVE-2024-34000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34000) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-34001.md b/2024/CVE-2024-34001.md new file mode 100644 index 0000000000..eba8249ac8 --- /dev/null +++ b/2024/CVE-2024-34001.md @@ -0,0 +1,17 @@ +### [CVE-2024-34001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34001) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-34002.md b/2024/CVE-2024-34002.md index cc9392bb2e..b6425c0582 100644 --- a/2024/CVE-2024-34002.md +++ b/2024/CVE-2024-34002.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/cli-ish/cli-ish +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-34003.md b/2024/CVE-2024-34003.md index 95f186fc19..198beab321 100644 --- a/2024/CVE-2024-34003.md +++ b/2024/CVE-2024-34003.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/cli-ish/cli-ish +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-34004.md b/2024/CVE-2024-34004.md index 87c40c7415..88f4813d71 100644 --- a/2024/CVE-2024-34004.md +++ b/2024/CVE-2024-34004.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/cli-ish/cli-ish +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-34005.md b/2024/CVE-2024-34005.md index 087838f0ec..632b4956ab 100644 --- a/2024/CVE-2024-34005.md +++ b/2024/CVE-2024-34005.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/cli-ish/cli-ish +- https://github.com/jev770/badmoodle-scan diff --git a/2024/CVE-2024-34006.md b/2024/CVE-2024-34006.md new file mode 100644 index 0000000000..517202cbd0 --- /dev/null +++ b/2024/CVE-2024-34006.md @@ -0,0 +1,17 @@ +### [CVE-2024-34006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34006) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-838%20Inappropriate%20Encoding%20for%20Output%20Context&color=brighgreen) + +### Description + +The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-34007.md b/2024/CVE-2024-34007.md new file mode 100644 index 0000000000..2d13deb867 --- /dev/null +++ b/2024/CVE-2024-34007.md @@ -0,0 +1,17 @@ +### [CVE-2024-34007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34007) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-34008.md b/2024/CVE-2024-34008.md new file mode 100644 index 0000000000..541c0d11cc --- /dev/null +++ b/2024/CVE-2024-34008.md @@ -0,0 +1,17 @@ +### [CVE-2024-34008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34008) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-34009.md b/2024/CVE-2024-34009.md new file mode 100644 index 0000000000..0244d8f92c --- /dev/null +++ b/2024/CVE-2024-34009.md @@ -0,0 +1,17 @@ +### [CVE-2024-34009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34009) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jev770/badmoodle-scan + diff --git a/2024/CVE-2024-34012.md b/2024/CVE-2024-34012.md new file mode 100644 index 0000000000..ad37cb16ef --- /dev/null +++ b/2024/CVE-2024-34012.md @@ -0,0 +1,17 @@ +### [CVE-2024-34012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34012) +![](https://img.shields.io/static/v1?label=Product&message=Acronis%20Cloud%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%206.2.24135.272%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276&color=brighgreen) + +### Description + +Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/HmelevTimur/OvalGenerator + diff --git a/2024/CVE-2024-34064.md b/2024/CVE-2024-34064.md index 747cf08ce1..ec1af432b2 100644 --- a/2024/CVE-2024-34064.md +++ b/2024/CVE-2024-34064.md @@ -13,6 +13,10 @@ Jinja is an extensible templating engine. The `xmlattr` filter in affected versi No PoCs from references. #### Github +- https://github.com/fetter-io/fetter-py +- https://github.com/fetter-io/fetter-rs - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ranjith16/renovate_test - https://github.com/rohaquinlop/immunipy +- https://github.com/rsys-fchaliss/hebe diff --git a/2024/CVE-2024-34069.md b/2024/CVE-2024-34069.md index 265a1a8117..e899e22bf7 100644 --- a/2024/CVE-2024-34069.md +++ b/2024/CVE-2024-34069.md @@ -13,5 +13,6 @@ Werkzeug is a comprehensive WSGI web application library. The debugger in affect No PoCs from references. #### Github +- https://github.com/Sofl4me/SAST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3408.md b/2024/CVE-2024-3408.md new file mode 100644 index 0000000000..d1cc44b6c6 --- /dev/null +++ b/2024/CVE-2024-3408.md @@ -0,0 +1,17 @@ +### [CVE-2024-3408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3408) +![](https://img.shields.io/static/v1?label=Product&message=man-group%2Fdtale&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%203.13.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen) + +### Description + +man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Mr-xn/Penetration_Testing_POC + diff --git a/2024/CVE-2024-34102.md b/2024/CVE-2024-34102.md index 36f3b6e35e..c5574a4b2c 100644 --- a/2024/CVE-2024-34102.md +++ b/2024/CVE-2024-34102.md @@ -13,10 +13,47 @@ Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affe - https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102 #### Github +- https://github.com/0x0d3ad/CVE-2024-34102 +- https://github.com/11whoami99/CVE-2024-34102 +- https://github.com/ArturArz1/TestCVE-2024-34102 +- https://github.com/Chocapikk/CVE-2024-34102 +- https://github.com/Devihtisham01/Anti-skimming-system-for-a-retail-banking-chain +- https://github.com/EQSTLab/CVE-2024-34102 +- https://github.com/Kento-Sec/CVE-2024-34102 +- https://github.com/Koray123-debug/CVE-2024-34102 - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV +- https://github.com/Phantom-IN/CVE-2024-34102 +- https://github.com/RevoltSecurities/CVE-2024-36401 +- https://github.com/SamJUK/cosmicsting-validator +- https://github.com/Santandersecurityresearch/e-Skimming-Detection +- https://github.com/WTN-arny/CVE-2024-37085 +- https://github.com/WTN-arny/Vmware-ESXI +- https://github.com/bigb0x/CVE-2024-34102 +- https://github.com/bka/magento-cve-2024-34102-exploit-cosmicstring +- https://github.com/bughuntar/CVE-2024-34102 +- https://github.com/bughuntar/CVE-2024-34102-Python +- https://github.com/crynomore/CVE-2024-34102 +- https://github.com/d0rb/CVE-2024-34102 +- https://github.com/dream434/CVE-2024-34102 +- https://github.com/dream434/dream434 - https://github.com/f0ur0four/Insecure-Deserialization +- https://github.com/gjportegies/Magento-APSB24-40-Security-Patches - https://github.com/imooaaz/exploit +- https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento +- https://github.com/m0442/exploit +- https://github.com/mecdotsource/adobecommerce_cosmicsting +- https://github.com/mksundaram69/CVE-2024-34102 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/origamee/gh-advisory-project +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/redwaysecurity/CVEs +- https://github.com/th3gokul/CVE-2024-34102 +- https://github.com/th3gokul/CVE-2024-50603 +- https://github.com/unknownzerobit/poc +- https://github.com/wubinworks/magento2-cosmic-sting-patch +- https://github.com/wubinworks/magento2-encryption-key-manager-cli +- https://github.com/wubinworks/magento2-enhanced-xml-security +- https://github.com/wubinworks/magento2-jwt-auth-patch +- https://github.com/wubinworks/magento2-template-filter-patch diff --git a/2024/CVE-2024-34144.md b/2024/CVE-2024-34144.md index 92733c053e..1b5250987e 100644 --- a/2024/CVE-2024-34144.md +++ b/2024/CVE-2024-34144.md @@ -13,6 +13,7 @@ A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins S No PoCs from references. #### Github +- https://github.com/MXWXZ/CVE-2024-34144 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-34155.md b/2024/CVE-2024-34155.md new file mode 100644 index 0000000000..bf1db210fd --- /dev/null +++ b/2024/CVE-2024-34155.md @@ -0,0 +1,19 @@ +### [CVE-2024-34155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155) +![](https://img.shields.io/static/v1?label=Product&message=go%2Fparser&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.22.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen) + +### Description + +Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/kaisensan/desafio-girus-pick + diff --git a/2024/CVE-2024-34156.md b/2024/CVE-2024-34156.md new file mode 100644 index 0000000000..4c5e4482d4 --- /dev/null +++ b/2024/CVE-2024-34156.md @@ -0,0 +1,21 @@ +### [CVE-2024-34156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156) +![](https://img.shields.io/static/v1?label=Product&message=encoding%2Fgob&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.22.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen) + +### Description + +Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NishantPuri99/panic-at-the-gob-decoder +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/kaisensan/desafio-girus-pick +- https://github.com/runwhen-contrib/helm-charts + diff --git a/2024/CVE-2024-34158.md b/2024/CVE-2024-34158.md new file mode 100644 index 0000000000..4b8bf42dbf --- /dev/null +++ b/2024/CVE-2024-34158.md @@ -0,0 +1,20 @@ +### [CVE-2024-34158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158) +![](https://img.shields.io/static/v1?label=Product&message=go%2Fbuild%2Fconstraint&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.22.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen) + +### Description + +Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/kaisensan/desafio-girus-pick +- https://github.com/kodai-160/article + diff --git a/2024/CVE-2024-34162.md b/2024/CVE-2024-34162.md new file mode 100644 index 0000000000..4a3348f8ff --- /dev/null +++ b/2024/CVE-2024-34162.md @@ -0,0 +1,18 @@ +### [CVE-2024-34162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34162) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Access%20to%20critical%20private%20variable%20via%20public%20method&color=brighgreen) + +### Description + +The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34193.md b/2024/CVE-2024-34193.md new file mode 100644 index 0000000000..3d23f05820 --- /dev/null +++ b/2024/CVE-2024-34193.md @@ -0,0 +1,17 @@ +### [CVE-2024-34193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34193) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/opendr-io/causality + diff --git a/2024/CVE-2024-34195.md b/2024/CVE-2024-34195.md new file mode 100644 index 0000000000..f8ae97016f --- /dev/null +++ b/2024/CVE-2024-34195.md @@ -0,0 +1,17 @@ +### [CVE-2024-34195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34195) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. + +### POC + +#### Reference +- https://gist.github.com/Swind1er/84161b607d06d060fba5adcdd92bceb4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34198.md b/2024/CVE-2024-34198.md new file mode 100644 index 0000000000..5001916359 --- /dev/null +++ b/2024/CVE-2024-34198.md @@ -0,0 +1,17 @@ +### [CVE-2024-34198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34198) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. + +### POC + +#### Reference +- https://gist.github.com/Swind1er/02f6cb414e440c34878f20fef756e286 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34235.md b/2024/CVE-2024-34235.md new file mode 100644 index 0000000000..1e756335cd --- /dev/null +++ b/2024/CVE-2024-34235.md @@ -0,0 +1,17 @@ +### [CVE-2024-34235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34235) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service. + +### POC + +#### Reference +- https://cellularsecurity.org/ransacked + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34257.md b/2024/CVE-2024-34257.md index 9d0e8cd35f..b53b025852 100644 --- a/2024/CVE-2024-34257.md +++ b/2024/CVE-2024-34257.md @@ -14,4 +14,5 @@ TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypT #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opendr-io/causality diff --git a/2024/CVE-2024-34273.md b/2024/CVE-2024-34273.md index bcd43ea805..4b508b9e10 100644 --- a/2024/CVE-2024-34273.md +++ b/2024/CVE-2024-34273.md @@ -13,6 +13,7 @@ njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser. - https://github.com/chrisandoryan/vuln-advisory/blob/main/nJwt/CVE-2024-34273.md #### Github +- https://github.com/bavamont/jwt-security-analyzer - https://github.com/chrisandoryan/vuln-advisory - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-34312.md b/2024/CVE-2024-34312.md index c5032d08d8..47b25f9b75 100644 --- a/2024/CVE-2024-34312.md +++ b/2024/CVE-2024-34312.md @@ -14,4 +14,6 @@ Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cros #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/vincentscode/CVE-2024-34312 +- https://github.com/vincentscode/CVE-2024-34313 diff --git a/2024/CVE-2024-34313.md b/2024/CVE-2024-34313.md index 027580e78d..f9c8d0b9bd 100644 --- a/2024/CVE-2024-34313.md +++ b/2024/CVE-2024-34313.md @@ -14,4 +14,5 @@ An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/vincentscode/CVE-2024-34313 diff --git a/2024/CVE-2024-34329.md b/2024/CVE-2024-34329.md index 2309f762b8..a2b6de720a 100644 --- a/2024/CVE-2024-34329.md +++ b/2024/CVE-2024-34329.md @@ -5,7 +5,7 @@ ### Description -Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. +Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. ### POC @@ -14,4 +14,5 @@ Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pamoutaf/CVE-2024-34329 diff --git a/2024/CVE-2024-34331.md b/2024/CVE-2024-34331.md new file mode 100644 index 0000000000..c13c36080f --- /dev/null +++ b/2024/CVE-2024-34331.md @@ -0,0 +1,17 @@ +### [CVE-2024-34331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34331) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. + +### POC + +#### Reference +- https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html + +#### Github +- https://github.com/beerisgood/macOS_Hardening + diff --git a/2024/CVE-2024-34343.md b/2024/CVE-2024-34343.md new file mode 100644 index 0000000000..949c628d47 --- /dev/null +++ b/2024/CVE-2024-34343.md @@ -0,0 +1,17 @@ +### [CVE-2024-34343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34343) +![](https://img.shields.io/static/v1?label=Product&message=nuxt&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.12.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's provided by `unjs/ufo`. This library also contains parsing discrepancies. The function first tests to see if the specified URL has a protocol. This uses the unjs/ufo package for URL parsing. This function works effectively, and returns true for a javascript: protocol. After this, the URL is parsed using the parseURL function. This function will refuse to parse poorly formatted URLs. Parsing javascript:alert(1) returns null/"" for all values. Next, the protocol of the URL is then checked using the isScriptProtocol function. This function simply checks the input against a list of protocols, and does not perform any parsing. The combination of refusing to parse poorly formatted URLs, and not performing additional parsing means that script checks fail as no protocol can be found. Even if a protocol was identified, whitespace is not stripped in the parseURL implementation, bypassing the isScriptProtocol checks. Certain special protocols are identified at the top of parseURL. Inserting a newline or tab into this sequence will block the special protocol check, and bypass the latter checks. This ONLY has impact after SSR has occured, the `javascript:` protocol within a location header does not trigger XSS. This issue has been addressed in release version 3.12.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/nuxt/nuxt/security/advisories/GHSA-vf6r-87q4-2vjf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34350.md b/2024/CVE-2024-34350.md index 9e3898ad29..1cfa973e16 100644 --- a/2024/CVE-2024-34350.md +++ b/2024/CVE-2024-34350.md @@ -13,5 +13,6 @@ Next.js is a React framework that can provide building blocks to create web appl No PoCs from references. #### Github +- https://github.com/XiaomingX/weekly - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-34351.md b/2024/CVE-2024-34351.md index 5b95f21162..29c122115f 100644 --- a/2024/CVE-2024-34351.md +++ b/2024/CVE-2024-34351.md @@ -13,6 +13,14 @@ Next.js is a React framework that can provide building blocks to create web appl No PoCs from references. #### Github +- https://github.com/God4n/nextjs-CVE-2024-34351-_exploit +- https://github.com/RodrigoLeee/Seguranca-iot-sala - https://github.com/Voorivex/CVE-2024-34351 +- https://github.com/XiaomingX/weekly +- https://github.com/YusukeJustinNakajima/BugBounty-Resources-For-Japanese +- https://github.com/avergnaud/Next.js_exploit_CVE-2024-34351 +- https://github.com/ayrad0/next.js-pentesting - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/patzj/apx-nextjs-ssrf +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-34359.md b/2024/CVE-2024-34359.md index 3940ab6fb2..4405b427b6 100644 --- a/2024/CVE-2024-34359.md +++ b/2024/CVE-2024-34359.md @@ -13,5 +13,5 @@ llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depend - https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829 #### Github -No PoCs found on GitHub currently. +- https://github.com/ShenaoW/awesome-llm-supply-chain-security diff --git a/2024/CVE-2024-34361.md b/2024/CVE-2024-34361.md index e969b4a99a..a3c2ec182c 100644 --- a/2024/CVE-2024-34361.md +++ b/2024/CVE-2024-34361.md @@ -13,5 +13,6 @@ Pi-hole is a DNS sinkhole that protects devices from unwanted content without in - https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6 #### Github +- https://github.com/T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-34370.md b/2024/CVE-2024-34370.md new file mode 100644 index 0000000000..d35a67cc6e --- /dev/null +++ b/2024/CVE-2024-34370.md @@ -0,0 +1,19 @@ +### [CVE-2024-34370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34370) +![](https://img.shields.io/static/v1?label=Product&message=EAN%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally +- https://github.com/pashayogi/CVE-2024-34370 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-34391.md b/2024/CVE-2024-34391.md index cabe6b8ecd..41543fd56b 100644 --- a/2024/CVE-2024-34391.md +++ b/2024/CVE-2024-34391.md @@ -1,7 +1,7 @@ ### [CVE-2024-34391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34391) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-843%20Access%20of%20Resource%20Using%20Incompatible%20Type%20('Type%20Confusion')&color=brighgreen) ### Description @@ -14,5 +14,5 @@ libxmljs is vulnerable to a type confusion vulnerability when parsing a speciall - https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988/ #### Github -No PoCs found on GitHub currently. +- https://github.com/software-engineering-and-security/cfi-practical-guideline diff --git a/2024/CVE-2024-34392.md b/2024/CVE-2024-34392.md index 4c893885bd..3d9b97705f 100644 --- a/2024/CVE-2024-34392.md +++ b/2024/CVE-2024-34392.md @@ -1,7 +1,7 @@ ### [CVE-2024-34392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34392) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-843%20Access%20of%20Resource%20Using%20Incompatible%20Type%20('Type%20Confusion')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-34393.md b/2024/CVE-2024-34393.md index e067d12b7b..1775568a86 100644 --- a/2024/CVE-2024-34393.md +++ b/2024/CVE-2024-34393.md @@ -1,7 +1,7 @@ ### [CVE-2024-34393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34393) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-843%20Access%20of%20Resource%20Using%20Incompatible%20Type%20('Type%20Confusion')&color=brighgreen) ### Description @@ -14,5 +14,5 @@ libxmljs2 is vulnerable to a type confusion vulnerability when parsing a special - https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097/ #### Github -No PoCs found on GitHub currently. +- https://github.com/ttskp/libxmljs2-noop diff --git a/2024/CVE-2024-34394.md b/2024/CVE-2024-34394.md index 2ffedc15a2..1dd9159e0d 100644 --- a/2024/CVE-2024-34394.md +++ b/2024/CVE-2024-34394.md @@ -1,7 +1,7 @@ ### [CVE-2024-34394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34394) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-843%20Access%20of%20Resource%20Using%20Incompatible%20Type%20('Type%20Confusion')&color=brighgreen) ### Description @@ -14,5 +14,5 @@ libxmljs2 is vulnerable to a type confusion vulnerability when parsing a special - https://research.jfrog.com/vulnerabilities/libxmljs2-namespaces-type-confusion-rce-jfsa-2024-001034098/ #### Github -No PoCs found on GitHub currently. +- https://github.com/ttskp/libxmljs2-noop diff --git a/2024/CVE-2024-34402.md b/2024/CVE-2024-34402.md new file mode 100644 index 0000000000..cfa00e068b --- /dev/null +++ b/2024/CVE-2024-34402.md @@ -0,0 +1,17 @@ +### [CVE-2024-34402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34402) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ghostbyt3/patch-tuesday + diff --git a/2024/CVE-2024-34405.md b/2024/CVE-2024-34405.md new file mode 100644 index 0000000000..a1bd4509bc --- /dev/null +++ b/2024/CVE-2024-34405.md @@ -0,0 +1,17 @@ +### [CVE-2024-34405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34405) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. + +### POC + +#### Reference +- https://www.mcafee.com/support/?page=shell&shell=article-view&articleId=000002403 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34406.md b/2024/CVE-2024-34406.md new file mode 100644 index 0000000000..f629f35342 --- /dev/null +++ b/2024/CVE-2024-34406.md @@ -0,0 +1,17 @@ +### [CVE-2024-34406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34406) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. + +### POC + +#### Reference +- https://www.mcafee.com/support/?page=shell&shell=article-view&articleId=000002403 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34423.md b/2024/CVE-2024-34423.md new file mode 100644 index 0000000000..af6c27909e --- /dev/null +++ b/2024/CVE-2024-34423.md @@ -0,0 +1,17 @@ +### [CVE-2024-34423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34423) +![](https://img.shields.io/static/v1?label=Product&message=Forty%20Four%20%E2%80%93%20404%20Plugin%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four – 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four – 404 Plugin for WordPress: from n/a through 1.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-34426.md b/2024/CVE-2024-34426.md new file mode 100644 index 0000000000..d601a2ac81 --- /dev/null +++ b/2024/CVE-2024-34426.md @@ -0,0 +1,17 @@ +### [CVE-2024-34426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34426) +![](https://img.shields.io/static/v1?label=Product&message=Brozzme%20Scroll%20Top&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.8.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benoti Brozzme Scroll Top allows Stored XSS.This issue affects Brozzme Scroll Top: from n/a through 1.8.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-3444.md b/2024/CVE-2024-3444.md index 9b91dc6099..a9f867e768 100644 --- a/2024/CVE-2024-3444.md +++ b/2024/CVE-2024-3444.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t diff --git a/2024/CVE-2024-34443.md b/2024/CVE-2024-34443.md new file mode 100644 index 0000000000..c9d6fa0128 --- /dev/null +++ b/2024/CVE-2024-34443.md @@ -0,0 +1,17 @@ +### [CVE-2024-34443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34443) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20Revolution&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SWORDIntel/SPINDOCTOR + diff --git a/2024/CVE-2024-34444.md b/2024/CVE-2024-34444.md new file mode 100644 index 0000000000..bf1027ff38 --- /dev/null +++ b/2024/CVE-2024-34444.md @@ -0,0 +1,18 @@ +### [CVE-2024-34444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34444) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20Revolution&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/BharatCyberForce/wp-hunter +- https://github.com/SWORDIntel/SPINDOCTOR + diff --git a/2024/CVE-2024-34447.md b/2024/CVE-2024-34447.md index 540596e826..ea597403ec 100644 --- a/2024/CVE-2024-34447.md +++ b/2024/CVE-2024-34447.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/haba713/depcheck-gretty-issue - https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-34459.md b/2024/CVE-2024-34459.md index 92ede1d4be..2d59e98c6a 100644 --- a/2024/CVE-2024-34459.md +++ b/2024/CVE-2024-34459.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/hlascelles/bundler-resolutions diff --git a/2024/CVE-2024-34463.md b/2024/CVE-2024-34463.md new file mode 100644 index 0000000000..79e76a81bb --- /dev/null +++ b/2024/CVE-2024-34463.md @@ -0,0 +1,18 @@ +### [CVE-2024-34463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34463) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/yash-chandna/CVE-2024-34463 + diff --git a/2024/CVE-2024-34470.md b/2024/CVE-2024-34470.md index ceb9471485..73ed108381 100644 --- a/2024/CVE-2024-34470.md +++ b/2024/CVE-2024-34470.md @@ -13,11 +13,29 @@ An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unaut - https://github.com/osvaldotenorio/CVE-2024-34470 #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/Cappricio-Securities/CVE-2024-34470 +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mr-r00t11/CVE-2024-34470 - https://github.com/Ostorlab/KEV +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/bigb0x/CVE-2024-34470 +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/osvaldotenorio/CVE-2024-34470 - https://github.com/th3gokul/CVE-2024-34470 - https://github.com/wjlin0/poc-doc diff --git a/2024/CVE-2024-34474.md b/2024/CVE-2024-34474.md index b443670c6a..f430313169 100644 --- a/2024/CVE-2024-34474.md +++ b/2024/CVE-2024-34474.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/Alaatk/CVE-2024-34474 +- https://github.com/Ekitji/siem - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3448.md b/2024/CVE-2024-3448.md index bdffaf889c..ceea8d6ea3 100644 --- a/2024/CVE-2024-3448.md +++ b/2024/CVE-2024-3448.md @@ -13,5 +13,6 @@ Users with low privileges can perform certain AJAX actions. In this vulnerabili No PoCs from references. #### Github +- https://github.com/ZHAW-Infosec-Research-Group/A2CT - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-34519.md b/2024/CVE-2024-34519.md new file mode 100644 index 0000000000..7272232eb5 --- /dev/null +++ b/2024/CVE-2024-34519.md @@ -0,0 +1,17 @@ +### [CVE-2024-34519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34519) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has privileges that a dashboard visitor should not have. + +### POC + +#### Reference +- https://support.avantra.com/support/solutions/articles/44002516766-xan-5367-security-vulnerability-fix-for-dashboards + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34693.md b/2024/CVE-2024-34693.md index c21c6dd371..481508449e 100644 --- a/2024/CVE-2024-34693.md +++ b/2024/CVE-2024-34693.md @@ -13,5 +13,7 @@ Improper Input Validation vulnerability in Apache Superset, allows for an authen No PoCs from references. #### Github +- https://github.com/Mr-r00t11/CVE-2024-34693 +- https://github.com/mbadanoiu/CVE-2024-34693 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-34716.md b/2024/CVE-2024-34716.md index f8ace04202..eb9dbb33bd 100644 --- a/2024/CVE-2024-34716.md +++ b/2024/CVE-2024-34716.md @@ -13,6 +13,12 @@ PrestaShop is an open source e-commerce web application. A cross-site scripting No PoCs from references. #### Github +- https://github.com/0xDTC/Prestashop-CVE-2024-34716 +- https://github.com/TU-M/Trickster-HTB +- https://github.com/Wind010/Wind010 +- https://github.com/aelmokhtar/CVE-2024-34716 - https://github.com/aelmokhtar/CVE-2024-34716_PoC +- https://github.com/eetukarttunen/security-testing - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-34719.md b/2024/CVE-2024-34719.md new file mode 100644 index 0000000000..639b418762 --- /dev/null +++ b/2024/CVE-2024-34719.md @@ -0,0 +1,17 @@ +### [CVE-2024-34719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34719) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +- https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b0e4375577ba7e21bd40edac5990bea418ecdc8c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-34739.md b/2024/CVE-2024-34739.md new file mode 100644 index 0000000000..edc20fb0ec --- /dev/null +++ b/2024/CVE-2024-34739.md @@ -0,0 +1,17 @@ +### [CVE-2024-34739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34739) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/uthrasri/CVE-2024-34739 + diff --git a/2024/CVE-2024-34741.md b/2024/CVE-2024-34741.md new file mode 100644 index 0000000000..4072088af6 --- /dev/null +++ b/2024/CVE-2024-34741.md @@ -0,0 +1,17 @@ +### [CVE-2024-34741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34741) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/uthrasri/CVE-2024-34741 + diff --git a/2024/CVE-2024-34750.md b/2024/CVE-2024-34750.md new file mode 100644 index 0000000000..f886d07611 --- /dev/null +++ b/2024/CVE-2024-34750.md @@ -0,0 +1,18 @@ +### [CVE-2024-34750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34750) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=11.0.0-M1%3C%3D%2011.0.0-M20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-755%20Improper%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) + +### Description + +Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/diegopacheco/Smith + diff --git a/2024/CVE-2024-34790.md b/2024/CVE-2024-34790.md new file mode 100644 index 0000000000..b756996e18 --- /dev/null +++ b/2024/CVE-2024-34790.md @@ -0,0 +1,17 @@ +### [CVE-2024-34790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34790) +![](https://img.shields.io/static/v1?label=Product&message=ImageMagick%20Sharpen%20Resized%20Images&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through 1.1.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-34797.md b/2024/CVE-2024-34797.md new file mode 100644 index 0000000000..fd850cd107 --- /dev/null +++ b/2024/CVE-2024-34797.md @@ -0,0 +1,17 @@ +### [CVE-2024-34797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34797) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Popup%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.3.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-34831.md b/2024/CVE-2024-34831.md new file mode 100644 index 0000000000..5b06df63dc --- /dev/null +++ b/2024/CVE-2024-34831.md @@ -0,0 +1,17 @@ +### [CVE-2024-34831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34831) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. + +### POC + +#### Reference +- https://github.com/enzored/CVE-2024-34831 + +#### Github +- https://github.com/enzored/CVE-2024-34831 + diff --git a/2024/CVE-2024-34882.md b/2024/CVE-2024-34882.md new file mode 100644 index 0000000000..f545ec50ac --- /dev/null +++ b/2024/CVE-2024-34882.md @@ -0,0 +1,17 @@ +### [CVE-2024-34882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34882) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DrieVlad/BitrixVulns + diff --git a/2024/CVE-2024-34883.md b/2024/CVE-2024-34883.md new file mode 100644 index 0000000000..ba794700eb --- /dev/null +++ b/2024/CVE-2024-34883.md @@ -0,0 +1,17 @@ +### [CVE-2024-34883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34883) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DrieVlad/BitrixVulns + diff --git a/2024/CVE-2024-34885.md b/2024/CVE-2024-34885.md new file mode 100644 index 0000000000..4ee58e12b1 --- /dev/null +++ b/2024/CVE-2024-34885.md @@ -0,0 +1,17 @@ +### [CVE-2024-34885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34885) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DrieVlad/BitrixVulns + diff --git a/2024/CVE-2024-34887.md b/2024/CVE-2024-34887.md new file mode 100644 index 0000000000..b825a638b1 --- /dev/null +++ b/2024/CVE-2024-34887.md @@ -0,0 +1,17 @@ +### [CVE-2024-34887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34887) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DrieVlad/BitrixVulns + diff --git a/2024/CVE-2024-34891.md b/2024/CVE-2024-34891.md new file mode 100644 index 0000000000..5d040d1b0c --- /dev/null +++ b/2024/CVE-2024-34891.md @@ -0,0 +1,17 @@ +### [CVE-2024-34891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34891) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DrieVlad/BitrixVulns + diff --git a/2024/CVE-2024-34897.md b/2024/CVE-2024-34897.md new file mode 100644 index 0000000000..7724a523dc --- /dev/null +++ b/2024/CVE-2024-34897.md @@ -0,0 +1,17 @@ +### [CVE-2024-34897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34897) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/murataydemir/CVE-2024-23897 + diff --git a/2024/CVE-2024-34899.md b/2024/CVE-2024-34899.md index 1b7d9038ff..77e8b7436c 100644 --- a/2024/CVE-2024-34899.md +++ b/2024/CVE-2024-34899.md @@ -13,5 +13,5 @@ WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). - https://hackerdna.com/courses/cve/cve-2024-34899 #### Github -No PoCs found on GitHub currently. +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-3495.md b/2024/CVE-2024-3495.md index 98a888afc5..0fce5dc81c 100644 --- a/2024/CVE-2024-3495.md +++ b/2024/CVE-2024-3495.md @@ -13,9 +13,33 @@ The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL In No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/R4m24n/wp +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/gh-ost00/SQL_Injection +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/issamjr/CVE-2024-2876 +- https://github.com/janz420/WP-SQLi +- https://github.com/jeymo092/-SQL_Injection_Wordpress +- https://github.com/khushi8080/wp-SQL_Injection +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/truonghuuphuc/CVE-2024-3495-Poc +- https://github.com/truonghuuphuc/Poc - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-34959.md b/2024/CVE-2024-34959.md new file mode 100644 index 0000000000..e16a65c225 --- /dev/null +++ b/2024/CVE-2024-34959.md @@ -0,0 +1,17 @@ +### [CVE-2024-34959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34959) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. + +### POC + +#### Reference +- https://gitee.com/upgogo/s123/issues/I9MARO + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3498.md b/2024/CVE-2024-3498.md new file mode 100644 index 0000000000..8c0fc14a7f --- /dev/null +++ b/2024/CVE-2024-3498.md @@ -0,0 +1,17 @@ +### [CVE-2024-3498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3498) +![](https://img.shields.io/static/v1?label=Product&message=Toshiba%20Tec%20e-Studio%20multi-function%20peripheral%20(MFP)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20see%20the%20reference%20URL%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen) + +### Description + +Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gglessner/KafkaClient + diff --git a/2024/CVE-2024-34990.md b/2024/CVE-2024-34990.md new file mode 100644 index 0000000000..f56d0e5d11 --- /dev/null +++ b/2024/CVE-2024-34990.md @@ -0,0 +1,17 @@ +### [CVE-2024-34990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34990) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers. + +### POC + +#### Reference +- https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-06-18-helpdesk.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35056.md b/2024/CVE-2024-35056.md new file mode 100644 index 0000000000..3a6baea323 --- /dev/null +++ b/2024/CVE-2024-35056.md @@ -0,0 +1,17 @@ +### [CVE-2024-35056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35056) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-35057.md b/2024/CVE-2024-35057.md index d0c9f69f9c..2fb9963c69 100644 --- a/2024/CVE-2024-35057.md +++ b/2024/CVE-2024-35057.md @@ -13,5 +13,6 @@ An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via No PoCs from references. #### Github +- https://github.com/ANG13T/aerospace-cve-list - https://github.com/cisagov/vulnrichment diff --git a/2024/CVE-2024-35058.md b/2024/CVE-2024-35058.md new file mode 100644 index 0000000000..8f00e2d2af --- /dev/null +++ b/2024/CVE-2024-35058.md @@ -0,0 +1,17 @@ +### [CVE-2024-35058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35058) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-35059.md b/2024/CVE-2024-35059.md new file mode 100644 index 0000000000..6066214c3c --- /dev/null +++ b/2024/CVE-2024-35059.md @@ -0,0 +1,17 @@ +### [CVE-2024-35059](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35059) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-35060.md b/2024/CVE-2024-35060.md new file mode 100644 index 0000000000..7591a4dd8a --- /dev/null +++ b/2024/CVE-2024-35060.md @@ -0,0 +1,17 @@ +### [CVE-2024-35060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35060) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-35061.md b/2024/CVE-2024-35061.md new file mode 100644 index 0000000000..5fecf45a1b --- /dev/null +++ b/2024/CVE-2024-35061.md @@ -0,0 +1,17 @@ +### [CVE-2024-35061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35061) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-35106.md b/2024/CVE-2024-35106.md new file mode 100644 index 0000000000..b550b78581 --- /dev/null +++ b/2024/CVE-2024-35106.md @@ -0,0 +1,17 @@ +### [CVE-2024-35106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35106) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request. + +### POC + +#### Reference +- https://gist.github.com/laskdjlaskdj12/571db73f18be1da1271fa1eb09f488de + +#### Github +- https://github.com/laskdjlaskdj12/CVE-2024-35106-POC + diff --git a/2024/CVE-2024-35133.md b/2024/CVE-2024-35133.md new file mode 100644 index 0000000000..be413bd587 --- /dev/null +++ b/2024/CVE-2024-35133.md @@ -0,0 +1,18 @@ +### [CVE-2024-35133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35133) +![](https://img.shields.io/static/v1?label=Product&message=Security%20Verify%20Access%20Docker&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Security%20Verify%20Access&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%3D%2010.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ozozuz/Ozozuz-IBM-Security-Verify-CVE-2024-35133 + diff --git a/2024/CVE-2024-3516.md b/2024/CVE-2024-3516.md index f2bb0a318e..3b53c77c7c 100644 --- a/2024/CVE-2024-3516.md +++ b/2024/CVE-2024-3516.md @@ -14,4 +14,6 @@ Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-35161.md b/2024/CVE-2024-35161.md new file mode 100644 index 0000000000..95f0ac3e1d --- /dev/null +++ b/2024/CVE-2024-35161.md @@ -0,0 +1,17 @@ +### [CVE-2024-35161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35161) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Traffic%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.0.0%3C%3D%208.1.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/rajeshwarideoraj/Vulnerability_Data_Extraction_and_Analysis + diff --git a/2024/CVE-2024-35176.md b/2024/CVE-2024-35176.md index 947083243b..6480a480db 100644 --- a/2024/CVE-2024-35176.md +++ b/2024/CVE-2024-35176.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github +- https://github.com/SpiralBL0CK/CVE-2024-35176 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/lifeparticle/Ruby-Cheatsheet diff --git a/2024/CVE-2024-35177.md b/2024/CVE-2024-35177.md new file mode 100644 index 0000000000..51c179e67c --- /dev/null +++ b/2024/CVE-2024-35177.md @@ -0,0 +1,17 @@ +### [CVE-2024-35177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35177) +![](https://img.shields.io/static/v1?label=Product&message=wazuh&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.0.0%2C%20%3C%204.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35195.md b/2024/CVE-2024-35195.md index fd2bfe230a..7f57545db2 100644 --- a/2024/CVE-2024-35195.md +++ b/2024/CVE-2024-35195.md @@ -13,7 +13,16 @@ Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requ No PoCs from references. #### Github +- https://github.com/Codex-Crusader/meme-web - https://github.com/PBorocz/raindrop-io-py +- https://github.com/andcoa/NixGuard +- https://github.com/arustyt/wled-tools - https://github.com/astellingwerf/renovate-requests-allowedVersion +- https://github.com/dmtkfs/daily-cve-watch +- https://github.com/endorlabs/vendoring +- https://github.com/furmidgeuk/snyk-scan-action +- https://github.com/ifunky/demo-site +- https://github.com/rahg0/python-weather-app +- https://github.com/rahg0/python-weather-app-with-pipenv - https://github.com/seal-community/patches diff --git a/2024/CVE-2024-35198.md b/2024/CVE-2024-35198.md new file mode 100644 index 0000000000..2b0b56dcb3 --- /dev/null +++ b/2024/CVE-2024-35198.md @@ -0,0 +1,17 @@ +### [CVE-2024-35198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35198) +![](https://img.shields.io/static/v1?label=Product&message=serve&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.4.2%2C%20%3C%200.11.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-706%3A%20Use%20of%20Incorrectly-Resolved%20Name%20or%20Reference&color=brighgreen) + +### Description + +TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ibrahmsql/discoursemap + diff --git a/2024/CVE-2024-35200.md b/2024/CVE-2024-35200.md new file mode 100644 index 0000000000..737ab8c0ae --- /dev/null +++ b/2024/CVE-2024-35200.md @@ -0,0 +1,19 @@ +### [CVE-2024-35200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35200) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Open%20Source&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=NGINX%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.25.0%3C%201.26.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=R30%3C%20R32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-35205.md b/2024/CVE-2024-35205.md index b52198fb2b..bd847ec7eb 100644 --- a/2024/CVE-2024-35205.md +++ b/2024/CVE-2024-35205.md @@ -14,4 +14,7 @@ No PoCs from references. #### Github - https://github.com/Ch0pin/related_work +- https://github.com/Theganeshpatil/DirtyStream_Exploit +- https://github.com/cyb3r-w0lf/Dirty_Stream-Android-POC +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-35230.md b/2024/CVE-2024-35230.md new file mode 100644 index 0000000000..59bb1a7781 --- /dev/null +++ b/2024/CVE-2024-35230.md @@ -0,0 +1,17 @@ +### [CVE-2024-35230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35230) +![](https://img.shields.io/static/v1?label=Product&message=geoserver&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.0.0%2C%20%3C%202.26.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35242.md b/2024/CVE-2024-35242.md index e47fd980a9..70d0bf1a2f 100644 --- a/2024/CVE-2024-35242.md +++ b/2024/CVE-2024-35242.md @@ -13,5 +13,6 @@ Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2. No PoCs from references. #### Github +- https://github.com/KKkai0315/CVE-2024-35242 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-35244.md b/2024/CVE-2024-35244.md new file mode 100644 index 0000000000..ef5290558e --- /dev/null +++ b/2024/CVE-2024-35244.md @@ -0,0 +1,18 @@ +### [CVE-2024-35244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35244) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20hard-coded%20credentials&color=brighgreen) + +### Description + +There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35250.md b/2024/CVE-2024-35250.md index a4f91c00e5..fcda092a3d 100644 --- a/2024/CVE-2024-35250.md +++ b/2024/CVE-2024-35250.md @@ -50,5 +50,19 @@ Windows Kernel-Mode Driver Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/0xROOTPLS/GiveMeKernel +- https://github.com/BlackTom900131/awesome-game-security +- https://github.com/CrackerCat/CVE-2024-35250 +- https://github.com/ghostbyt3/WinDriver-EXP +- https://github.com/gmh5225/awesome-game-security - https://github.com/myseq/ms_patch_tuesday +- https://github.com/packetinside/CISA_BOT +- https://github.com/ro0tmylove/CVE-2024-35250-BOF +- https://github.com/taielab/awesome-hacking-lists +- https://github.com/trevor0106/game-security +- https://github.com/ycdxsb/WindowsPrivilegeEscalation +- https://github.com/yinsel/CVE-2024-35250-BOF +- https://github.com/youcannotseemeagain/ele +- https://github.com/zer0condition/ZeroHVCI +- https://github.com/zsxen/WHS3-KernelPanic diff --git a/2024/CVE-2024-35255.md b/2024/CVE-2024-35255.md index 798c02da41..af525d827f 100644 --- a/2024/CVE-2024-35255.md +++ b/2024/CVE-2024-35255.md @@ -26,4 +26,5 @@ No PoCs from references. #### Github - https://github.com/Azure/kafka-sink-azure-kusto +- https://github.com/h4ckm1n-dev/report-test diff --git a/2024/CVE-2024-35260.md b/2024/CVE-2024-35260.md index ce61f6bda3..1368d7e74c 100644 --- a/2024/CVE-2024-35260.md +++ b/2024/CVE-2024-35260.md @@ -5,7 +5,7 @@ ### Description -An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network. +An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. ### POC diff --git a/2024/CVE-2024-35264.md b/2024/CVE-2024-35264.md new file mode 100644 index 0000000000..aa981d7f6e --- /dev/null +++ b/2024/CVE-2024-35264.md @@ -0,0 +1,25 @@ +### [CVE-2024-35264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35264) +![](https://img.shields.io/static/v1?label=Product&message=.NET%208.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%208.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.10%3C%2017.10.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.4.0%3C%2017.4.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +.NET and Visual Studio Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MOHAN-SINGH-0/cybersecurity-Task-3 + diff --git a/2024/CVE-2024-35286.md b/2024/CVE-2024-35286.md new file mode 100644 index 0000000000..004274b3cc --- /dev/null +++ b/2024/CVE-2024-35286.md @@ -0,0 +1,18 @@ +### [CVE-2024-35286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35286) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-35287.md b/2024/CVE-2024-35287.md new file mode 100644 index 0000000000..c132d22a70 --- /dev/null +++ b/2024/CVE-2024-35287.md @@ -0,0 +1,17 @@ +### [CVE-2024-35287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35287) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/uklad/Micollab-Script + diff --git a/2024/CVE-2024-35288.md b/2024/CVE-2024-35288.md new file mode 100644 index 0000000000..91688e562e --- /dev/null +++ b/2024/CVE-2024-35288.md @@ -0,0 +1,17 @@ +### [CVE-2024-35288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35288) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM. + +### POC + +#### Reference +- https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-nitro-pdf-pro/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35293.md b/2024/CVE-2024-35293.md new file mode 100644 index 0000000000..ef04bf017c --- /dev/null +++ b/2024/CVE-2024-35293.md @@ -0,0 +1,17 @@ +### [CVE-2024-35293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35293) +![](https://img.shields.io/static/v1?label=Product&message=Series%20700&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0.0%3C%3D%200.1.17.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%3A%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. + +### POC + +#### Reference +- https://www.schneider-elektronik.de/wp-content/uploads/2024/07/SAR-202405-1.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35311.md b/2024/CVE-2024-35311.md new file mode 100644 index 0000000000..f759a2c159 --- /dev/null +++ b/2024/CVE-2024-35311.md @@ -0,0 +1,17 @@ +### [CVE-2024-35311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35311) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Skiti/CTrAPs + diff --git a/2024/CVE-2024-35315.md b/2024/CVE-2024-35315.md new file mode 100644 index 0000000000..f0ffb7ae8e --- /dev/null +++ b/2024/CVE-2024-35315.md @@ -0,0 +1,18 @@ +### [CVE-2024-35315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35315) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ewilded/CVE-2024-35315-POC +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-35325.md b/2024/CVE-2024-35325.md index d42ab6f1dc..b916a29e2c 100644 --- a/2024/CVE-2024-35325.md +++ b/2024/CVE-2024-35325.md @@ -13,5 +13,5 @@ - https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c #### Github -No PoCs found on GitHub currently. +- https://github.com/ardhiatno/ubimicro-fluentbit diff --git a/2024/CVE-2024-35410.md b/2024/CVE-2024-35410.md new file mode 100644 index 0000000000..38f745c7e5 --- /dev/null +++ b/2024/CVE-2024-35410.md @@ -0,0 +1,17 @@ +### [CVE-2024-35410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35410) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file. + +### POC + +#### Reference +- https://github.com/kanaka/wac/issues/17 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35423.md b/2024/CVE-2024-35423.md new file mode 100644 index 0000000000..bc3bc2c63c --- /dev/null +++ b/2024/CVE-2024-35423.md @@ -0,0 +1,17 @@ +### [CVE-2024-35423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35423) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c. + +### POC + +#### Reference +- https://github.com/andoma/vmir/issues/18 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35431.md b/2024/CVE-2024-35431.md index 7036ad02f2..d805af8087 100644 --- a/2024/CVE-2024-35431.md +++ b/2024/CVE-2024-35431.md @@ -5,7 +5,7 @@ ### Description -ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. +ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1. ### POC diff --git a/2024/CVE-2024-35498.md b/2024/CVE-2024-35498.md new file mode 100644 index 0000000000..3b9922286a --- /dev/null +++ b/2024/CVE-2024-35498.md @@ -0,0 +1,18 @@ +### [CVE-2024-35498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35498) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. + +### POC + +#### Reference +- https://github.com/r4vanan/Stored-xss-Grav-v1.7.45 +- https://r4vanan.medium.com/a-quick-dive-into-xss-vulnerability-in-grav-cms-v1-7-45-cve-2024-35498-fc236b7d74a0 + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-35515.md b/2024/CVE-2024-35515.md new file mode 100644 index 0000000000..9ed20aca3f --- /dev/null +++ b/2024/CVE-2024-35515.md @@ -0,0 +1,17 @@ +### [CVE-2024-35515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35515) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. + +### POC + +#### Reference +- https://wha13.github.io/2024/06/13/mfcve/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35517.md b/2024/CVE-2024-35517.md new file mode 100644 index 0000000000..3d8c56490d --- /dev/null +++ b/2024/CVE-2024-35517.md @@ -0,0 +1,17 @@ +### [CVE-2024-35517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35517) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnixPasBesoin/AnixPasBesoin + diff --git a/2024/CVE-2024-35518.md b/2024/CVE-2024-35518.md new file mode 100644 index 0000000000..15860d337e --- /dev/null +++ b/2024/CVE-2024-35518.md @@ -0,0 +1,17 @@ +### [CVE-2024-35518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35518) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnixPasBesoin/AnixPasBesoin + diff --git a/2024/CVE-2024-35519.md b/2024/CVE-2024-35519.md new file mode 100644 index 0000000000..59c7dfcb9f --- /dev/null +++ b/2024/CVE-2024-35519.md @@ -0,0 +1,18 @@ +### [CVE-2024-35519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35519) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnixPasBesoin/AnixPasBesoin +- https://github.com/ttepatti/analyzing-netgear-ex6100 + diff --git a/2024/CVE-2024-3552.md b/2024/CVE-2024-3552.md index 6f3b9b2a26..5ad983afdd 100644 --- a/2024/CVE-2024-3552.md +++ b/2024/CVE-2024-3552.md @@ -13,8 +13,29 @@ The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escap - https://wpscan.com/vulnerability/34b03ee4-de81-4fec-9f3d-e1bd5b94d136/ #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/KiPhuong/challenge-cve-2024-3552 +- https://github.com/KiPhuong/cve-2024-3552 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/capt-bl4ck0ut/CYBERCON-2025-Writeup-Web- +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/truonghuuphuc/CVE-2024-3552-Poc +- https://github.com/truonghuuphuc/Poc - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-35520.md b/2024/CVE-2024-35520.md new file mode 100644 index 0000000000..08fecababe --- /dev/null +++ b/2024/CVE-2024-35520.md @@ -0,0 +1,17 @@ +### [CVE-2024-35520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35520) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnixPasBesoin/AnixPasBesoin + diff --git a/2024/CVE-2024-35522.md b/2024/CVE-2024-35522.md new file mode 100644 index 0000000000..116ff29acd --- /dev/null +++ b/2024/CVE-2024-35522.md @@ -0,0 +1,17 @@ +### [CVE-2024-35522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35522) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnixPasBesoin/AnixPasBesoin + diff --git a/2024/CVE-2024-35538.md b/2024/CVE-2024-35538.md index 59cbec2c67..e6ae1adcb5 100644 --- a/2024/CVE-2024-35538.md +++ b/2024/CVE-2024-35538.md @@ -13,5 +13,6 @@ Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, whi - https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/ #### Github +- https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-35539.md b/2024/CVE-2024-35539.md index 45dda61d75..10c52679c7 100644 --- a/2024/CVE-2024-35539.md +++ b/2024/CVE-2024-35539.md @@ -13,5 +13,5 @@ Typecho v1.3.0 was discovered to contain a race condition vulnerability in the p - https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/ #### Github -No PoCs found on GitHub currently. +- https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities diff --git a/2024/CVE-2024-35540.md b/2024/CVE-2024-35540.md index ab768904dd..e922935471 100644 --- a/2024/CVE-2024-35540.md +++ b/2024/CVE-2024-35540.md @@ -13,5 +13,5 @@ A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attac - https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/ #### Github -No PoCs found on GitHub currently. +- https://github.com/cyberaz0r/Typecho-Multiple-Vulnerabilities diff --git a/2024/CVE-2024-35584.md b/2024/CVE-2024-35584.md new file mode 100644 index 0000000000..535a957f02 --- /dev/null +++ b/2024/CVE-2024-35584.md @@ -0,0 +1,17 @@ +### [CVE-2024-35584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35584) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For" header and appends it to a SQL INSERT statement directly, leading to SQL Injection. + +### POC + +#### Reference +- https://github.com/whwhwh96/CVE-2024-35584 + +#### Github +- https://github.com/whwhwh96/CVE-2024-35584 + diff --git a/2024/CVE-2024-35621.md b/2024/CVE-2024-35621.md new file mode 100644 index 0000000000..0d3ad41c3e --- /dev/null +++ b/2024/CVE-2024-35621.md @@ -0,0 +1,17 @@ +### [CVE-2024-35621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35621) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-35639.md b/2024/CVE-2024-35639.md new file mode 100644 index 0000000000..c2389363ae --- /dev/null +++ b/2024/CVE-2024-35639.md @@ -0,0 +1,17 @@ +### [CVE-2024-35639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35639) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Spoiler&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-35640.md b/2024/CVE-2024-35640.md new file mode 100644 index 0000000000..587e3d10f9 --- /dev/null +++ b/2024/CVE-2024-35640.md @@ -0,0 +1,17 @@ +### [CVE-2024-35640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35640) +![](https://img.shields.io/static/v1?label=Product&message=Safety%20Exit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-35642.md b/2024/CVE-2024-35642.md new file mode 100644 index 0000000000..446c69d219 --- /dev/null +++ b/2024/CVE-2024-35642.md @@ -0,0 +1,17 @@ +### [CVE-2024-35642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35642) +![](https://img.shields.io/static/v1?label=Product&message=Site%20Favicon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-3568.md b/2024/CVE-2024-3568.md index 8637c2db0e..53ca39fb46 100644 --- a/2024/CVE-2024-3568.md +++ b/2024/CVE-2024-3568.md @@ -13,5 +13,10 @@ The huggingface/transformers library is vulnerable to arbitrary code execution t No PoCs from references. #### Github +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Xiaorui-Huang/pickle_attack - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/llm-sec/transformer-hacker +- https://github.com/rooobeam/Pickle-Deserialization-Exploit-in-Transformers diff --git a/2024/CVE-2024-35681.md b/2024/CVE-2024-35681.md new file mode 100644 index 0000000000..e314509a17 --- /dev/null +++ b/2024/CVE-2024-35681.md @@ -0,0 +1,17 @@ +### [CVE-2024-35681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35681) +![](https://img.shields.io/static/v1?label=Product&message=wpDiscuz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NeoOniX/5ATTACK + diff --git a/2024/CVE-2024-3572.md b/2024/CVE-2024-3572.md new file mode 100644 index 0000000000..5edc2dbca7 --- /dev/null +++ b/2024/CVE-2024-3572.md @@ -0,0 +1,17 @@ +### [CVE-2024-3572](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3572) +![](https://img.shields.io/static/v1?label=Product&message=scrapy%2Fscrapy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.11.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-409%20Improper%20Handling%20of%20Highly%20Compressed%20Data%20(Data%20Amplification)&color=brighgreen) + +### Description + +The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase + diff --git a/2024/CVE-2024-3574.md b/2024/CVE-2024-3574.md new file mode 100644 index 0000000000..fd4ccfe9f6 --- /dev/null +++ b/2024/CVE-2024-3574.md @@ -0,0 +1,17 @@ +### [CVE-2024-3574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3574) +![](https://img.shields.io/static/v1?label=Product&message=scrapy%2Fscrapy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.11.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase + diff --git a/2024/CVE-2024-35752.md b/2024/CVE-2024-35752.md index e4371961c8..63721967c8 100644 --- a/2024/CVE-2024-35752.md +++ b/2024/CVE-2024-35752.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site No PoCs from references. #### Github +- https://github.com/Cr0nu3/Cr0nu3 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-35756.md b/2024/CVE-2024-35756.md new file mode 100644 index 0000000000..7e99b32cd6 --- /dev/null +++ b/2024/CVE-2024-35756.md @@ -0,0 +1,17 @@ +### [CVE-2024-35756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35756) +![](https://img.shields.io/static/v1?label=Product&message=Tooltip%20CK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.2.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.This issue affects Tooltip CK: from n/a through 2.2.15. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-3579.md b/2024/CVE-2024-3579.md index a1c459b21d..4bcd2bf740 100644 --- a/2024/CVE-2024-3579.md +++ b/2024/CVE-2024-3579.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/haardikdharma10/go-service diff --git a/2024/CVE-2024-35866.md b/2024/CVE-2024-35866.md new file mode 100644 index 0000000000..a8594720d1 --- /dev/null +++ b/2024/CVE-2024-35866.md @@ -0,0 +1,17 @@ +### [CVE-2024-35866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35866) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%3C%20d798fd98e3563027c5162259ead517057d6fa794%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:smb: client: fix potential UAF in cifs_dump_full_key()Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-35869.md b/2024/CVE-2024-35869.md new file mode 100644 index 0000000000..260c0f3f53 --- /dev/null +++ b/2024/CVE-2024-35869.md @@ -0,0 +1,17 @@ +### [CVE-2024-35869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35869) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20645f332c6b63%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:smb: client: guarantee refcounted children from parent sessionAvoid potential use-after-free bugs when walking DFS referrals,mounting and performing DFS failover by ensuring that all childrenfrom parent @tcon->ses are also refcounted. They're all needed acrossthe entire DFS mount. Get rid of @tcon->dfs_ses_list while we're atit, too. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-35880.md b/2024/CVE-2024-35880.md new file mode 100644 index 0000000000..5cf3367f9f --- /dev/null +++ b/2024/CVE-2024-35880.md @@ -0,0 +1,17 @@ +### [CVE-2024-35880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35880) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=09f7520048ea%3C%2065938e81df21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:io_uring/kbuf: hold io_buffer_list reference over mmapIf we look up the kbuf, ensure that it doesn't get unregistered untilafter we're done with it. Since we're inside mmap, we cannot safely usethe io_uring lock. Rely on the fact that we can lookup the buffer listunder RCU now and grab a reference to it, preventing it from beingunregistered until we're done with it. The lookup returns theio_buffer_list directly with it referenced. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-35887.md b/2024/CVE-2024-35887.md new file mode 100644 index 0000000000..aa2fabaf08 --- /dev/null +++ b/2024/CVE-2024-35887.md @@ -0,0 +1,17 @@ +### [CVE-2024-35887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35887) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2074204bf9050f%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:ax25: fix use-after-free bugs caused by ax25_ds_del_timerWhen the ax25 device is detaching, the ax25_dev_device_down()calls ax25_ds_del_timer() to cleanup the slave_timer. Whenthe timer handler is running, the ax25_ds_del_timer() thatcalls del_timer() in it will return directly. As a result,the use-after-free bugs could happen, one of the scenariosis shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout()ax25_dev_device_down() | ax25_ds_del_timer() | del_timer() | ax25_dev_put() //FREE | | ax25_dev-> //USEIn order to mitigate bugs, when the device is detaching, usetimer_shutdown_sync() to stop the timer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-35929.md b/2024/CVE-2024-35929.md new file mode 100644 index 0000000000..fa5fdb4bcb --- /dev/null +++ b/2024/CVE-2024-35929.md @@ -0,0 +1,17 @@ +### [CVE-2024-35929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35929) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%204d58c9fb45c7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y andCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11kthreadrcu_nocb_cb_kthread ksys_writercu_do_batch vfs_writercu_torture_timer_cb proc_sys_write__kmem_cache_free proc_sys_call_handlerkmemleak_free drop_caches_sysctl_handlerdelete_object_full drop_slab__delete_object shrink_slabput_object lazy_rcu_shrink_scancall_rcu rcu_nocb_flush_bypass__call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended);rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".This commit therefore uses rcu_nocb_try_flush_bypass() instead ofrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypassqueue is being flushed, then rcu_nocb_try_flush_bypass will returndirectly. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-35933.md b/2024/CVE-2024-35933.md new file mode 100644 index 0000000000..cca983dac9 --- /dev/null +++ b/2024/CVE-2024-35933.md @@ -0,0 +1,17 @@ +### [CVE-2024-35933](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35933) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20ec2049fb2b8b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:Bluetooth: btintel: Fix null ptr deref in btintel_read_versionIf hci_cmd_sync_complete() is triggered and skb is NULL, thenhdev->req_skb is NULL, which will cause this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/IES-Rafael-Alberti/Proyecto1_CybersecurityConsulting + diff --git a/2024/CVE-2024-35948.md b/2024/CVE-2024-35948.md new file mode 100644 index 0000000000..ef81d5088c --- /dev/null +++ b/2024/CVE-2024-35948.md @@ -0,0 +1,17 @@ +### [CVE-2024-35948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35948) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1c6fdbd8f246%3C%20fcdbc1d7a4b6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:bcachefs: Check for journal entries overruning end of sb clean sectionFix a missing bounds check in superblock validation.Note that we don't yet have repair code for this case - repair code forindividual items is generally low priority, since the whole superblockis checksummed, validated prior to write, and we have backups. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob + diff --git a/2024/CVE-2024-35949.md b/2024/CVE-2024-35949.md new file mode 100644 index 0000000000..2c294c713c --- /dev/null +++ b/2024/CVE-2024-35949.md @@ -0,0 +1,17 @@ +### [CVE-2024-35949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35949) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%3C%209dff3e36ea89e8003516841c27c45af562b6ef44%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:btrfs: make sure that WRITTEN is set on all metadata blocksWe previously would call btrfs_check_leaf() if we had the checkintegrity code enabled, which meant that we could only run the extendedleaf checks if we had WRITTEN set on the header flags.This leaves a gap in our checking, because we could end up withcorruption on disk where WRITTEN isn't set on the leaf, and then theextended leaf checks don't get run which we rely on to validate all ofthe item pointers to make sure we don't access memory outside of theextent buffer.However, since 732fab95abe2 ("btrfs: check-integrity: removeCONFIG_BTRFS_FS_CHECK_INTEGRITY option") we no longer callbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we onlyever call it on blocks that are being written out, and thus have WRITTENset, or that are being read in, which should have WRITTEN set.Add checks to make sure we have WRITTEN set appropriately, and then makesure __btrfs_check_leaf() always does the item checking. This willprotect us from file systems that have been corrupted and no longer haveWRITTEN set on some of the blocks.This was hit on a crafted image tweaking the WRITTEN bit and reported byKASAN as out-of-bound access in the eb accessors. The example is a diritem at the end of an eb. [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2 [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f] [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1 [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0 [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206 [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0 [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748 [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9 [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8 [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000 [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0 [2.621] Call Trace: [2.621] [2.621] ? show_regs+0x74/0x80 [2.621] ? die_addr+0x46/0xc0 [2.621] ? exc_general_protection+0x161/0x2a0 [2.621] ? asm_exc_general_protection+0x26/0x30 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? btrfs_get_16+0x34b/0x6d0 [2.621] ? btrfs_get_16+0x33a/0x6d0 [2.621] ? __pfx_btrfs_get_16+0x10/0x10 [2.621] ? __pfx_mutex_unlock+0x10/0x10 [2.621] btrfs_match_dir_item_name+0x101/0x1a0 [2.621] btrfs_lookup_dir_item+0x1f3/0x280 [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10 [2.621] btrfs_get_tree+0xd25/0x1910[ copy more details from report ] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob + diff --git a/2024/CVE-2024-3596.md b/2024/CVE-2024-3596.md index 7f3e8a952e..5acf6c52c2 100644 --- a/2024/CVE-2024-3596.md +++ b/2024/CVE-2024-3596.md @@ -15,5 +15,8 @@ RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local atta - https://www.blastradius.fail/ #### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/alperenugurlu/CVE-2024-3596-Detector +- https://github.com/bygregonline/devsec-fastapi-report - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-36006.md b/2024/CVE-2024-36006.md new file mode 100644 index 0000000000..127d8131b6 --- /dev/null +++ b/2024/CVE-2024-36006.md @@ -0,0 +1,17 @@ +### [CVE-2024-36006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6f9579d4e302%3C%200b2c13b670b1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum_acl_tcam: Fix incorrect list API usageBoth the function that migrates all the chunks within a region and thefunction that migrates all the entries within a chunk calllist_first_entry() on the respective lists without checking that thelists are not empty. This is incorrect usage of the API, which leads tothe following warning [1].Fix by returning if the lists are empty as there is nothing to migratein this case.[1]WARNING: CPU: 0 PID: 6437 at drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:1266 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0>Modules linked in:CPU: 0 PID: 6437 Comm: kworker/0:37 Not tainted 6.9.0-rc3-custom-00883-g94a65f079ef6 #39Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_workRIP: 0010:mlxsw_sp_acl_tcam_vchunk_migrate_all+0x1f1/0x2c0[...]Call Trace: mlxsw_sp_acl_tcam_vregion_rehash_work+0x6c/0x4a0 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/takaaki-fukunaga/cvechecker + diff --git a/2024/CVE-2024-36013.md b/2024/CVE-2024-36013.md new file mode 100644 index 0000000000..33ec88b15f --- /dev/null +++ b/2024/CVE-2024-36013.md @@ -0,0 +1,18 @@ +### [CVE-2024-36013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36013) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=73ffa904b782%3C%20cfe560c7050b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()Extend a critical section to prevent chan from early freeing.Also make the l2cap_connect() return type void. Nothing is using thereturned value but it is ugly to return a potentially freed pointer.Making it void will help with backports because earlier kernels did usethe return value. Now the compile will break for kernels where thispatch is not a complete fix.Call stack summary:[use]l2cap_bredr_sig_cmd l2cap_connect ┌ mutex_lock(&conn->chan_lock); │ chan = pchan->ops->new_connection(pchan); <- alloc chan │ __l2cap_chan_add(conn, chan); │ l2cap_chan_hold(chan); │ list_add(&chan->list, &conn->chan_l); ... (1) └ mutex_unlock(&conn->chan_lock); chan->conf_state ... (4) <- use after free[free]l2cap_conn_del┌ mutex_lock(&conn->chan_lock);│ foreach chan in conn->chan_l: ... (2)│ l2cap_chan_put(chan);│ l2cap_chan_destroy│ kfree(chan) ... (3) <- chan freed└ mutex_unlock(&conn->chan_lock);==================================================================BUG: KASAN: slab-use-after-free in instrument_atomic_readinclude/linux/instrumented.h:68 [inline]BUG: KASAN: slab-use-after-free in _test_bitinclude/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0net/bluetooth/l2cap_core.c:4260Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-36016.md b/2024/CVE-2024-36016.md new file mode 100644 index 0000000000..06665cb500 --- /dev/null +++ b/2024/CVE-2024-36016.md @@ -0,0 +1,17 @@ +### [CVE-2024-36016](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=e1eaea46bb40%3C%209513d4148950%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:tty: n_gsm: fix possible out-of-bounds in gsm0_receive()Assuming the following:- side A configures the n_gsm in basic option mode- side B sends the header of a basic option mode frame with data length 1- side A switches to advanced option mode- side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode.- side A switches to basic option mode- side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration.Fix this by changing gsm->count to gsm->len comparison from equal to lessthan. Also add upper limit checks against the constant MAX_MRU ingsm0_receive() and gsm1_receive() to harden against memory corruption ofgsm->len and gsm->mru.All other checks remain as we still need to limit the data according to theuser configuration and actual payload size. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-36034.md b/2024/CVE-2024-36034.md new file mode 100644 index 0000000000..5daa5ed538 --- /dev/null +++ b/2024/CVE-2024-36034.md @@ -0,0 +1,17 @@ +### [CVE-2024-36034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36034) +![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%208003%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports' search option. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/minhgalaxy/CVE + diff --git a/2024/CVE-2024-36035.md b/2024/CVE-2024-36035.md new file mode 100644 index 0000000000..deb8ee7c3d --- /dev/null +++ b/2024/CVE-2024-36035.md @@ -0,0 +1,17 @@ +### [CVE-2024-36035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36035) +![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%208003%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/minhgalaxy/CVE + diff --git a/2024/CVE-2024-36036.md b/2024/CVE-2024-36036.md index 07181049ac..9866332727 100644 --- a/2024/CVE-2024-36036.md +++ b/2024/CVE-2024-36036.md @@ -13,5 +13,8 @@ Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-36037.md b/2024/CVE-2024-36037.md index d53dc9f642..9ef2e88249 100644 --- a/2024/CVE-2024-36037.md +++ b/2024/CVE-2024-36037.md @@ -13,5 +13,8 @@ Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local No PoCs from references. #### Github +- https://github.com/0xor0ne/awesome-list +- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2 +- https://github.com/bachkhoasoft/awesome-list-ks - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-36039.md b/2024/CVE-2024-36039.md new file mode 100644 index 0000000000..28755f1c40 --- /dev/null +++ b/2024/CVE-2024-36039.md @@ -0,0 +1,17 @@ +### [CVE-2024-36039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36039) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kenjyco/sql-helper + diff --git a/2024/CVE-2024-36042.md b/2024/CVE-2024-36042.md new file mode 100644 index 0000000000..fa9c5741a3 --- /dev/null +++ b/2024/CVE-2024-36042.md @@ -0,0 +1,21 @@ +### [CVE-2024-36042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36042) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Esther7171/TryHackMe-Walkthroughs +- https://github.com/KarimLedesmaHaron/THM-Tutoriales +- https://github.com/oska45/Penetration-Testing-of-Multiple-Machines +- https://github.com/w3workerz/THM-Walkthroughs +- https://github.com/zaaraZiof0/CVE-2024-36042 + diff --git a/2024/CVE-2024-3605.md b/2024/CVE-2024-3605.md new file mode 100644 index 0000000000..c841b2b382 --- /dev/null +++ b/2024/CVE-2024-3605.md @@ -0,0 +1,17 @@ +### [CVE-2024-3605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3605) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Hotel%20Booking&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-3605 + diff --git a/2024/CVE-2024-36052.md b/2024/CVE-2024-36052.md index 6447a41fd2..de163c2443 100644 --- a/2024/CVE-2024-36052.md +++ b/2024/CVE-2024-36052.md @@ -13,5 +13,5 @@ RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen outp - https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 #### Github -No PoCs found on GitHub currently. +- https://github.com/DEVESH-N2/repo diff --git a/2024/CVE-2024-36060.md b/2024/CVE-2024-36060.md new file mode 100644 index 0000000000..2ff88b4439 --- /dev/null +++ b/2024/CVE-2024-36060.md @@ -0,0 +1,17 @@ +### [CVE-2024-36060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36060) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-36061.md b/2024/CVE-2024-36061.md new file mode 100644 index 0000000000..a3dc5faac2 --- /dev/null +++ b/2024/CVE-2024-36061.md @@ -0,0 +1,17 @@ +### [CVE-2024-36061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36061) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-36062.md b/2024/CVE-2024-36062.md new file mode 100644 index 0000000000..15e097fede --- /dev/null +++ b/2024/CVE-2024-36062.md @@ -0,0 +1,17 @@ +### [CVE-2024-36062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36062) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-36063.md b/2024/CVE-2024-36063.md new file mode 100644 index 0000000000..f84e841138 --- /dev/null +++ b/2024/CVE-2024-36063.md @@ -0,0 +1,17 @@ +### [CVE-2024-36063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36063) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-36064.md b/2024/CVE-2024-36064.md new file mode 100644 index 0000000000..0c0e87ceae --- /dev/null +++ b/2024/CVE-2024-36064.md @@ -0,0 +1,17 @@ +### [CVE-2024-36064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36064) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.nll.cb.dialer.dialer.DialerActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-36066.md b/2024/CVE-2024-36066.md new file mode 100644 index 0000000000..a5e01f2006 --- /dev/null +++ b/2024/CVE-2024-36066.md @@ -0,0 +1,17 @@ +### [CVE-2024-36066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36066) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication (the other option is certificate-based). RFC 4211 section 4.4 requires that password-based MAC parameters use a salt with a random value of at least 8 octets. This helps to inhibit dictionary attacks. Because the standalone CMP client originally was developed as test code, the salt was instead hardcoded and only 6 octets long. + +### POC + +#### Reference +- https://support.keyfactor.com/hc/en-us/articles/26965687021595-EJBCA-Security-Advisory-EJBCA-standalone-CMP-CLI-client + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36104.md b/2024/CVE-2024-36104.md index 62c219a82b..64edaebaf9 100644 --- a/2024/CVE-2024-36104.md +++ b/2024/CVE-2024-36104.md @@ -13,14 +13,35 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC - https://github.com/Co5mos/nuclei-tps +- https://github.com/DMW11525708/wiki +- https://github.com/DoTTak/Apache-OFBiz-1-Day-Analysis +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mr-xn/CVE-2024-32113 - https://github.com/RacerZ-fighting/CVE-2024-32113-POC - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/ahisec/nuclei-tps +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/ggfzx/CVE-2024-36104 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-36111.md b/2024/CVE-2024-36111.md index 113d9093c9..4aef26546c 100644 --- a/2024/CVE-2024-36111.md +++ b/2024/CVE-2024-36111.md @@ -13,7 +13,24 @@ KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, the - https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-8q5r-cvcw-4wx7 #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/Co5mos/nuclei-tps +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-36137.md b/2024/CVE-2024-36137.md new file mode 100644 index 0000000000..58315ce851 --- /dev/null +++ b/2024/CVE-2024-36137.md @@ -0,0 +1,17 @@ +### [CVE-2024-36137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36137) +![](https://img.shields.io/static/v1?label=Product&message=node&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=20.15.0%3C%3D%2020.15.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KshitijPatil08/Elevate-Task3 + diff --git a/2024/CVE-2024-36138.md b/2024/CVE-2024-36138.md new file mode 100644 index 0000000000..d3d7493be8 --- /dev/null +++ b/2024/CVE-2024-36138.md @@ -0,0 +1,17 @@ +### [CVE-2024-36138](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36138) +![](https://img.shields.io/static/v1?label=Product&message=node&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=18.20.3%3C%3D%2018.20.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tianstcht/tianstcht + diff --git a/2024/CVE-2024-36248.md b/2024/CVE-2024-36248.md new file mode 100644 index 0000000000..a6af5f02eb --- /dev/null +++ b/2024/CVE-2024-36248.md @@ -0,0 +1,18 @@ +### [CVE-2024-36248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36248) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20hard-coded%20credentials&color=brighgreen) + +### Description + +API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36251.md b/2024/CVE-2024-36251.md new file mode 100644 index 0000000000..dcaab96e62 --- /dev/null +++ b/2024/CVE-2024-36251.md @@ -0,0 +1,18 @@ +### [CVE-2024-36251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36251) +![](https://img.shields.io/static/v1?label=Product&message=Multiple%20MFPs%20(multifunction%20printers)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Sharp%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20See%20the%20information%20provided%20by%20Toshiba%20Tec%20Corporation%20listed%20under%20%5BReferences%5D%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20read&color=brighgreen) + +### Description + +The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. + +### POC + +#### Reference +- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3635.md b/2024/CVE-2024-3635.md new file mode 100644 index 0000000000..9d0b4c2e93 --- /dev/null +++ b/2024/CVE-2024-3635.md @@ -0,0 +1,17 @@ +### [CVE-2024-3635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3635) +![](https://img.shields.io/static/v1?label=Product&message=The%20Post%20Grid&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%207.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + +### POC + +#### Reference +- https://wpscan.com/vulnerability/63cbe5f4-fe0f-499f-a964-cf4fbedcfa25/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36383.md b/2024/CVE-2024-36383.md new file mode 100644 index 0000000000..c03e53b791 --- /dev/null +++ b/2024/CVE-2024-36383.md @@ -0,0 +1,17 @@ +### [CVE-2024-36383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36383) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage. + +### POC + +#### Reference +- https://servicedesk.logpoint.com/hc/en-us/articles/19128172110621-Arbitrary-file-deletion-through-URL-Injection-to-SAML-SSO-URL-Response + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3640.md b/2024/CVE-2024-3640.md index 78d44b8efd..7a3a9c697f 100644 --- a/2024/CVE-2024-3640.md +++ b/2024/CVE-2024-3640.md @@ -13,5 +13,7 @@ An unquoted executable path exists in the Rockwell Automation FactoryTalk® Rem No PoCs from references. #### Github +- https://github.com/H1ng007/CVE-2024-3640_WafBypass - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-36401.md b/2024/CVE-2024-36401.md index 208ebf7c2a..8820993947 100644 --- a/2024/CVE-2024-36401.md +++ b/2024/CVE-2024-36401.md @@ -1,11 +1,11 @@ ### [CVE-2024-36401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36401) ![](https://img.shields.io/static/v1?label=Product&message=geoserver&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.23.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.23.0%2C%20%3C%202.23.6%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-95%3A%20Improper%20Neutralization%20of%20Directives%20in%20Dynamically%20Evaluated%20Code%20('Eval%20Injection')&color=brighgreen) ### Description -GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.Versions 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed. +GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code.Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed. ### POC @@ -15,20 +15,72 @@ GeoServer is an open source server that allows users to share and edit geospatia - https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/0x0d3ad/CVE-2024-36401 +- https://github.com/12442RF/POC +- https://github.com/Chocapikk/CVE-2024-36401 +- https://github.com/Chocapikk/msf-exploit-collection - https://github.com/Co5mos/nuclei-tps +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mr-xn/CVE-2024-36401 - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Niuwoo/CVE-2024-36401 - https://github.com/Ostorlab/KEV +- https://github.com/RevoltSecurities/CVE-2024-36401 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/TrojanAZhen/Self_Back +- https://github.com/ViktorMares/geoserver-nuclei-template +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/XiaomingX/cve-2024-36401-poc - https://github.com/Y4tacker/JavaSec +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/ahisec/geoserver- - https://github.com/ahisec/nuclei-tps +- https://github.com/amoy6228/CVE-2024-36401_Geoserver_RCE_POC +- https://github.com/bigb0x/CVE-2024-36401 - https://github.com/bigblackhat/oFx +- https://github.com/bmth666/GeoServer-Tools-CVE-2024-36401 +- https://github.com/bright-angel/sec-repos +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/daniellowrie/CVE-2024-36401-PoC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/fliggyaa/fscanpoc +- https://github.com/funnyDog896/CVE-2024-36401-WoodpeckerPlugin +- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/holokitty/holokitty +- https://github.com/hsvhora/research_blogs +- https://github.com/iemotion/POC +- https://github.com/jakabakos/CVE-2024-36401-GeoServer-RCE +- https://github.com/justin-p/geoexplorer +- https://github.com/kkhackz0013/CVE-2024-36401 +- https://github.com/kkup8/geoserver +- https://github.com/laoa1573/wy876 +- https://github.com/lucagioacchini/auto-pen-bench +- https://github.com/netuseradministrator/CVE-2024-36401 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/onewinner/POCS +- https://github.com/oscarfonts/docker-geoserver +- https://github.com/paultheal1en/auto_pen_bench_web - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main +- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/punitdarji/GeoServer-CVE-2024-36401 +- https://github.com/sparktsao/auto-pen-bench-study +- https://github.com/taielab/awesome-hacking-lists - https://github.com/tanjiti/sec_profile +- https://github.com/whitebear-ch/GeoServerExploit - https://github.com/wy876/POC +- https://github.com/y1s4s/CVE-2024-36401-PoC - https://github.com/zgimszhd61/CVE-2024-36401 +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-36404.md b/2024/CVE-2024-36404.md index 53cb02d2e1..00a2e8d007 100644 --- a/2024/CVE-2024-36404.md +++ b/2024/CVE-2024-36404.md @@ -14,5 +14,6 @@ GeoTools is an open source Java library that provides tools for geospatial data. - https://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8w #### Github -No PoCs found on GitHub currently. +- https://github.com/Ostorlab/KEV +- https://github.com/whitebear-ch/GeoServerExploit diff --git a/2024/CVE-2024-36412.md b/2024/CVE-2024-36412.md index 6a67bf2446..9ff43c5c70 100644 --- a/2024/CVE-2024-36412.md +++ b/2024/CVE-2024-36412.md @@ -13,7 +13,24 @@ SuiteCRM is an open-source Customer Relationship Management (CRM) software appli No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/0x5001/public-vulnerabilities-cve +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-36416.md b/2024/CVE-2024-36416.md index 316aabdffa..3847f5c464 100644 --- a/2024/CVE-2024-36416.md +++ b/2024/CVE-2024-36416.md @@ -13,5 +13,6 @@ SuiteCRM is an open-source Customer Relationship Management (CRM) software appli No PoCs from references. #### Github +- https://github.com/kva55/CVE-2024-36416 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-36424.md b/2024/CVE-2024-36424.md index 8a986afa2a..3aca36ce50 100644 --- a/2024/CVE-2024-36424.md +++ b/2024/CVE-2024-36424.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/secunnix/CVE-2024-36424 diff --git a/2024/CVE-2024-36426.md b/2024/CVE-2024-36426.md index cdbd9c77e8..9aa966d551 100644 --- a/2024/CVE-2024-36426.md +++ b/2024/CVE-2024-36426.md @@ -10,7 +10,8 @@ In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is p ### POC #### Reference -No PoCs from references. +- https://community.targit.com/hc/en-us/articles/12618082416028-Change-Log-On-prem +- https://community.targit.com/hc/en-us/articles/16112758176156-Vulnerabilities #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-36427.md b/2024/CVE-2024-36427.md new file mode 100644 index 0000000000..c2e656ea47 --- /dev/null +++ b/2024/CVE-2024-36427.md @@ -0,0 +1,17 @@ +### [CVE-2024-36427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36427) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file. + +### POC + +#### Reference +- https://community.targit.com/hc/en-us/articles/16112758176156-Vulnerabilities + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36428.md b/2024/CVE-2024-36428.md index 33693eebcb..45e7997ff4 100644 --- a/2024/CVE-2024-36428.md +++ b/2024/CVE-2024-36428.md @@ -13,7 +13,24 @@ OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection. No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-36437.md b/2024/CVE-2024-36437.md new file mode 100644 index 0000000000..dc43bda9c3 --- /dev/null +++ b/2024/CVE-2024-36437.md @@ -0,0 +1,17 @@ +### [CVE-2024-36437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36437) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-36465.md b/2024/CVE-2024-36465.md new file mode 100644 index 0000000000..cf8c00aa99 --- /dev/null +++ b/2024/CVE-2024-36465.md @@ -0,0 +1,17 @@ +### [CVE-2024-36465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36465) +![](https://img.shields.io/static/v1?label=Product&message=Zabbix&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/milo2012/CVE-PoCs + diff --git a/2024/CVE-2024-36467.md b/2024/CVE-2024-36467.md new file mode 100644 index 0000000000..b3fc4a5ffc --- /dev/null +++ b/2024/CVE-2024-36467.md @@ -0,0 +1,18 @@ +### [CVE-2024-36467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36467) +![](https://img.shields.io/static/v1?label=Product&message=Zabbix&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen) + +### Description + +An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/igorbf495/CVE-2024-42327 +- https://github.com/saad0x1/Exploits + diff --git a/2024/CVE-2024-36469.md b/2024/CVE-2024-36469.md new file mode 100644 index 0000000000..8a18c382fc --- /dev/null +++ b/2024/CVE-2024-36469.md @@ -0,0 +1,17 @@ +### [CVE-2024-36469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36469) +![](https://img.shields.io/static/v1?label=Product&message=Zabbix&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-208%3A%20Observable%20Timing%20Discrepancy&color=brighgreen) + +### Description + +Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/milo2012/CVE-PoCs + diff --git a/2024/CVE-2024-36474.md b/2024/CVE-2024-36474.md new file mode 100644 index 0000000000..25b913af59 --- /dev/null +++ b/2024/CVE-2024-36474.md @@ -0,0 +1,17 @@ +### [CVE-2024-36474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36474) +![](https://img.shields.io/static/v1?label=Product&message=G%20Structured%20File%20Library%20(libgsf)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.14.52%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36476.md b/2024/CVE-2024-36476.md new file mode 100644 index 0000000000..3cf8168cad --- /dev/null +++ b/2024/CVE-2024-36476.md @@ -0,0 +1,17 @@ +### [CVE-2024-36476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36476) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=9cb837480424e78ed585376f944088246685aec3%3C%207eaa71f56a6f7ab87957213472dc6d4055862722%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:RDMA/rtrs: Ensure 'ib_sge list' is accessibleMove the declaration of the 'ib_sge list' variable outside the'always_invalidate' block to ensure it remains accessible for usethroughout the function.Previously, 'ib_sge list' was declared within the 'always_invalidate'block, limiting its accessibility, then caused a'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10This change ensures the variable is available for subsequent operationsthat require it.[1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/ + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oogasawa/Utility-security + diff --git a/2024/CVE-2024-36494.md b/2024/CVE-2024-36494.md new file mode 100644 index 0000000000..ecdc792550 --- /dev/null +++ b/2024/CVE-2024-36494.md @@ -0,0 +1,17 @@ +### [CVE-2024-36494](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36494) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36495.md b/2024/CVE-2024-36495.md index 4a65cd259f..167cfde53e 100644 --- a/2024/CVE-2024-36495.md +++ b/2024/CVE-2024-36495.md @@ -14,5 +14,5 @@ The application Faronics WINSelect (Standard + Enterprise) saves its configurat - https://r.sec-consult.com/winselect #### Github -No PoCs found on GitHub currently. +- https://github.com/Ekitji/siem diff --git a/2024/CVE-2024-36498.md b/2024/CVE-2024-36498.md new file mode 100644 index 0000000000..57e4607876 --- /dev/null +++ b/2024/CVE-2024-36498.md @@ -0,0 +1,17 @@ +### [CVE-2024-36498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36498) +![](https://img.shields.io/static/v1?label=Product&message=Scan2Net&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URLhttps://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apreThe stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 implemented a fix, but it could be bypassed via URL-encoding the Javascript payload again. + +### POC + +#### Reference +- https://r.sec-consult.com/imageaccess + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3651.md b/2024/CVE-2024-3651.md new file mode 100644 index 0000000000..e7e91ead29 --- /dev/null +++ b/2024/CVE-2024-3651.md @@ -0,0 +1,18 @@ +### [CVE-2024-3651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651) +![](https://img.shields.io/static/v1?label=Product&message=kjd%2Fidna&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%203.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GitHubForSnap/matrix-commander-gael +- https://github.com/rsys-fchaliss/hebe + diff --git a/2024/CVE-2024-36510.md b/2024/CVE-2024-36510.md new file mode 100644 index 0000000000..a276316176 --- /dev/null +++ b/2024/CVE-2024-36510.md @@ -0,0 +1,19 @@ +### [CVE-2024-36510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36510) +![](https://img.shields.io/static/v1?label=Product&message=FortiClientEMS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=FortiSOAR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%3D%207.2.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20disclosure&color=brighgreen) + +### Description + +An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/martinstnv/martinstnv + diff --git a/2024/CVE-2024-36514.md b/2024/CVE-2024-36514.md index 4f0447a0fe..9f04c53194 100644 --- a/2024/CVE-2024-36514.md +++ b/2024/CVE-2024-36514.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/minhgalaxy/CVE diff --git a/2024/CVE-2024-36515.md b/2024/CVE-2024-36515.md index e29604c675..a4c46cc1ef 100644 --- a/2024/CVE-2024-36515.md +++ b/2024/CVE-2024-36515.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/minhgalaxy/CVE diff --git a/2024/CVE-2024-36516.md b/2024/CVE-2024-36516.md index 9aa458a468..e5534dfda3 100644 --- a/2024/CVE-2024-36516.md +++ b/2024/CVE-2024-36516.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/minhgalaxy/CVE diff --git a/2024/CVE-2024-36517.md b/2024/CVE-2024-36517.md index 9881e40f4f..4ef7e22a20 100644 --- a/2024/CVE-2024-36517.md +++ b/2024/CVE-2024-36517.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/minhgalaxy/CVE diff --git a/2024/CVE-2024-36518.md b/2024/CVE-2024-36518.md new file mode 100644 index 0000000000..2cb0d4deec --- /dev/null +++ b/2024/CVE-2024-36518.md @@ -0,0 +1,17 @@ +### [CVE-2024-36518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36518) +![](https://img.shields.io/static/v1?label=Product&message=ADAudit%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%208110%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer's dashboard. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nhienit2010/nhienit2010 + diff --git a/2024/CVE-2024-36526.md b/2024/CVE-2024-36526.md index ee3d86818c..cfd9e62aa8 100644 --- a/2024/CVE-2024-36526.md +++ b/2024/CVE-2024-36526.md @@ -13,5 +13,5 @@ ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptograph - https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md #### Github -No PoCs found on GitHub currently. +- https://github.com/mrojz/ZKT-Bio-CVSecurity diff --git a/2024/CVE-2024-36535.md b/2024/CVE-2024-36535.md index dadb35d772..b7fba80720 100644 --- a/2024/CVE-2024-36535.md +++ b/2024/CVE-2024-36535.md @@ -13,5 +13,5 @@ Insecure permissions in meshery v0.7.51 allows attackers to access sensitive dat - https://gist.github.com/HouqiyuA/2950c3993cdeff23afcbd73ba7a33879 #### Github -No PoCs found on GitHub currently. +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-36539.md b/2024/CVE-2024-36539.md index f7fae0bb8e..b11a6180a2 100644 --- a/2024/CVE-2024-36539.md +++ b/2024/CVE-2024-36539.md @@ -13,5 +13,7 @@ Insecure permissions in contour v1.28.3 allows attackers to access sensitive dat - https://gist.github.com/HouqiyuA/c92f9ec979653dceeea947afd0b47a80 #### Github +- https://github.com/Abdurahmon3236/CVE-2024-36539 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-36540.md b/2024/CVE-2024-36540.md index 954df23e8d..1bc349b525 100644 --- a/2024/CVE-2024-36540.md +++ b/2024/CVE-2024-36540.md @@ -13,5 +13,5 @@ Insecure permissions in external-secrets v0.9.16 allows attackers to access sens - https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a #### Github -No PoCs found on GitHub currently. +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-3656.md b/2024/CVE-2024-3656.md new file mode 100644 index 0000000000..6394267605 --- /dev/null +++ b/2024/CVE-2024-3656.md @@ -0,0 +1,20 @@ +### [CVE-2024-3656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3656) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h4x0r-dz/CVE-2024-3656 +- https://github.com/hnsecurity/vulns + diff --git a/2024/CVE-2024-3657.md b/2024/CVE-2024-3657.md index 38cd303e0b..743412a669 100644 --- a/2024/CVE-2024-3657.md +++ b/2024/CVE-2024-3657.md @@ -1,6 +1,9 @@ ### [CVE-2024-3657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3657) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.5%20E4S%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.7%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.8%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.9%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2012.2%20EUS%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2012.4%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) diff --git a/2024/CVE-2024-36587.md b/2024/CVE-2024-36587.md index 8a77e48049..b31ac27d8d 100644 --- a/2024/CVE-2024-36587.md +++ b/2024/CVE-2024-36587.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/go-compile/security-advisories +- https://github.com/meeeeing/CVE-2024-36587 +- https://github.com/plzheheplztrying/cve_monitor diff --git a/2024/CVE-2024-36597.md b/2024/CVE-2024-36597.md index dcfc816710..c09a19fc58 100644 --- a/2024/CVE-2024-36597.md +++ b/2024/CVE-2024-36597.md @@ -13,7 +13,26 @@ Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AslamMahi/AslamMahi +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC +- https://github.com/kaliankhe/Aslam-mahi +- https://github.com/kaliankhe/kaliankhe +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-36598.md b/2024/CVE-2024-36598.md index 2a891201d5..c6a2e514e4 100644 --- a/2024/CVE-2024-36598.md +++ b/2024/CVE-2024-36598.md @@ -13,5 +13,8 @@ An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to ex - https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36598 #### Github +- https://github.com/AslamMahi/AslamMahi +- https://github.com/kaliankhe/Aslam-mahi +- https://github.com/kaliankhe/kaliankhe - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-36599.md b/2024/CVE-2024-36599.md new file mode 100644 index 0000000000..21695f0fc6 --- /dev/null +++ b/2024/CVE-2024-36599.md @@ -0,0 +1,19 @@ +### [CVE-2024-36599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36599) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AslamMahi/AslamMahi +- https://github.com/kaliankhe/Aslam-mahi +- https://github.com/kaliankhe/kaliankhe + diff --git a/2024/CVE-2024-3660.md b/2024/CVE-2024-3660.md index 2950ab97e2..56536b5a26 100644 --- a/2024/CVE-2024-3660.md +++ b/2024/CVE-2024-3660.md @@ -15,5 +15,8 @@ A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) - https://www.kb.cert.org/vuls/id/253266 #### Github -No PoCs found on GitHub currently. +- https://github.com/AndyVillegas/tensorflow-hdf5-rce-poc +- https://github.com/ShenaoW/awesome-llm-supply-chain-security +- https://github.com/aaryanbhujang/CVE-2024-3660-PoC +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-3661.md b/2024/CVE-2024-3661.md index d74d01eed1..c6e8bf301d 100644 --- a/2024/CVE-2024-3661.md +++ b/2024/CVE-2024-3661.md @@ -16,12 +16,14 @@ DHCP can add routes to a client’s routing table via the classless static route - https://www.leviathansecurity.com/research/tunnelvision #### Github +- https://github.com/Roundthe-clock/CVE-2024-3661VPN - https://github.com/a1xbit/DecloakingVPN - https://github.com/apiverve/news-API - https://github.com/bollwarm/SecToolSet - https://github.com/cyberspatiallabs/TunnelVision - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/giterlizzi/secdb-feeds +- https://github.com/i386x/pubdocs - https://github.com/leviathansecurity/TunnelVision - https://github.com/superit23/arcanetrickster - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-36623.md b/2024/CVE-2024-36623.md new file mode 100644 index 0000000000..b8b31a88b2 --- /dev/null +++ b/2024/CVE-2024-36623.md @@ -0,0 +1,17 @@ +### [CVE-2024-36623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36623) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ghostbyt3/patch-tuesday + diff --git a/2024/CVE-2024-36694.md b/2024/CVE-2024-36694.md new file mode 100644 index 0000000000..cedc7dc00d --- /dev/null +++ b/2024/CVE-2024-36694.md @@ -0,0 +1,17 @@ +### [CVE-2024-36694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36694) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. + +### POC + +#### Reference +- https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36728.md b/2024/CVE-2024-36728.md new file mode 100644 index 0000000000..a48bb46d94 --- /dev/null +++ b/2024/CVE-2024-36728.md @@ -0,0 +1,17 @@ +### [CVE-2024-36728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36728) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/HouseFuzz/reports + diff --git a/2024/CVE-2024-36729.md b/2024/CVE-2024-36729.md new file mode 100644 index 0000000000..244712e8b2 --- /dev/null +++ b/2024/CVE-2024-36729.md @@ -0,0 +1,17 @@ +### [CVE-2024-36729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36729) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/HouseFuzz/reports + diff --git a/2024/CVE-2024-3673.md b/2024/CVE-2024-3673.md index 435bdfb32d..2206318f85 100644 --- a/2024/CVE-2024-3673.md +++ b/2024/CVE-2024-3673.md @@ -13,5 +13,7 @@ The Web Directory Free WordPress plugin before 1.7.3 does not validate a paramet - https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/ #### Github -No PoCs found on GitHub currently. +- https://github.com/JubinBlack/Disobey25 +- https://github.com/Nxploited/CVE-2024-3673 +- https://github.com/tranphuc2005/Exploit_Wordpress diff --git a/2024/CVE-2024-36814.md b/2024/CVE-2024-36814.md new file mode 100644 index 0000000000..ea8b2ab19b --- /dev/null +++ b/2024/CVE-2024-36814.md @@ -0,0 +1,17 @@ +### [CVE-2024-36814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36814) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. + +### POC + +#### Reference +- https://happy-little-accidents.pages.dev/posts/CVE-2024-36814/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36821.md b/2024/CVE-2024-36821.md index 13c1ce3241..ea4ddcd50d 100644 --- a/2024/CVE-2024-36821.md +++ b/2024/CVE-2024-36821.md @@ -13,5 +13,6 @@ Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows atta - https://github.com/IvanGlinkin/CVE-2024-36821 #### Github +- https://github.com/IvanGlinkin/CVE-2024-36821 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-36823.md b/2024/CVE-2024-36823.md new file mode 100644 index 0000000000..04b4ebf91f --- /dev/null +++ b/2024/CVE-2024-36823.md @@ -0,0 +1,17 @@ +### [CVE-2024-36823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36823) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JAckLosingHeart/CVE-2024-36823-POC + diff --git a/2024/CVE-2024-36837.md b/2024/CVE-2024-36837.md index b7a4b11a34..f1b9ebe7b6 100644 --- a/2024/CVE-2024-36837.md +++ b/2024/CVE-2024-36837.md @@ -13,6 +13,7 @@ SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain - https://github.com/phtcloud-dev/CVE-2024-36837 #### Github +- https://github.com/lhc321-source/CVE-2024-36837 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/phtcloud-dev/CVE-2024-36837 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-36840.md b/2024/CVE-2024-36840.md index 435128022d..29c677d37d 100644 --- a/2024/CVE-2024-36840.md +++ b/2024/CVE-2024-36840.md @@ -17,4 +17,5 @@ SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a rem #### Github - https://github.com/InfoSec-DB/InfoSec-DB +- https://github.com/theexploiters/CVE-2024-36840-Exploit diff --git a/2024/CVE-2024-36842.md b/2024/CVE-2024-36842.md new file mode 100644 index 0000000000..42e9382188 --- /dev/null +++ b/2024/CVE-2024-36842.md @@ -0,0 +1,20 @@ +### [CVE-2024-36842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36842) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/abbiy/Backdooring-Oncord-Android-Sterio- +- https://github.com/abbiy/CVE-2024-36842-Backdooring-Oncord-Android-Sterio- +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-36877.md b/2024/CVE-2024-36877.md index 048cec56ee..a3a58e4928 100644 --- a/2024/CVE-2024-36877.md +++ b/2024/CVE-2024-36877.md @@ -13,5 +13,8 @@ Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-seri - https://jjensn.com/at-home-in-your-firmware/ #### Github +- https://github.com/CERTologists/POC-CVE-2024-36877 +- https://github.com/jjensn/CVE-2024-36877 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-36886.md b/2024/CVE-2024-36886.md index 69ec72b714..4bc7eff453 100644 --- a/2024/CVE-2024-36886.md +++ b/2024/CVE-2024-36886.md @@ -20,5 +20,6 @@ In the Linux kernel, the following vulnerability has been resolved:tipc: fix UAF - https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682 #### Github -No PoCs found on GitHub currently. +- https://github.com/abubakar-shahid/CVE-2024-36886 +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2024/CVE-2024-36899.md b/2024/CVE-2024-36899.md new file mode 100644 index 0000000000..de0e8a4c28 --- /dev/null +++ b/2024/CVE-2024-36899.md @@ -0,0 +1,17 @@ +### [CVE-2024-36899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36899) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=51c1064e82e77b39a49889287ca50709303e2f26%3C%202dfbb920a89bdc58087672ad5325dc6c588b6860%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:gpiolib: cdev: Fix use after free in lineinfo_changed_notifyThe use-after-free issue occurs as follows: when the GPIO chip device fileis being closed by invoking gpio_chrdev_release(), watched_lines is freedby bitmap_free(), but the unregistration of lineinfo_changed_nb notifierchain failed due to waiting write rwsem. Additionally, one of the GPIOchip's lines is also in the release process and holds the notifier chain'sread rwsem. Consequently, a race condition leads to the use-after-free ofwatched_lines.Here is the typical stack when issue happened:[free]gpio_chrdev_release() --> bitmap_free(cdev->watched_lines) <-- freed --> blocking_notifier_chain_unregister() --> down_write(&nh->rwsem) <-- waiting rwsem --> __down_write_common() --> rwsem_down_write_slowpath() --> schedule_preempt_disabled() --> schedule()[use]st54spi_gpio_dev_release() --> gpio_free() --> gpiod_free() --> gpiod_free_commit() --> gpiod_line_state_notify() --> blocking_notifier_call_chain() --> down_read(&nh->rwsem); <-- held rwsem --> notifier_call_chain() --> lineinfo_changed_notify() --> test_bit(xxxx, cdev->watched_lines) <-- use after freeThe side effect of the use-after-free issue is that a GPIO line event isbeing generated for userspace where it shouldn't. However, since the chrdevis being closed, userspace won't have the chance to read that event anyway.To fix the issue, call the bitmap_free() function after the unregistrationof lineinfo_changed_nb notifier chain. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-3690.md b/2024/CVE-2024-3690.md index b4989d61ec..c4129aa373 100644 --- a/2024/CVE-2024-3690.md +++ b/2024/CVE-2024-3690.md @@ -16,4 +16,5 @@ A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Af #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/psudo-bugboy/CVE-2024 +- https://github.com/taeseongk/CVE-2024-3690 diff --git a/2024/CVE-2024-36904.md b/2024/CVE-2024-36904.md new file mode 100644 index 0000000000..fefbd3c8ea --- /dev/null +++ b/2024/CVE-2024-36904.md @@ -0,0 +1,18 @@ +### [CVE-2024-36904](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=ec94c2696f0b%3C%2084546cc1aeeb%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique()with nice analysis.Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation fortimewait hashdance"), inet_twsk_hashdance() sets TIME-WAIT socket'ssk_refcnt after putting it into ehash and releasing the bucket lock.Thus, there is a small race window where other threads could try toreuse the port during connect() and call sock_hold() in tcp_twsk_unique()for the TIME-WAIT socket with zero refcnt.If that happens, the refcnt taken by tcp_twsk_unique() is overwrittenand sock_put() will cause underflow, triggering a real use-after-freesomewhere else.To avoid the use-after-free, we need to use refcount_inc_not_zero() intcp_twsk_unique() and give up on reusing the port if it returns false.[0]:refcount_t: addition on 0; use-after-free.WARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110CPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023RIP: 0010:refcount_warn_saturate+0xe5/0x110Code: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff <0f> 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8RSP: 0018:ffffc90006b43b60 EFLAGS: 00010282RAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027RDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0RBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0R10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84R13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0FS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0PKRU: 55555554Call Trace: ? refcount_warn_saturate+0xe5/0x110 ? __warn+0x81/0x130 ? refcount_warn_saturate+0xe5/0x110 ? report_bug+0x171/0x1a0 ? refcount_warn_saturate+0xe5/0x110 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? refcount_warn_saturate+0xe5/0x110 tcp_twsk_unique+0x186/0x190 __inet_check_established+0x176/0x2d0 __inet_hash_connect+0x74/0x7d0 ? __pfx___inet_check_established+0x10/0x10 tcp_v4_connect+0x278/0x530 __inet_stream_connect+0x10f/0x3d0 inet_stream_connect+0x3a/0x60 __sys_connect+0xa8/0xd0 __x64_sys_connect+0x18/0x20 do_syscall_64+0x83/0x170 entry_SYSCALL_64_after_hwframe+0x78/0x80RIP: 0033:0x7f62c11a885dCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48RSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002aRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885dRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003RBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0R13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/alleleintel/research +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-36908.md b/2024/CVE-2024-36908.md new file mode 100644 index 0000000000..60a91840ff --- /dev/null +++ b/2024/CVE-2024-36908.md @@ -0,0 +1,17 @@ +### [CVE-2024-36908](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36908) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7caa47151ab2e644dd221f741ec7578d9532c9a3%3C%2056a9d07f427378eeb75b917bb49c6fbea8204126%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:blk-iocost: do not WARN if iocg was already offlinedIn iocg_pay_debt(), warn is triggered if 'active_list' is empty, whichis intended to confirm iocg is active when it has debt. However, warncan be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn()is run at that time: WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190 Call trace: iocg_pay_debt+0x14c/0x190 iocg_kick_waitq+0x438/0x4c0 iocg_waitq_timer_fn+0xd8/0x130 __run_hrtimer+0x144/0x45c __hrtimer_run_queues+0x16c/0x244 hrtimer_interrupt+0x2cc/0x7b0The warn in this situation is meaningless. Since this iocg is beingremoved, the state of the 'active_list' is irrelevant, and 'waitq_timer'is canceled after removing 'active_list' in ioc_pd_free(), which ensuresiocg is freed after iocg_waitq_timer_fn() returns.Therefore, add the check if iocg was already offlined to avoid warnwhen removing a blkcg or disk. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-36913.md b/2024/CVE-2024-36913.md new file mode 100644 index 0000000000..8e318a0f00 --- /dev/null +++ b/2024/CVE-2024-36913.md @@ -0,0 +1,17 @@ +### [CVE-2024-36913](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36913) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%206123a4e8e25b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:Drivers: hv: vmbus: Leak pages if set_memory_encrypted() failsIn CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memory is shared. Callers need totake care to handle these errors to avoid returning decrypted (shared)memory to the page allocator, which could lead to functional or securityissues.VMBus code could free decrypted pages if set_memory_encrypted()/decrypted()fails. Leak the pages if this happens. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-36971.md b/2024/CVE-2024-36971.md index 395b61691b..d7410f5dde 100644 --- a/2024/CVE-2024-36971.md +++ b/2024/CVE-2024-36971.md @@ -13,6 +13,7 @@ In the Linux kernel, the following vulnerability has been resolved:net: fix __ds No PoCs from references. #### Github +- https://github.com/bygregonline/devsec-fastapi-report - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-36974.md b/2024/CVE-2024-36974.md new file mode 100644 index 0000000000..c4e4af0227 --- /dev/null +++ b/2024/CVE-2024-36974.md @@ -0,0 +1,17 @@ +### [CVE-2024-36974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36974) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=a3d43c0d56f1%3C%20c6041e712446%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAPIf one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,taprio_parse_mqprio_opt() must validate it, or userspacecan inject arbitrary data to the kernel, the second timetaprio_change() is called.First call (with valid attributes) sets dev->num_tcto a non zero value.Second call (with arbitrary mqprio attributes)returns early from taprio_parse_mqprio_opt()and bad things can happen. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-36978.md b/2024/CVE-2024-36978.md new file mode 100644 index 0000000000..e51271bd0e --- /dev/null +++ b/2024/CVE-2024-36978.md @@ -0,0 +1,17 @@ +### [CVE-2024-36978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=c2999f7fb05b%3C%20d5d9d241786f%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net: sched: sch_multiq: fix possible OOB write in multiq_tune()q->bands will be assigned to qopt->bands to execute subsequent code logicafter kmalloc. So the old q->bands should not be used in kmalloc.Otherwise, an out-of-bounds write will occur. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-36991.md b/2024/CVE-2024-36991.md index 444ddccaa8..75dba2e2eb 100644 --- a/2024/CVE-2024-36991.md +++ b/2024/CVE-2024-36991.md @@ -14,7 +14,30 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve +- https://github.com/12442RF/POC +- https://github.com/Cappricio-Securities/CVE-2024-36991 +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Mr-xn/CVE-2024-36991 +- https://github.com/MrR0b0t19/SplunkVuln - https://github.com/Ostorlab/KEV +- https://github.com/TheStingR/CVE-2024-36991-Tool +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/Zin0D/CVE-2024-36991 +- https://github.com/adysec/POC +- https://github.com/bigb0x/CVE-2024-36991 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/fcoomans/HTB-machines +- https://github.com/gunzf0x/CVE-2024-36991 +- https://github.com/jaytiwari05/CVE-2024-36991 +- https://github.com/laoa1573/wy876 +- https://github.com/lineeralgebra/My-Favorite-Boxes - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/onewinner/POCS +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/sardine-web/CVE-2024-36991 +- https://github.com/th3gokul/CVE-2024-36991 diff --git a/2024/CVE-2024-37032.md b/2024/CVE-2024-37032.md index 3d15915cba..bec9f081cd 100644 --- a/2024/CVE-2024-37032.md +++ b/2024/CVE-2024-37032.md @@ -13,9 +13,25 @@ Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 - https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-tale-of-a-yet-another-rce-vulnerability-cve-2024-37032 #### Github +- https://github.com/Bi0x/CVE-2024-37032 +- https://github.com/Catgirls-Corporation/ollama_on-prem - https://github.com/Hatcat123/my_stars +- https://github.com/J1ezds/Vulnerability-Wiki-page - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV +- https://github.com/ParisNeo/ollama_proxy_server +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/a1batr0ssG/VulhubExpand +- https://github.com/ahboon/CVE-2024-37032-scanner +- https://github.com/badboy0/Ollama_Exploit_Tool +- https://github.com/dansarmiento/ollama_sql_runner +- https://github.com/honysyang/eleaipoc +- https://github.com/lucky-tensor/inferno - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pankass/CVE-2024-37032_CVE-2024-45436 +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/tanjiti/sec_profile +- https://github.com/wowtalon/LLM-Security diff --git a/2024/CVE-2024-37051.md b/2024/CVE-2024-37051.md index 34a0cbfc60..5911686507 100644 --- a/2024/CVE-2024-37051.md +++ b/2024/CVE-2024-37051.md @@ -31,5 +31,6 @@ No PoCs from references. #### Github - https://github.com/LeadroyaL/CVE-2024-37051-EXP +- https://github.com/mrblackstar26/CVE-2024-37051 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37052.md b/2024/CVE-2024-37052.md new file mode 100644 index 0000000000..1397c7ef08 --- /dev/null +++ b/2024/CVE-2024-37052.md @@ -0,0 +1,18 @@ +### [CVE-2024-37052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37052) +![](https://img.shields.io/static/v1?label=Product&message=MLflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.1.0%3C%3D%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/averinaleks/bot +- https://github.com/thehalvo/homeostasis + diff --git a/2024/CVE-2024-37054.md b/2024/CVE-2024-37054.md new file mode 100644 index 0000000000..f75fc10312 --- /dev/null +++ b/2024/CVE-2024-37054.md @@ -0,0 +1,18 @@ +### [CVE-2024-37054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37054) +![](https://img.shields.io/static/v1?label=Product&message=MLflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.9.0%3C%3D%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NiteeshPujari/CVE-2024-37054-MLflow-RCE +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-37060.md b/2024/CVE-2024-37060.md new file mode 100644 index 0000000000..4734000190 --- /dev/null +++ b/2024/CVE-2024-37060.md @@ -0,0 +1,17 @@ +### [CVE-2024-37060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37060) +![](https://img.shields.io/static/v1?label=Product&message=MLflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.27.0%3C%3D%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/thehalvo/homeostasis + diff --git a/2024/CVE-2024-37079.md b/2024/CVE-2024-37079.md index 3b3a8875f7..4f51658989 100644 --- a/2024/CVE-2024-37079.md +++ b/2024/CVE-2024-37079.md @@ -15,6 +15,8 @@ vCenter Server contains a heap-overflow vulnerability in the implementation of t No PoCs from references. #### Github +- https://github.com/0xAj-Krishna/biggest-hack +- https://github.com/UGF0aWVudF9aZXJv/VMWare-Pentesting - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-37080.md b/2024/CVE-2024-37080.md index c00a0f38e7..6768bb40b4 100644 --- a/2024/CVE-2024-37080.md +++ b/2024/CVE-2024-37080.md @@ -15,5 +15,7 @@ vCenter Server contains a heap-overflow vulnerability in the implementation of t No PoCs from references. #### Github +- https://github.com/0xAj-Krishna/biggest-hack +- https://github.com/UGF0aWVudF9aZXJv/VMWare-Pentesting - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-37081.md b/2024/CVE-2024-37081.md index 294dfae4a2..efa3b36c6a 100644 --- a/2024/CVE-2024-37081.md +++ b/2024/CVE-2024-37081.md @@ -15,6 +15,10 @@ The vCenter Server contains multiple local privilege escalation vulnerabilities No PoCs from references. #### Github +- https://github.com/CERTologists/Modified-CVE-2024-37081-POC +- https://github.com/Mr-r00t11/CVE-2024-37081 +- https://github.com/UGF0aWVudF9aZXJv/VMWare-Pentesting +- https://github.com/mbadanoiu/CVE-2024-37081 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-37084.md b/2024/CVE-2024-37084.md index 9cf921a325..24e711e5c2 100644 --- a/2024/CVE-2024-37084.md +++ b/2024/CVE-2024-37084.md @@ -13,6 +13,14 @@ In Spring Cloud Data Flow versions prior to 2.11.4,  a malicious user who has No PoCs from references. #### Github +- https://github.com/A0be/CVE-2024-37084-Exp +- https://github.com/AlienTec1908/Mathdop_HackMyVM_Easy +- https://github.com/Kayiyan/CVE-2024-37084-Poc +- https://github.com/Ly4j/CVE-2024-37084-Exp - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Threekiii/CVE +- https://github.com/XiaomingX/cve-2024-37084-Poc - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/vuhz/CVE-2024-37084 diff --git a/2024/CVE-2024-37085.md b/2024/CVE-2024-37085.md index 26f464c45e..6111327b46 100644 --- a/2024/CVE-2024-37085.md +++ b/2024/CVE-2024-37085.md @@ -15,8 +15,11 @@ VMware ESXi contains an authentication bypass vulnerability. A malicious actor No PoCs from references. #### Github +- https://github.com/WTN-arny/CVE-2024-37085 +- https://github.com/WTN-arny/Vmware-ESXI - https://github.com/gokupwn/pushMyResources - https://github.com/h0bbel/h0bbel +- https://github.com/mahmutaymahmutay/CVE-2024-37085 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-37091.md b/2024/CVE-2024-37091.md index afef24551a..c0fd3d7634 100644 --- a/2024/CVE-2024-37091.md +++ b/2024/CVE-2024-37091.md @@ -1,11 +1,12 @@ ### [CVE-2024-37091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37091) ![](https://img.shields.io/static/v1?label=Product&message=Consulting%20Elementor%20Widgets&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Masterstudy%20Elementor%20Widgets&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) ### Description -Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. +Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. ### POC diff --git a/2024/CVE-2024-37147.md b/2024/CVE-2024-37147.md index dd64f1f95c..731a766e4e 100644 --- a/2024/CVE-2024-37147.md +++ b/2024/CVE-2024-37147.md @@ -13,5 +13,6 @@ GLPI is an open-source asset and IT management software package that provides IT No PoCs from references. #### Github +- https://github.com/0xmupa/CVE-2024-37147-PoC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37148.md b/2024/CVE-2024-37148.md new file mode 100644 index 0000000000..2693e16633 --- /dev/null +++ b/2024/CVE-2024-37148.md @@ -0,0 +1,17 @@ +### [CVE-2024-37148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37148) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.84%2C%20%3C%2010.0.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Orange-Cyberdefense/glpwnme + diff --git a/2024/CVE-2024-37149.md b/2024/CVE-2024-37149.md new file mode 100644 index 0000000000..0587ca05d6 --- /dev/null +++ b/2024/CVE-2024-37149.md @@ -0,0 +1,18 @@ +### [CVE-2024-37149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37149) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.85%2C%20%3C%2010.0.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%3A%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) + +### Description + +GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Orange-Cyberdefense/CVE-repository +- https://github.com/Orange-Cyberdefense/glpwnme + diff --git a/2024/CVE-2024-37168.md b/2024/CVE-2024-37168.md new file mode 100644 index 0000000000..7544d9a53b --- /dev/null +++ b/2024/CVE-2024-37168.md @@ -0,0 +1,17 @@ +### [CVE-2024-37168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37168) +![](https://img.shields.io/static/v1?label=Product&message=grpc-node&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.10.0%2C%20%3C%201.10.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-789%3A%20Memory%20Allocation%20with%20Excessive%20Size%20Value&color=brighgreen) + +### Description + +@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MayurManjrekar/DevSecOps-Demo + diff --git a/2024/CVE-2024-3721.md b/2024/CVE-2024-3721.md index ff06410a86..e5af84bc91 100644 --- a/2024/CVE-2024-3721.md +++ b/2024/CVE-2024-3721.md @@ -15,5 +15,13 @@ A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classi - https://vuldb.com/?id.260573 #### Github -No PoCs found on GitHub currently. +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/adysec/POC +- https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-3727.md b/2024/CVE-2024-3727.md index 42b63f1404..325ee0b29d 100644 --- a/2024/CVE-2024-3727.md +++ b/2024/CVE-2024-3727.md @@ -1,29 +1,33 @@ ### [CVE-2024-3727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727) -![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Containers&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Multicluster%20Engine%20for%20Kubernetes&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20API%20for%20Data%20Protection&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OADP-1.3-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Developer%20Tools%20and%20Services&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Source-to-Image%20(S2I)%20Builder%20Image&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Source-to-Image%20(S2I)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=RHEL-9-CNV-4.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Management%20for%20Kubernetes%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%203&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Security%204.5&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%201.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Migration%20Toolkit%20for%20Containers%201.8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%203.11&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.14&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.17&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.18&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%20Assisted%20Installer&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Dev%20Spaces&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Virtualization%204&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.2&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20sandboxed%20containers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Sandboxed%20Containers&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Quay%203&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Validation%20of%20Integrity%20Check%20Value&color=brighgreen) @@ -39,4 +43,5 @@ No PoCs from references. #### Github - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/ghostbyt3/patch-tuesday diff --git a/2024/CVE-2024-37285.md b/2024/CVE-2024-37285.md new file mode 100644 index 0000000000..21c52073b0 --- /dev/null +++ b/2024/CVE-2024-37285.md @@ -0,0 +1,17 @@ +### [CVE-2024-37285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37285) +![](https://img.shields.io/static/v1?label=Product&message=Kibana&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.10.0%3C%3D%208.15.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv  and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html  assigned to them.The following Elasticsearch indices permissions are required * write privilege on the system indices .kibana_ingest* * The allow_restricted_indices flag is set to trueAny of the following Kibana privileges are additionally required * Under Fleet the All privilege is granted * Under Integration the Read or All privilege is granted * Access to the fleet-setup privilege is gained through the Fleet Server’s service account token + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Threekiii/CVE + diff --git a/2024/CVE-2024-37287.md b/2024/CVE-2024-37287.md index 796eadfc1c..041047988f 100644 --- a/2024/CVE-2024-37287.md +++ b/2024/CVE-2024-37287.md @@ -13,6 +13,7 @@ A flaw allowing arbitrary code execution was discovered in Kibana. An attacker w No PoCs from references. #### Github +- https://github.com/Threekiii/CVE - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-37288.md b/2024/CVE-2024-37288.md new file mode 100644 index 0000000000..ea592f065d --- /dev/null +++ b/2024/CVE-2024-37288.md @@ -0,0 +1,17 @@ +### [CVE-2024-37288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37288) +![](https://img.shields.io/static/v1?label=Product&message=Kibana&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%208.15.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Security’s built-in AI tools https://www.elastic.co/guide/en/security/current/ai-for-security.html  and have configured an Amazon Bedrock connector https://www.elastic.co/guide/en/security/current/assistant-connect-to-bedrock.html . + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Threekiii/CVE + diff --git a/2024/CVE-2024-37301.md b/2024/CVE-2024-37301.md index 8cd6d94da7..1b8643e23e 100644 --- a/2024/CVE-2024-37301.md +++ b/2024/CVE-2024-37301.md @@ -13,5 +13,5 @@ Document Merge Service is a document template merge service providing an API to - https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6 #### Github -No PoCs found on GitHub currently. +- https://github.com/c0rydoras/cves diff --git a/2024/CVE-2024-37334.md b/2024/CVE-2024-37334.md new file mode 100644 index 0000000000..4401ae008f --- /dev/null +++ b/2024/CVE-2024-37334.md @@ -0,0 +1,27 @@ +### [CVE-2024-37334](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37334) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20OLE%20DB%20Driver%2018%20for%20SQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20OLE%20DB%20Driver%2019%20for%20SQL%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SQL%20Server%202019%20(GDR)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SQL%20Server%202019%20for%20x64-based%20Systems%20(CU%2027)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SQL%20Server%202022%20(GDR)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SQL%20Server%202022%20for%20(CU%2013)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=15.0.0%3C%2015.0.2116.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=15.0.0%3C%2015.0.4382.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.1121.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.4131.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=18.0.0%3C%2018.7.0004.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=19.0.0%3C%2019.3.0005.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/north-vuln-intel/nvi-api-documentation + diff --git a/2024/CVE-2024-37359.md b/2024/CVE-2024-37359.md new file mode 100644 index 0000000000..62de2ec353 --- /dev/null +++ b/2024/CVE-2024-37359.md @@ -0,0 +1,19 @@ +### [CVE-2024-37359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37359) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Data%20Integration%20%26%20Analytics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0%3C%2010.2.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918)  Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not validate the Host header of incoming HTTP/HTTPS requests. By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/34296789835917--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Server-Side-Request-Forgery-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-37359 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37360.md b/2024/CVE-2024-37360.md new file mode 100644 index 0000000000..03f10c55b9 --- /dev/null +++ b/2024/CVE-2024-37360.md @@ -0,0 +1,19 @@ +### [CVE-2024-37360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37360) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Data%20Integration%20%26%20Analytics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0%3C%2010.2.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')  The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79) Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.0 and 9.3.0.9, including 8.3.x, allow a malicious URL to inject content into the Analyzer plugin interface. Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/34298351866893--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Improper-Neutralization-of-Input-During-Web-Page-Generation-Cross-site-Scripting-CVE-2024-37360 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37361.md b/2024/CVE-2024-37361.md new file mode 100644 index 0000000000..5924f140b8 --- /dev/null +++ b/2024/CVE-2024-37361.md @@ -0,0 +1,19 @@ +### [CVE-2024-37361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37361) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Data%20Integration%20%26%20Analytics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0%3C%2010.2.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods. When developers place no restrictions on "gadget chains," or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/34299135441805--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Deserialization-of-Untrusted-Data-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-37361 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37362.md b/2024/CVE-2024-37362.md new file mode 100644 index 0000000000..d05d6c07f1 --- /dev/null +++ b/2024/CVE-2024-37362.md @@ -0,0 +1,19 @@ +### [CVE-2024-37362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37362) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Data%20Integration%20%26%20Analytics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0%3C%2010.2.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen) + +### Description + +The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)  Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift. Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/34296552220941--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Insufficiently-Protected-Credentials-Versions-before-10-2-0-0-and-9-3-0-8-including-8-3-x-Impacted-CVE-2024-37362 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37363.md b/2024/CVE-2024-37363.md new file mode 100644 index 0000000000..239e901b3f --- /dev/null +++ b/2024/CVE-2024-37363.md @@ -0,0 +1,19 @@ +### [CVE-2024-37363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37363) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Business%20Analytics%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Pentaho%20Data%20Integration%20%26%20Analytics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%209.3.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0%3C%2010.2.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source management service.When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service. + +### POC + +#### Reference +- https://support.pentaho.com/hc/en-us/articles/34296230504589--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Incorrect-Authorization-Versions-before-10-2-0-0-and-9-3-0-8-including-8-3-x-Impacted-CVE-2024-37363 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37371.md b/2024/CVE-2024-37371.md new file mode 100644 index 0000000000..fb5b296ffb --- /dev/null +++ b/2024/CVE-2024-37371.md @@ -0,0 +1,17 @@ +### [CVE-2024-37371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Dgporte/ExerciciosDockerPB2025 + diff --git a/2024/CVE-2024-37382.md b/2024/CVE-2024-37382.md index 4d9d347ddf..28071cc970 100644 --- a/2024/CVE-2024-37382.md +++ b/2024/CVE-2024-37382.md @@ -13,5 +13,5 @@ An issue discovered in import host feature in Ab Initio Metadata Hub and Authori - https://www.abinitio.com/en/security-advisories/ab-2024-003/ #### Github -No PoCs found on GitHub currently. +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-37383.md b/2024/CVE-2024-37383.md new file mode 100644 index 0000000000..fa8e7bb595 --- /dev/null +++ b/2024/CVE-2024-37383.md @@ -0,0 +1,19 @@ +### [CVE-2024-37383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/amirzargham/CVE-2024-37383-exploit +- https://github.com/bartfroklage/CVE-2024-37383-POC + diff --git a/2024/CVE-2024-37393.md b/2024/CVE-2024-37393.md index f3fcbd630b..4bdc923b09 100644 --- a/2024/CVE-2024-37393.md +++ b/2024/CVE-2024-37393.md @@ -14,4 +14,5 @@ Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/noways-io/securenvoy-cve-2024-37393 diff --git a/2024/CVE-2024-37397.md b/2024/CVE-2024-37397.md new file mode 100644 index 0000000000..83111c855d --- /dev/null +++ b/2024/CVE-2024-37397.md @@ -0,0 +1,17 @@ +### [CVE-2024-37397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37397) +![](https://img.shields.io/static/v1?label=Product&message=EPM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2024%20September%20Security%20Update%3C%202024%20September%20Security%20Update%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pwnfuzz/POCs + diff --git a/2024/CVE-2024-37404.md b/2024/CVE-2024-37404.md new file mode 100644 index 0000000000..d24e853cef --- /dev/null +++ b/2024/CVE-2024-37404.md @@ -0,0 +1,19 @@ +### [CVE-2024-37404](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37404) +![](https://img.shields.io/static/v1?label=Product&message=Connect%20Secure&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Policy%20Secure&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=22.7R1.1%3C%2022.7R1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=22.7R2.1%3C%2022.7R2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-37437.md b/2024/CVE-2024-37437.md new file mode 100644 index 0000000000..ef390d7e18 --- /dev/null +++ b/2024/CVE-2024-37437.md @@ -0,0 +1,17 @@ +### [CVE-2024-37437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37437) +![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Website%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/BharatCyberForce/wp-hunter + diff --git a/2024/CVE-2024-3745.md b/2024/CVE-2024-3745.md index f1fdfad0d8..51f4f3259d 100644 --- a/2024/CVE-2024-3745.md +++ b/2024/CVE-2024-3745.md @@ -13,5 +13,6 @@ MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability - https://fluidattacks.com/advisories/gershwin/ #### Github +- https://github.com/Rydersel/PlaguewareCSGO_3.0 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-37450.md b/2024/CVE-2024-37450.md new file mode 100644 index 0000000000..374bd654bf --- /dev/null +++ b/2024/CVE-2024-37450.md @@ -0,0 +1,17 @@ +### [CVE-2024-37450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37450) +![](https://img.shields.io/static/v1?label=Product&message=Benevolent&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-37523.md b/2024/CVE-2024-37523.md new file mode 100644 index 0000000000..63a41d94d9 --- /dev/null +++ b/2024/CVE-2024-37523.md @@ -0,0 +1,17 @@ +### [CVE-2024-37523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37523) +![](https://img.shields.io/static/v1?label=Product&message=Login%20Logo%20Editor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AMP-MODE Login Logo Editor allows Stored XSS.This issue affects Login Logo Editor: from n/a through 1.3.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-37536.md b/2024/CVE-2024-37536.md new file mode 100644 index 0000000000..aaeb606ade --- /dev/null +++ b/2024/CVE-2024-37536.md @@ -0,0 +1,17 @@ +### [CVE-2024-37536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37536) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Custom%20Code%20(LESS%2FCSS%2FJS)%20%E2%80%93%20Live%20editing&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web357 Easy Custom Code (LESS/CSS/JS) – Live editing allows Stored XSS.This issue affects Easy Custom Code (LESS/CSS/JS) – Live editing: from n/a through 1.0.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-37549.md b/2024/CVE-2024-37549.md new file mode 100644 index 0000000000..8423330068 --- /dev/null +++ b/2024/CVE-2024-37549.md @@ -0,0 +1,17 @@ +### [CVE-2024-37549](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37549) +![](https://img.shields.io/static/v1?label=Product&message=Save%20as%20PDF%20plugin%20by%20Pdfcrowd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.0.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-37558.md b/2024/CVE-2024-37558.md new file mode 100644 index 0000000000..84332d8dd0 --- /dev/null +++ b/2024/CVE-2024-37558.md @@ -0,0 +1,17 @@ +### [CVE-2024-37558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37558) +![](https://img.shields.io/static/v1?label=Product&message=WPFavicon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-37569.md b/2024/CVE-2024-37569.md index 348ddea894..a284f8c922 100644 --- a/2024/CVE-2024-37569.md +++ b/2024/CVE-2024-37569.md @@ -14,4 +14,6 @@ An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.10 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/kwburns/CVE +- https://github.com/packetlabs/vulnerability-advisory diff --git a/2024/CVE-2024-37570.md b/2024/CVE-2024-37570.md index eb8c9e34f6..aa4c0d985a 100644 --- a/2024/CVE-2024-37570.md +++ b/2024/CVE-2024-37570.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/kwburns/CVE +- https://github.com/packetlabs/vulnerability-advisory diff --git a/2024/CVE-2024-37573.md b/2024/CVE-2024-37573.md new file mode 100644 index 0000000000..08a76d8471 --- /dev/null +++ b/2024/CVE-2024-37573.md @@ -0,0 +1,17 @@ +### [CVE-2024-37573](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37573) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInterceptor component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-37574.md b/2024/CVE-2024-37574.md new file mode 100644 index 0000000000..002293ad45 --- /dev/null +++ b/2024/CVE-2024-37574.md @@ -0,0 +1,17 @@ +### [CVE-2024-37574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37574) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-37575.md b/2024/CVE-2024-37575.md new file mode 100644 index 0000000000..23c7696179 --- /dev/null +++ b/2024/CVE-2024-37575.md @@ -0,0 +1,17 @@ +### [CVE-2024-37575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37575) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-37600.md b/2024/CVE-2024-37600.md new file mode 100644 index 0000000000..ae00ec4f91 --- /dev/null +++ b/2024/CVE-2024-37600.md @@ -0,0 +1,17 @@ +### [CVE-2024-37600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37600) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the Service Broker service. With prepared HTTP requests, an attacker can cause the Service-Broker service to fail. + +### POC + +#### Reference +- https://securelist.com/mercedes-benz-head-unit-security-research/115218/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37601.md b/2024/CVE-2024-37601.md new file mode 100644 index 0000000000..d34b4698be --- /dev/null +++ b/2024/CVE-2024-37601.md @@ -0,0 +1,17 @@ +### [CVE-2024-37601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37601) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. + +### POC + +#### Reference +- https://securelist.com/mercedes-benz-head-unit-security-research/115218/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37602.md b/2024/CVE-2024-37602.md new file mode 100644 index 0000000000..bf05b11584 --- /dev/null +++ b/2024/CVE-2024-37602.md @@ -0,0 +1,17 @@ +### [CVE-2024-37602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37602) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the AirTunes / AirPlay service. With prepared HTTP requests, an attacker can cause the Car Play service to fail. + +### POC + +#### Reference +- https://securelist.com/mercedes-benz-head-unit-security-research/115218/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37603.md b/2024/CVE-2024-37603.md new file mode 100644 index 0000000000..081bc3d96c --- /dev/null +++ b/2024/CVE-2024-37603.md @@ -0,0 +1,17 @@ +### [CVE-2024-37603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37603) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. + +### POC + +#### Reference +- https://securelist.com/mercedes-benz-head-unit-security-research/115218/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37606.md b/2024/CVE-2024-37606.md new file mode 100644 index 0000000000..8682c8c902 --- /dev/null +++ b/2024/CVE-2024-37606.md @@ -0,0 +1,18 @@ +### [CVE-2024-37606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37606) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/itwizardo/DCS932L-Emulation-CVE-2024-37606-Attack +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-37654.md b/2024/CVE-2024-37654.md new file mode 100644 index 0000000000..6f03622423 --- /dev/null +++ b/2024/CVE-2024-37654.md @@ -0,0 +1,17 @@ +### [CVE-2024-37654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37654) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before 3.9.2 allows a remote attacker to obtain sensitive information via a crafted HTTP GET request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DrieVlad/BAS-IP-vulnerabilities + diff --git a/2024/CVE-2024-3767.md b/2024/CVE-2024-3767.md index 6126a7ce63..e672d44263 100644 --- a/2024/CVE-2024-3767.md +++ b/2024/CVE-2024-3767.md @@ -1,11 +1,12 @@ ### [CVE-2024-3767](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3767) ![](https://img.shields.io/static/v1?label=Product&message=News%20Portal&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=SQL%20Injection&color=brighgreen) ### Description -A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260614 is the identifier assigned to this vulnerability. +A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. ### POC diff --git a/2024/CVE-2024-37726.md b/2024/CVE-2024-37726.md index c7bf0f7f63..bd9de5cb48 100644 --- a/2024/CVE-2024-37726.md +++ b/2024/CVE-2024-37726.md @@ -13,6 +13,8 @@ Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Cent - https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation #### Github +- https://github.com/NextGenPentesters/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation +- https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/silentEAG/awesome-stars diff --git a/2024/CVE-2024-37728.md b/2024/CVE-2024-37728.md new file mode 100644 index 0000000000..fddff807ba --- /dev/null +++ b/2024/CVE-2024-37728.md @@ -0,0 +1,18 @@ +### [CVE-2024-37728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37728) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface + +### POC + +#### Reference +- https://github.com/wy876/POC/blob/main/OfficeWeb365/OfficeWeb365_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md +- https://github.com/xuetang1125/OfficeWeb365/blob/main/OfficeWeb365_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3774.md b/2024/CVE-2024-3774.md index 7e69b6e7cb..78b10c256d 100644 --- a/2024/CVE-2024-3774.md +++ b/2024/CVE-2024-3774.md @@ -1,7 +1,8 @@ ### [CVE-2024-3774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3774) -![](https://img.shields.io/static/v1?label=Product&message=a%2BHRD%20&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=a%2BHRD&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%206.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-497%20Exposure%20of%20Sensitive%20System%20Information%20to%20an%20Unauthorized%20Control%20Sphere&color=brighgreen) ### Description diff --git a/2024/CVE-2024-37742.md b/2024/CVE-2024-37742.md index 9000fb3dcd..dce4343776 100644 --- a/2024/CVE-2024-37742.md +++ b/2024/CVE-2024-37742.md @@ -14,5 +14,6 @@ Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulne #### Github - https://github.com/Eteblue/CVE-2024-37742 +- https://github.com/cha0sk3rn3l/CVE-2024-37742 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37759.md b/2024/CVE-2024-37759.md index de989bdc6c..8718431dc5 100644 --- a/2024/CVE-2024-37759.md +++ b/2024/CVE-2024-37759.md @@ -13,5 +13,18 @@ DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression - https://github.com/crumbledwall/CVE-2024-37759_PoC #### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/crumbledwall/CVE-2024-37759_PoC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 diff --git a/2024/CVE-2024-37762.md b/2024/CVE-2024-37762.md index 226e155360..454f00ec5c 100644 --- a/2024/CVE-2024-37762.md +++ b/2024/CVE-2024-37762.md @@ -13,5 +13,6 @@ MachForm up to version 21 is affected by an authenticated unrestricted file uplo No PoCs from references. #### Github +- https://github.com/Atreb92/cve-2024-37762 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37763.md b/2024/CVE-2024-37763.md index d1e70af549..ccbfdb6d4f 100644 --- a/2024/CVE-2024-37763.md +++ b/2024/CVE-2024-37763.md @@ -13,5 +13,6 @@ MachForm up to version 19 is affected by an unauthenticated stored cross-site sc No PoCs from references. #### Github +- https://github.com/Atreb92/cve-2024-37763 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37764.md b/2024/CVE-2024-37764.md index 0ef916467d..c57416f966 100644 --- a/2024/CVE-2024-37764.md +++ b/2024/CVE-2024-37764.md @@ -13,5 +13,6 @@ MachForm up to version 19 is affected by an authenticated stored cross-site scri No PoCs from references. #### Github +- https://github.com/Atreb92/cve-2024-37764 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37765.md b/2024/CVE-2024-37765.md index babcc59b67..34ed93f1a2 100644 --- a/2024/CVE-2024-37765.md +++ b/2024/CVE-2024-37765.md @@ -13,5 +13,6 @@ Machform up to version 19 is affected by an authenticated Blind SQL injection in No PoCs from references. #### Github +- https://github.com/Atreb92/cve-2024-37765 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3777.md b/2024/CVE-2024-3777.md index 6a8d3ad293..1c6a2bd25d 100644 --- a/2024/CVE-2024-3777.md +++ b/2024/CVE-2024-3777.md @@ -1,7 +1,7 @@ ### [CVE-2024-3777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3777) -![](https://img.shields.io/static/v1?label=Product&message=QbiBot%20&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=QbiBot&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=earlier%3C%3D%208.0.4%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) ### Description diff --git a/2024/CVE-2024-37770.md b/2024/CVE-2024-37770.md index 322d854b25..fedd5196c4 100644 --- a/2024/CVE-2024-37770.md +++ b/2024/CVE-2024-37770.md @@ -13,5 +13,6 @@ No PoCs from references. #### Github +- https://github.com/k3ppf0r/CVE-2024-37770 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37782.md b/2024/CVE-2024-37782.md new file mode 100644 index 0000000000..b34427c640 --- /dev/null +++ b/2024/CVE-2024-37782.md @@ -0,0 +1,18 @@ +### [CVE-2024-37782](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37782) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field. + +### POC + +#### Reference +- https://medium.com/%40jkoreamo/centrestack-vulnerability-disclosure-d28dc8f21a56 +- https://medium.com/@jkoreamo/centrestack-vulnerability-disclosure-d28dc8f21a56 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37783.md b/2024/CVE-2024-37783.md new file mode 100644 index 0000000000..63a4ba3780 --- /dev/null +++ b/2024/CVE-2024-37783.md @@ -0,0 +1,18 @@ +### [CVE-2024-37783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37783) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx. + +### POC + +#### Reference +- https://medium.com/%40jkoreamo/centrestack-vulnerability-disclosure-d28dc8f21a56 +- https://medium.com/@jkoreamo/centrestack-vulnerability-disclosure-d28dc8f21a56 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37791.md b/2024/CVE-2024-37791.md index 646b51c7cd..8ab8d3bf75 100644 --- a/2024/CVE-2024-37791.md +++ b/2024/CVE-2024-37791.md @@ -13,5 +13,6 @@ DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the k - https://github.com/duxphp/DuxCMS3/issues/5 #### Github +- https://github.com/czheisenberg/CVE-2024-37791 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37816.md b/2024/CVE-2024-37816.md new file mode 100644 index 0000000000..86709c4c5f --- /dev/null +++ b/2024/CVE-2024-37816.md @@ -0,0 +1,17 @@ +### [CVE-2024-37816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37816) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/quectel-official/Quectel-Security + diff --git a/2024/CVE-2024-37844.md b/2024/CVE-2024-37844.md new file mode 100644 index 0000000000..9f9bab0312 --- /dev/null +++ b/2024/CVE-2024-37844.md @@ -0,0 +1,17 @@ +### [CVE-2024-37844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37844) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/herombey/Disclosures + diff --git a/2024/CVE-2024-37845.md b/2024/CVE-2024-37845.md new file mode 100644 index 0000000000..94dbe0374e --- /dev/null +++ b/2024/CVE-2024-37845.md @@ -0,0 +1,17 @@ +### [CVE-2024-37845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37845) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/herombey/Disclosures + diff --git a/2024/CVE-2024-37846.md b/2024/CVE-2024-37846.md new file mode 100644 index 0000000000..43c538a20f --- /dev/null +++ b/2024/CVE-2024-37846.md @@ -0,0 +1,17 @@ +### [CVE-2024-37846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37846) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/herombey/Disclosures + diff --git a/2024/CVE-2024-37847.md b/2024/CVE-2024-37847.md new file mode 100644 index 0000000000..ffe9a69a31 --- /dev/null +++ b/2024/CVE-2024-37847.md @@ -0,0 +1,17 @@ +### [CVE-2024-37847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37847) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/herombey/Disclosures + diff --git a/2024/CVE-2024-37855.md b/2024/CVE-2024-37855.md index 4c952339c7..908c96f7f1 100644 --- a/2024/CVE-2024-37855.md +++ b/2024/CVE-2024-37855.md @@ -13,5 +13,5 @@ An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verst - https://github.com/sudo-subho/nepstech-xpon-router-rce #### Github -No PoCs found on GitHub currently. +- https://github.com/baroi-ai/nepstech-xpon-router-rce diff --git a/2024/CVE-2024-37862.md b/2024/CVE-2024-37862.md new file mode 100644 index 0000000000..de471717b8 --- /dev/null +++ b/2024/CVE-2024-37862.md @@ -0,0 +1,17 @@ +### [CVE-2024-37862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37862) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-37868.md b/2024/CVE-2024-37868.md new file mode 100644 index 0000000000..8f9a2c4228 --- /dev/null +++ b/2024/CVE-2024-37868.md @@ -0,0 +1,17 @@ +### [CVE-2024-37868](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37868) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. + +### POC + +#### Reference +- https://github.com/TERRENCE-REX/CVE/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37869.md b/2024/CVE-2024-37869.md new file mode 100644 index 0000000000..5c802e41c9 --- /dev/null +++ b/2024/CVE-2024-37869.md @@ -0,0 +1,17 @@ +### [CVE-2024-37869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37869) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable + +### POC + +#### Reference +- https://github.com/TERRENCE-REX/CVE/issues/2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37888.md b/2024/CVE-2024-37888.md index 8226a78f5e..c95a1f854e 100644 --- a/2024/CVE-2024-37888.md +++ b/2024/CVE-2024-37888.md @@ -13,5 +13,6 @@ The Open Link is a CKEditor plugin, extending context menu with a possibility to No PoCs from references. #### Github +- https://github.com/7Ragnarok7/CVE-2024-37888 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37890.md b/2024/CVE-2024-37890.md index 7e94fb7101..784f8be08e 100644 --- a/2024/CVE-2024-37890.md +++ b/2024/CVE-2024-37890.md @@ -15,5 +15,6 @@ ws is an open source WebSocket client and server for Node.js. A request with a n - https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q #### Github +- https://github.com/GrammaTonic/github-runner - https://github.com/Meersalzeis/pingapp diff --git a/2024/CVE-2024-37891.md b/2024/CVE-2024-37891.md index c0113f6087..ed5f22b58d 100644 --- a/2024/CVE-2024-37891.md +++ b/2024/CVE-2024-37891.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/PBorocz/raindrop-io-py +- https://github.com/aplura/cribl_geese +- https://github.com/rsys-fchaliss/hebe diff --git a/2024/CVE-2024-37902.md b/2024/CVE-2024-37902.md new file mode 100644 index 0000000000..72149a93f5 --- /dev/null +++ b/2024/CVE-2024-37902.md @@ -0,0 +1,17 @@ +### [CVE-2024-37902](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37902) +![](https://img.shields.io/static/v1?label=Product&message=djl&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.1.0%2C%20%3C%200.28.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers version 0.27.0. Users are advised to upgrade. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mmvpm/app-sec-course + diff --git a/2024/CVE-2024-37921.md b/2024/CVE-2024-37921.md new file mode 100644 index 0000000000..6ce17b367c --- /dev/null +++ b/2024/CVE-2024-37921.md @@ -0,0 +1,17 @@ +### [CVE-2024-37921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37921) +![](https://img.shields.io/static/v1?label=Product&message=Chained%20Quiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-38014.md b/2024/CVE-2024-38014.md new file mode 100644 index 0000000000..605fe4bde7 --- /dev/null +++ b/2024/CVE-2024-38014.md @@ -0,0 +1,57 @@ +### [CVE-2024-38014](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38014) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20766%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7336%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6293%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4894%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4894%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2700%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3197%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4169%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4169%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1128%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1742%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22870%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27320%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27320%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25073%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22175%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Windows Installer Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/sec-consult/msiscan + diff --git a/2024/CVE-2024-38018.md b/2024/CVE-2024-38018.md new file mode 100644 index 0000000000..d2b3bdd4cf --- /dev/null +++ b/2024/CVE-2024-38018.md @@ -0,0 +1,21 @@ +### [CVE-2024-38018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38018) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Enterprise%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%20Subscription%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.10414.20002%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.17928.20086%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.5465.1001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Microsoft SharePoint Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/irsdl/ysonet + diff --git a/2024/CVE-2024-38022.md b/2024/CVE-2024-38022.md new file mode 100644 index 0000000000..4b7650827d --- /dev/null +++ b/2024/CVE-2024-38022.md @@ -0,0 +1,46 @@ +### [CVE-2024-38022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38022) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20710%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7159%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6054%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3079%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22074%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Windows Image Acquisition Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crisprss/CVEs + diff --git a/2024/CVE-2024-38023.md b/2024/CVE-2024-38023.md new file mode 100644 index 0000000000..79c958f5d7 --- /dev/null +++ b/2024/CVE-2024-38023.md @@ -0,0 +1,21 @@ +### [CVE-2024-38023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38023) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Enterprise%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%20Subscription%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.10412.20001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.17328.20424%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.5456.1000%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Microsoft SharePoint Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC + diff --git a/2024/CVE-2024-38024.md b/2024/CVE-2024-38024.md new file mode 100644 index 0000000000..c18d7ff22d --- /dev/null +++ b/2024/CVE-2024-38024.md @@ -0,0 +1,21 @@ +### [CVE-2024-38024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38024) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Enterprise%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%20Subscription%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.10412.20001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.17328.20424%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.5456.1000%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Microsoft SharePoint Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC + diff --git a/2024/CVE-2024-3803.md b/2024/CVE-2024-3803.md new file mode 100644 index 0000000000..21ab220cf5 --- /dev/null +++ b/2024/CVE-2024-3803.md @@ -0,0 +1,17 @@ +### [CVE-2024-3803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3803) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240408%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-38036.md b/2024/CVE-2024-38036.md new file mode 100644 index 0000000000..2472120236 --- /dev/null +++ b/2024/CVE-2024-38036.md @@ -0,0 +1,18 @@ +### [CVE-2024-38036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38036) +![](https://img.shields.io/static/v1?label=Product&message=Portal%20for%20ArcGIS%20Enterprise%20Experience%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=all%3C%3D%2011.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hnytgl/CVE-2024-38036 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-3804.md b/2024/CVE-2024-3804.md new file mode 100644 index 0000000000..4fb0dd7570 --- /dev/null +++ b/2024/CVE-2024-3804.md @@ -0,0 +1,17 @@ +### [CVE-2024-3804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3804) +![](https://img.shields.io/static/v1?label=Product&message=Cloud%20Desktop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240408%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-38041.md b/2024/CVE-2024-38041.md index 9562a30f9f..ece831820e 100644 --- a/2024/CVE-2024-38041.md +++ b/2024/CVE-2024-38041.md @@ -34,5 +34,7 @@ Windows Kernel Information Disclosure Vulnerability No PoCs from references. #### Github +- https://github.com/dgkim-dong/CVE-2024-38041 +- https://github.com/ghostbyt3/WinDriver-EXP - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-38054.md b/2024/CVE-2024-38054.md new file mode 100644 index 0000000000..2c07e40a03 --- /dev/null +++ b/2024/CVE-2024-38054.md @@ -0,0 +1,55 @@ +### [CVE-2024-38054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38054) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20710%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7159%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6054%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3079%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22769%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22074%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ycdxsb/WindowsPrivilegeEscalation +- https://github.com/youcannotseemeagain/ele + diff --git a/2024/CVE-2024-3806.md b/2024/CVE-2024-3806.md index 489d0b2c87..edb1002982 100644 --- a/2024/CVE-2024-3806.md +++ b/2024/CVE-2024-3806.md @@ -13,7 +13,9 @@ The Porto theme for WordPress is vulnerable to Local File Inclusion in all versi No PoCs from references. #### Github +- https://github.com/RandomRobbieBF/CVE-2024-3806 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-38061.md b/2024/CVE-2024-38061.md new file mode 100644 index 0000000000..268f98db4a --- /dev/null +++ b/2024/CVE-2024-38061.md @@ -0,0 +1,50 @@ +### [CVE-2024-38061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38061) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20710%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7159%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6054%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3079%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22074%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CICADA8-Research/COMThanasia + diff --git a/2024/CVE-2024-38063.md b/2024/CVE-2024-38063.md index 1291d09fa1..cd9558b471 100644 --- a/2024/CVE-2024-38063.md +++ b/2024/CVE-2024-38063.md @@ -26,11 +26,11 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6293%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2700%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3197%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) @@ -53,12 +53,52 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve +- https://github.com/AdminPentester/CVE-2024-38063- +- https://github.com/AliHj98/cve-2024-38063-Anonyvader +- https://github.com/Andromeda254/cve +- https://github.com/Anomaly-8/ZPOZAS_lab2 +- https://github.com/AntonioTanco/Disable-IPv6-via-Powershell +- https://github.com/ArenaldyP/CVE-2024-38063-Medium +- https://github.com/Blue-i-y/-S-Disable_IPv6 +- https://github.com/Dragkob/CVE-2024-38063 +- https://github.com/Faizan-Khanx/CVE-2024-38063 +- https://github.com/FrancescoDiSalesGithub/quick-fix-cve-2024-38063 - https://github.com/GhostTroops/TOP +- https://github.com/KernelKraze/CVE-2024-38063_PoC +- https://github.com/PumpkinBridge/Windows-CVE-2024-38063 +- https://github.com/Sachinart/CVE-2024-38063-poc +- https://github.com/Skac44/CVE-2024-38063 +- https://github.com/SlidingWindow/public_research_blogs +- https://github.com/Th3Tr1ckst3r/CVE-2024-38063 +- https://github.com/ThemeHackers/CVE-2024-38063 +- https://github.com/ZeroEthical/Windows-IPv6-DoS +- https://github.com/almogopp/Disable-IPv6-CVE-2024-38063-Fix +- https://github.com/becrevex/CVE-2024-38063 - https://github.com/being1943/my_rss_reader +- https://github.com/brownpanda29/Cve-2024-38063 +- https://github.com/cleverg0d/CVEs +- https://github.com/dakhama-mehdi/Disable_IPv6 +- https://github.com/diegoalbuquerque/CVE-2024-38063 +- https://github.com/dweger-scripts/CVE-2024-38063-Remediation +- https://github.com/evank800/Windows_DoS - https://github.com/fire17/awesome-stars +- https://github.com/fredagsguf/Windows-CVE-2024-38063 +- https://github.com/haroonawanofficial/AI-CVE-2024-38063-0-DAY +- https://github.com/idkwastaken/CVE-2024-38063 +- https://github.com/jip-0-0-0-0-0/CVE-2024-38063-scanner - https://github.com/kherrick/hacker-news +- https://github.com/megabyte-b/Project-Ares - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/noradlb1/CVE-2024-38063-VB +- https://github.com/patchpoint/CVE-2024-38063 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/ps-interactive/cve-2024-38063 - https://github.com/tanjiti/sec_profile +- https://github.com/thanawee321/CVE-2024-38063 +- https://github.com/tijldeneut/Security +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/ynwarcs/CVE-2024-38063 - https://github.com/zenzue/CVE-2024-38063-POC +- https://github.com/zhanpengliu-tencent/medium-cve - https://github.com/zhaoolee/garss diff --git a/2024/CVE-2024-3807.md b/2024/CVE-2024-3807.md index 659920471d..ff14649429 100644 --- a/2024/CVE-2024-3807.md +++ b/2024/CVE-2024-3807.md @@ -13,6 +13,8 @@ The Porto theme for WordPress is vulnerable to Local File Inclusion in all versi No PoCs from references. #### Github +- https://github.com/Threekiii/CVE - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-38077.md b/2024/CVE-2024-38077.md index 4f48f2363c..8274352569 100644 --- a/2024/CVE-2024-38077.md +++ b/2024/CVE-2024-38077.md @@ -36,12 +36,27 @@ No PoCs from references. #### Github - https://github.com/0xMarcio/cve +- https://github.com/Accord96/CVE-2024-38077-POC +- https://github.com/Andromeda254/cve +- https://github.com/BBD-YZZ/fyne-gui - https://github.com/BambiZombie/CVE-2024-38077-check +- https://github.com/Destiny0991/check_38077 - https://github.com/GhostTroops/TOP +- https://github.com/Kongchengsain/okm-review +- https://github.com/PatriceBertin/Security-Analyst +- https://github.com/Sec-Link/CVE-2024-38077 +- https://github.com/SecStarBot/CVE-2024-38077-POC - https://github.com/TrojanAZhen/Self_Back +- https://github.com/Wlibang/CVE-2024-38077 - https://github.com/atlassion/CVE-2024-38077-check - https://github.com/giterlizzi/secdb-feeds +- https://github.com/lworld0x00/CVE-2024-38077-notes +- https://github.com/mrmtwoj/CVE-2024-38077 +- https://github.com/murphysecurity/RDL-detect - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/psl-b/CVE-2024-38077-check +- https://github.com/qi4L/CVE-2024-38077 - https://github.com/silentEAG/awesome-stars - https://github.com/tanjiti/sec_profile +- https://github.com/zhuxi1965/CVE-2024-38077-RDLCheck diff --git a/2024/CVE-2024-38080.md b/2024/CVE-2024-38080.md new file mode 100644 index 0000000000..b3f3c9d76f --- /dev/null +++ b/2024/CVE-2024-38080.md @@ -0,0 +1,27 @@ +### [CVE-2024-38080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38080) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3079%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Hyper-V Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pwndorei/CVE-2024-38080 +- https://github.com/ycdxsb/WindowsPrivilegeEscalation + diff --git a/2024/CVE-2024-38081.md b/2024/CVE-2024-38081.md new file mode 100644 index 0000000000..d3282b962a --- /dev/null +++ b/2024/CVE-2024-38081.md @@ -0,0 +1,45 @@ +### [CVE-2024-38081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38081) +![](https://img.shields.io/static/v1?label=Product&message=.NET%206.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%202.0%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.0%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.7.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.8.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6%2F4.6.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6.2%2F4.7%2F4.7.1%2F4.7.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0.0%3C%2010.0.10240.20710%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.4.0%3C%2017.4.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=2.0.0%3C%202.0.50727.8977%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%202.0.50727.8977%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3.5.0%3C%203.5.30729.8971%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3.5.0%3C%203.5.30729.8972%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.7.0%3C%204.7.2.4101.03%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.7.0%3C%204.7.4101.01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.7.0%3C%204.7.4101.02%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.8.0%3C%204.8.04739.02%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.8.0%3C%204.8.4739.04%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.8.1%3C%204.8.1.9256.03%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MOHAN-SINGH-0/cybersecurity-Task-3 + diff --git a/2024/CVE-2024-38083.md b/2024/CVE-2024-38083.md new file mode 100644 index 0000000000..3bf18c15e8 --- /dev/null +++ b/2024/CVE-2024-38083.md @@ -0,0 +1,19 @@ +### [CVE-2024-38083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38083) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Edge%20for%20Android&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Edge%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20126.0.2592.56%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0.0%3C%20126.0.2592.56%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-449%3A%20The%20UI%20Performs%20the%20Wrong%20Action&color=brighgreen) + +### Description + +Microsoft Edge (Chromium-based) Spoofing Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RenwaX23/Address_Bar_Spoofing + diff --git a/2024/CVE-2024-38084.md b/2024/CVE-2024-38084.md new file mode 100644 index 0000000000..780f2f55aa --- /dev/null +++ b/2024/CVE-2024-38084.md @@ -0,0 +1,18 @@ +### [CVE-2024-38084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38084) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20OfficePLUS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%203.2.0.27546%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Microsoft OfficePlus Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/PatriceBertin/Security-Analyst +- https://github.com/crisprss/CVEs + diff --git a/2024/CVE-2024-38093.md b/2024/CVE-2024-38093.md new file mode 100644 index 0000000000..ed4015038f --- /dev/null +++ b/2024/CVE-2024-38093.md @@ -0,0 +1,17 @@ +### [CVE-2024-38093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38093) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Edge%20(Chromium-based)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20126.0.2592.68%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-451%3A%20User%20Interface%20(UI)%20Misrepresentation%20of%20Critical%20Information&color=brighgreen) + +### Description + +Microsoft Edge (Chromium-based) Spoofing Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RenwaX23/Address_Bar_Spoofing + diff --git a/2024/CVE-2024-38094.md b/2024/CVE-2024-38094.md new file mode 100644 index 0000000000..119edf546c --- /dev/null +++ b/2024/CVE-2024-38094.md @@ -0,0 +1,21 @@ +### [CVE-2024-38094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38094) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Enterprise%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%20Subscription%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.10412.20001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.17328.20424%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.5456.1000%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Microsoft SharePoint Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC + diff --git a/2024/CVE-2024-38095.md b/2024/CVE-2024-38095.md new file mode 100644 index 0000000000..c9e580c267 --- /dev/null +++ b/2024/CVE-2024-38095.md @@ -0,0 +1,32 @@ +### [CVE-2024-38095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38095) +![](https://img.shields.io/static/v1?label=Product&message=.NET%206.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=.NET%208.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%208.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.10%3C%2017.10.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.4.0%3C%2017.4.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.32%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%207.2.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%207.4.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +.NET and Visual Studio Denial of Service Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Commandcracker/vintagestory-docker +- https://github.com/MOHAN-SINGH-0/cybersecurity-Task-3 + diff --git a/2024/CVE-2024-38097.md b/2024/CVE-2024-38097.md new file mode 100644 index 0000000000..c9634bbd8c --- /dev/null +++ b/2024/CVE-2024-38097.md @@ -0,0 +1,17 @@ +### [CVE-2024-38097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38097) +![](https://img.shields.io/static/v1?label=Product&message=Azure%20Monitor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.30.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Azure Monitor Agent Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crisprss/CVEs + diff --git a/2024/CVE-2024-38098.md b/2024/CVE-2024-38098.md new file mode 100644 index 0000000000..5800721806 --- /dev/null +++ b/2024/CVE-2024-38098.md @@ -0,0 +1,17 @@ +### [CVE-2024-38098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38098) +![](https://img.shields.io/static/v1?label=Product&message=Azure%20Connected%20Machine%20Agent&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.44%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-59%3A%20Improper%20Link%20Resolution%20Before%20File%20Access%20('Link%20Following')&color=brighgreen) + +### Description + +Azure Connected Machine Agent Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crisprss/CVEs + diff --git a/2024/CVE-2024-38100.md b/2024/CVE-2024-38100.md index 88d78cc337..92fd6767ee 100644 --- a/2024/CVE-2024-38100.md +++ b/2024/CVE-2024-38100.md @@ -21,6 +21,9 @@ Windows File Explorer Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/CICADA8-Research/COMThanasia +- https://github.com/MzHmO/LeakedWallpaper - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2024/CVE-2024-38112.md b/2024/CVE-2024-38112.md index 11f356e8b1..61d6d84743 100644 --- a/2024/CVE-2024-38112.md +++ b/2024/CVE-2024-38112.md @@ -43,6 +43,9 @@ Windows MSHTML Platform Spoofing Vulnerability No PoCs from references. #### Github +- https://github.com/BunBunCodes/CPSC253_CybersecurityFinalProjectReports - https://github.com/apiverve/news-API +- https://github.com/hogehuga/threatWatchDog - https://github.com/thepcn3rd/goAdventures +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-38124.md b/2024/CVE-2024-38124.md new file mode 100644 index 0000000000..26b5a0bae9 --- /dev/null +++ b/2024/CVE-2024-38124.md @@ -0,0 +1,39 @@ +### [CVE-2024-38124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38124) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6414%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348..2762%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22918%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25118%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22221%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen) + +### Description + +Windows Netlogon Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tadash10/Detailed-Analysis-and-Mitigation-Strategies-for-CVE-2024-38124-and-CVE-2024-43468 + diff --git a/2024/CVE-2024-38127.md b/2024/CVE-2024-38127.md index b3f18e9bd6..e76f3fb5ba 100644 --- a/2024/CVE-2024-38127.md +++ b/2024/CVE-2024-38127.md @@ -49,4 +49,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/pwndorei/CVE-2024-38127 diff --git a/2024/CVE-2024-38143.md b/2024/CVE-2024-38143.md index 530854e07f..d8ff6d0b4a 100644 --- a/2024/CVE-2024-38143.md +++ b/2024/CVE-2024-38143.md @@ -39,4 +39,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/redr0nin/CVE-2024-38143 diff --git a/2024/CVE-2024-38144.md b/2024/CVE-2024-38144.md new file mode 100644 index 0000000000..9768c03b33 --- /dev/null +++ b/2024/CVE-2024-38144.md @@ -0,0 +1,57 @@ +### [CVE-2024-38144](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38144) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22825%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Dor00tkit/CVE-2024-38144 +- https://github.com/youcannotseemeagain/ele + diff --git a/2024/CVE-2024-38164.md b/2024/CVE-2024-38164.md new file mode 100644 index 0000000000..26c5304480 --- /dev/null +++ b/2024/CVE-2024-38164.md @@ -0,0 +1,17 @@ +### [CVE-2024-38164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38164) +![](https://img.shields.io/static/v1?label=Product&message=GroupMe&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-38193.md b/2024/CVE-2024-38193.md new file mode 100644 index 0000000000..8c07544169 --- /dev/null +++ b/2024/CVE-2024-38193.md @@ -0,0 +1,56 @@ +### [CVE-2024-38193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38193) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20751%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7259%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4780%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2655%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3147%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4037%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1085%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.1457%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22825%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27277%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25031%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22134%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/killvxk/CVE-2024-38193-Nephster + diff --git a/2024/CVE-2024-38200.md b/2024/CVE-2024-38200.md new file mode 100644 index 0000000000..d4bacf1531 --- /dev/null +++ b/2024/CVE-2024-38200.md @@ -0,0 +1,23 @@ +### [CVE-2024-38200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38200) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20365%20Apps%20for%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%20LTSC%202021&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.5461.1001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.1%3C%20https%3A%2F%2Faka.ms%2FOfficeSecurityReleases%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=19.0.0%3C%20https%3A%2F%2Faka.ms%2FOfficeSecurityReleases%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Microsoft Office Spoofing Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GhostTroops/TOP +- https://github.com/passtheticket/CVE-2024-38200 + diff --git a/2024/CVE-2024-38202.md b/2024/CVE-2024-38202.md index 18ab6d62bb..ce7df3c80d 100644 --- a/2024/CVE-2024-38202.md +++ b/2024/CVE-2024-38202.md @@ -13,12 +13,20 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3260%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.14393.0%3C%2010.0.14393.7428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.17763.0%3C%2010.0.17763.6414%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.19043.0%3C%2010.0.19044.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.19045.0%3C%2010.0.19045.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.20348.0%3C%2010.0.20348..2762%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.22621.0%3C%2010.0.22621.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.22631.0%3C%2010.0.22631.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.25398.0%3C%2010.0.25398.1189%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) ### Description -SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update... +SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.If there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert if an update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the Recommended Actions section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.If there are any further... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38202 ### POC @@ -26,5 +34,6 @@ SummaryMicrosoft was notified that an elevation of privilege vulnerability exist No PoCs from references. #### Github +- https://github.com/RaphaelEjike/Mitigating_CVEs - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-38213.md b/2024/CVE-2024-38213.md index 6afc7d8823..3b11c8706f 100644 --- a/2024/CVE-2024-38213.md +++ b/2024/CVE-2024-38213.md @@ -43,4 +43,6 @@ No PoCs from references. #### Github - https://github.com/giterlizzi/secdb-feeds +- https://github.com/ishwardeepp/CVE-2025-0411-MoTW-PoC +- https://github.com/koorchik/llm-analysis-of-text-data diff --git a/2024/CVE-2024-38227.md b/2024/CVE-2024-38227.md new file mode 100644 index 0000000000..f70729de3b --- /dev/null +++ b/2024/CVE-2024-38227.md @@ -0,0 +1,21 @@ +### [CVE-2024-38227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38227) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Enterprise%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20SharePoint%20Server%20Subscription%20Edition&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.10414.20002%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.17928.20086%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.5465.1001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Microsoft SharePoint Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-3825.md b/2024/CVE-2024-3825.md new file mode 100644 index 0000000000..1045c206e0 --- /dev/null +++ b/2024/CVE-2024-3825.md @@ -0,0 +1,17 @@ +### [CVE-2024-3825](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3825) +![](https://img.shields.io/static/v1?label=Product&message=BlazeMeter%20Jenkins%20plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%204.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001STsvYAG + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3826.md b/2024/CVE-2024-3826.md new file mode 100644 index 0000000000..181902eff3 --- /dev/null +++ b/2024/CVE-2024-3826.md @@ -0,0 +1,17 @@ +### [CVE-2024-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3826) +![](https://img.shields.io/static/v1?label=Product&message=Akana%20API%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2022.1.1%3C%202022.1.1%20(CVE-2024-3826%20Patch)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SUAfYAO + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38271.md b/2024/CVE-2024-38271.md new file mode 100644 index 0000000000..4926c89ace --- /dev/null +++ b/2024/CVE-2024-38271.md @@ -0,0 +1,17 @@ +### [CVE-2024-38271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38271) +![](https://img.shields.io/static/v1?label=Product&message=Nearby&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.1724.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-404%20Improper%20Resource%20Shutdown%20or%20Release&color=brighgreen) + +### Description + +There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share.This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SafeBreach-Labs/QuickShell + diff --git a/2024/CVE-2024-38272.md b/2024/CVE-2024-38272.md new file mode 100644 index 0000000000..20dcaa462c --- /dev/null +++ b/2024/CVE-2024-38272.md @@ -0,0 +1,17 @@ +### [CVE-2024-38272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38272) +![](https://img.shields.io/static/v1?label=Product&message=Nearby&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.0.1724.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-294%20Authentication%20Bypass%20by%20Capture-replay&color=brighgreen) + +### Description + +There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SafeBreach-Labs/QuickShell + diff --git a/2024/CVE-2024-38285.md b/2024/CVE-2024-38285.md new file mode 100644 index 0000000000..3fd6789f3b --- /dev/null +++ b/2024/CVE-2024-38285.md @@ -0,0 +1,17 @@ +### [CVE-2024-38285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38285) +![](https://img.shields.io/static/v1?label=Product&message=Vigilant%20Fixed%20LPR%20Coms%20Box%20(BCAV1F2-C600)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.1.171.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen) + +### Description + +Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ndouglas-cloudsmith/exploit-check + diff --git a/2024/CVE-2024-38286.md b/2024/CVE-2024-38286.md new file mode 100644 index 0000000000..8975ce6fb9 --- /dev/null +++ b/2024/CVE-2024-38286.md @@ -0,0 +1,17 @@ +### [CVE-2024-38286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38286) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=11.0.0-M1%3C%3D%2011.0.0-M20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/wskvfhprrk/FOMO-pay + diff --git a/2024/CVE-2024-38289.md b/2024/CVE-2024-38289.md index ac33043c9c..01d80f7300 100644 --- a/2024/CVE-2024-38289.md +++ b/2024/CVE-2024-38289.md @@ -13,5 +13,5 @@ A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoi - https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v #### Github -No PoCs found on GitHub currently. +- https://github.com/opendr-io/causality diff --git a/2024/CVE-2024-38305.md b/2024/CVE-2024-38305.md new file mode 100644 index 0000000000..8bf8ac3888 --- /dev/null +++ b/2024/CVE-2024-38305.md @@ -0,0 +1,18 @@ +### [CVE-2024-38305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38305) +![](https://img.shields.io/static/v1?label=Product&message=SupportAssist%20for%20Home%20PCs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.0.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-426%3A%20Untrusted%20Search%20Path&color=brighgreen) + +### Description + +Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sahil3276/sahil3276 +- https://github.com/soar3276/soar3276 + diff --git a/2024/CVE-2024-3832.md b/2024/CVE-2024-3832.md index a957c35a99..11569e3b97 100644 --- a/2024/CVE-2024-3832.md +++ b/2024/CVE-2024-3832.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-3833.md b/2024/CVE-2024-3833.md index 8f2c528171..45ba8bcc58 100644 --- a/2024/CVE-2024-3833.md +++ b/2024/CVE-2024-3833.md @@ -13,5 +13,6 @@ Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed No PoCs from references. #### Github +- https://github.com/XiaomingX/weekly - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-3834.md b/2024/CVE-2024-3834.md index 894742ad0c..66268ea127 100644 --- a/2024/CVE-2024-3834.md +++ b/2024/CVE-2024-3834.md @@ -14,4 +14,5 @@ Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a re #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/zhchbin/zhchbin diff --git a/2024/CVE-2024-38365.md b/2024/CVE-2024-38365.md new file mode 100644 index 0000000000..76d8ca709a --- /dev/null +++ b/2024/CVE-2024-38365.md @@ -0,0 +1,17 @@ +### [CVE-2024-38365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38365) +![](https://img.shields.io/static/v1?label=Product&message=btcd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.10.0%2C%20%3C%200.24.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-670%3A%20Always-Incorrect%20Control%20Flow%20Implementation&color=brighgreen) + +### Description + +btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a "standard" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = " "` and `dataToRemove = "data"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue. + +### POC + +#### Reference +- https://delvingbitcoin.org/t/cve-2024-38365-public-disclosure-btcd-findanddelete-bug/1184 + +#### Github +- https://github.com/Michael-Meade/Links-Repository + diff --git a/2024/CVE-2024-38366.md b/2024/CVE-2024-38366.md index c5a6545a26..f02df64c44 100644 --- a/2024/CVE-2024-38366.md +++ b/2024/CVE-2024-38366.md @@ -13,5 +13,6 @@ trunk.cocoapods.org is the authentication server for the CoacoaPods dependency m No PoCs from references. #### Github +- https://github.com/ReeFSpeK/CocoaPods-RCE_CVE-2024-38366 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-38392.md b/2024/CVE-2024-38392.md new file mode 100644 index 0000000000..b09835970b --- /dev/null +++ b/2024/CVE-2024-38392.md @@ -0,0 +1,17 @@ +### [CVE-2024-38392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38392) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zeropwn/zeropwn + diff --git a/2024/CVE-2024-38399.md b/2024/CVE-2024-38399.md new file mode 100644 index 0000000000..c80db01b95 --- /dev/null +++ b/2024/CVE-2024-38399.md @@ -0,0 +1,18 @@ +### [CVE-2024-38399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38399) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20FastConnect%206900%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Memory corruption while processing user packets to generate page faults. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/Shreyas-Penkar/CVE-2024-38399 + diff --git a/2024/CVE-2024-38402.md b/2024/CVE-2024-38402.md new file mode 100644 index 0000000000..5fa7341381 --- /dev/null +++ b/2024/CVE-2024-38402.md @@ -0,0 +1,17 @@ +### [CVE-2024-38402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38402) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20AR8035%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Memory corruption while processing IOCTL call for getting group info. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-38426.md b/2024/CVE-2024-38426.md new file mode 100644 index 0000000000..10aa96f4fd --- /dev/null +++ b/2024/CVE-2024-38426.md @@ -0,0 +1,17 @@ +### [CVE-2024-38426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38426) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20315%205G%20IoT%20Modem%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +While processing the authentication message in UE, improper authentication may lead to information disclosure. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SyNSec-den/Proteus + diff --git a/2024/CVE-2024-38428.md b/2024/CVE-2024-38428.md new file mode 100644 index 0000000000..1628a983c8 --- /dev/null +++ b/2024/CVE-2024-38428.md @@ -0,0 +1,19 @@ +### [CVE-2024-38428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38428) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Dgporte/ExerciciosDockerPB2025 +- https://github.com/OzNetNerd/CheckovOutputProcessor +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-38434.md b/2024/CVE-2024-38434.md new file mode 100644 index 0000000000..55f0cc2b91 --- /dev/null +++ b/2024/CVE-2024-38434.md @@ -0,0 +1,17 @@ +### [CVE-2024-38434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38434) +![](https://img.shields.io/static/v1?label=Product&message=Vision%20PLC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=All%20versions%3C%20Upgrade%20to%20v9.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-676%3A%20Use%20of%20Potentially%20Dangerous%20Function&color=brighgreen) + +### Description + +Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/claroty/PCOM-Tools + diff --git a/2024/CVE-2024-38440.md b/2024/CVE-2024-38440.md new file mode 100644 index 0000000000..dd584ec6ae --- /dev/null +++ b/2024/CVE-2024-38440.md @@ -0,0 +1,17 @@ +### [CVE-2024-38440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38440) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=, rbuflen=) ... afp_over_dsi(obj=0x5555556154c0 ).' 2.4.1 and 3.1.19 are also fixed versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/north-vuln-intel/nvi-api-documentation + diff --git a/2024/CVE-2024-38459.md b/2024/CVE-2024-38459.md new file mode 100644 index 0000000000..4e5d5c6655 --- /dev/null +++ b/2024/CVE-2024-38459.md @@ -0,0 +1,19 @@ +### [CVE-2024-38459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38459) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/franzheffa/video-search-and-summarization-viize +- https://github.com/gil-feldman-glidetalk/video-search-and-summarization +- https://github.com/rmkraus/video-search-and-summarization + diff --git a/2024/CVE-2024-38472.md b/2024/CVE-2024-38472.md index 20d74c051c..8d7a759b5d 100644 --- a/2024/CVE-2024-38472.md +++ b/2024/CVE-2024-38472.md @@ -5,7 +5,7 @@ ### Description -SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. +SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. ### POC @@ -13,5 +13,12 @@ SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to No PoCs from references. #### Github +- https://github.com/Abdurahmon3236/CVE-2024-38472 +- https://github.com/GhostTroops/TOP +- https://github.com/NeoOniX/5ATTACK +- https://github.com/Y09a514/Test-Apache-Vulnerability +- https://github.com/kennyHuang1110/apache-confusion-scanner +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/mrmtwoj/apache-vulnerability-testing - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-38473.md b/2024/CVE-2024-38473.md index 52cc6c82b5..6ed536c2d2 100644 --- a/2024/CVE-2024-38473.md +++ b/2024/CVE-2024-38473.md @@ -13,5 +13,13 @@ Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows re No PoCs from references. #### Github +- https://github.com/Abdurahmon3236/CVE-2024-38473 +- https://github.com/GhostTroops/TOP +- https://github.com/NeoOniX/5ATTACK +- https://github.com/Y09a514/Test-Apache-Vulnerability +- https://github.com/juanschallibaum/CVE-2024-38473-Nuclei-Template +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/mmtalsi/toolbox +- https://github.com/mrmtwoj/apache-vulnerability-testing - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-38474.md b/2024/CVE-2024-38474.md new file mode 100644 index 0000000000..990abf73d7 --- /dev/null +++ b/2024/CVE-2024-38474.md @@ -0,0 +1,25 @@ +### [CVE-2024-38474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts indirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.Users are recommended to upgrade to version 2.4.60, which fixes this issue.Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GhostTroops/TOP +- https://github.com/NeoOniX/5ATTACK +- https://github.com/Y09a514/Test-Apache-Vulnerability +- https://github.com/dusbot/cpe2cve +- https://github.com/ere6u5/-containerization-security-assessment- +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/mimishak-um/Vulnerability-Scanner +- https://github.com/minektur/rhel8-cve-eratta-checker +- https://github.com/mrmtwoj/apache-vulnerability-testing + diff --git a/2024/CVE-2024-38475.md b/2024/CVE-2024-38475.md index 39504934cd..6e9f59792b 100644 --- a/2024/CVE-2024-38475.md +++ b/2024/CVE-2024-38475.md @@ -13,5 +13,20 @@ Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earl No PoCs from references. #### Github +- https://github.com/GhostTroops/TOP +- https://github.com/NeoOniX/5ATTACK +- https://github.com/Ostorlab/KEV +- https://github.com/Y09a514/Test-Apache-Vulnerability +- https://github.com/abrewer251/CVE-2024-38475_SonicBoom_Apache_URL_Traversal_PoC +- https://github.com/dusbot/cpe2cve +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/mrmtwoj/apache-vulnerability-testing - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/opendr-io/causality +- https://github.com/p0in7s/CVE-2024-38475 +- https://github.com/packetinside/CISA_BOT +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/soltanali0/CVE-2024-38475 +- https://github.com/syaifulandy/CVE-2024-38475 +- https://github.com/watchtowrlabs/watchTowr-vs-SonicWall-PreAuth-RCE-Chain diff --git a/2024/CVE-2024-38476.md b/2024/CVE-2024-38476.md new file mode 100644 index 0000000000..67ddb2448c --- /dev/null +++ b/2024/CVE-2024-38476.md @@ -0,0 +1,24 @@ +### [CVE-2024-38476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-829%20Inclusion%20of%20Functionality%20from%20Untrusted%20Control%20Sphere&color=brighgreen) + +### Description + +Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.Users are recommended to upgrade to version 2.4.60, which fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GhostTroops/TOP +- https://github.com/NeoOniX/5ATTACK +- https://github.com/Y09a514/Test-Apache-Vulnerability +- https://github.com/dusbot/cpe2cve +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/lekctut/sdb-hw-13-01 +- https://github.com/mrmtwoj/apache-vulnerability-testing +- https://github.com/pedr0alencar/vlab-metasploitable2 + diff --git a/2024/CVE-2024-38477.md b/2024/CVE-2024-38477.md new file mode 100644 index 0000000000..6ccd421d5e --- /dev/null +++ b/2024/CVE-2024-38477.md @@ -0,0 +1,23 @@ +### [CVE-2024-38477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.Users are recommended to upgrade to version 2.4.60, which fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GhostTroops/TOP +- https://github.com/NeoOniX/5ATTACK +- https://github.com/Y09a514/Test-Apache-Vulnerability +- https://github.com/dusbot/cpe2cve +- https://github.com/kennyHuang1110/apache-confusion-scanner +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/mrmtwoj/apache-vulnerability-testing + diff --git a/2024/CVE-2024-38510.md b/2024/CVE-2024-38510.md new file mode 100644 index 0000000000..6c40cbb689 --- /dev/null +++ b/2024/CVE-2024-38510.md @@ -0,0 +1,17 @@ +### [CVE-2024-38510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38510) +![](https://img.shields.io/static/v1?label=Product&message=XClarity%20Controller&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20various%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tmac997/tmac997 + diff --git a/2024/CVE-2024-3852.md b/2024/CVE-2024-3852.md new file mode 100644 index 0000000000..ecc1abfba8 --- /dev/null +++ b/2024/CVE-2024-3852.md @@ -0,0 +1,20 @@ +### [CVE-2024-3852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3852) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20115.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20125%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=GetBoundName%20in%20the%20JIT%20returned%20the%20wrong%20object&color=brighgreen) + +### Description + +GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1883542 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38526.md b/2024/CVE-2024-38526.md index 361b638b73..28fb480582 100644 --- a/2024/CVE-2024-38526.md +++ b/2024/CVE-2024-38526.md @@ -13,5 +13,7 @@ pdoc provides API Documentation for Python Projects. Documentation generated wit - https://www.vicarius.io/vsociety/posts/polyfillio-in-pdoc-cve-2024-38526 #### Github -No PoCs found on GitHub currently. +- https://github.com/padayali-JD/pollyscan +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/putget/CVE-2024-38526 diff --git a/2024/CVE-2024-38537.md b/2024/CVE-2024-38537.md index fef7ddbf62..3349c0a3d9 100644 --- a/2024/CVE-2024-38537.md +++ b/2024/CVE-2024-38537.md @@ -13,5 +13,6 @@ Fides is an open-source privacy engineering platform. `fides.js`, a client-side No PoCs from references. #### Github +- https://github.com/Havoc10-sw/Detect_polyfill_CVE-2024-38537- - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3854.md b/2024/CVE-2024-3854.md index 435e13abcd..e0e665ab42 100644 --- a/2024/CVE-2024-3854.md +++ b/2024/CVE-2024-3854.md @@ -16,6 +16,7 @@ In some code patterns the JIT incorrectly optimized switch statements and genera No PoCs from references. #### Github +- https://github.com/5211-yx/javascript_fuzzer - https://github.com/googleprojectzero/fuzzilli - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2024/CVE-2024-38541.md b/2024/CVE-2024-38541.md new file mode 100644 index 0000000000..586cb5f4e4 --- /dev/null +++ b/2024/CVE-2024-38541.md @@ -0,0 +1,18 @@ +### [CVE-2024-38541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38541) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=bc575064d688c8933a6ca51429bea9bc63628d3b%3C%20c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:of: module: add buffer overflow check in of_modalias()In of_modalias(), if the buffer happens to be too small even for the 1stsnprintf() call, the len parameter will become negative and str parameter(if not NULL initially) will point beyond the buffer's end. Add the bufferoverflow check after the 1st snprintf() call and fix such check after thestrlen() call (accounting for the terminating NUL char). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/jeffscyberjournal/Wazuh-Siem + diff --git a/2024/CVE-2024-3855.md b/2024/CVE-2024-3855.md index 16683d7ebf..862a92942b 100644 --- a/2024/CVE-2024-3855.md +++ b/2024/CVE-2024-3855.md @@ -13,6 +13,7 @@ In certain cases the JIT incorrectly optimized MSubstr operations, which led to No PoCs from references. #### Github +- https://github.com/5211-yx/javascript_fuzzer - https://github.com/googleprojectzero/fuzzilli - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2024/CVE-2024-3856.md b/2024/CVE-2024-3856.md new file mode 100644 index 0000000000..a08edb041a --- /dev/null +++ b/2024/CVE-2024-3856.md @@ -0,0 +1,17 @@ +### [CVE-2024-3856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3856) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20125%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use-after-free%20in%20WASM%20garbage%20collection&color=brighgreen) + +### Description + +A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1885829 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3857.md b/2024/CVE-2024-3857.md index 3d7c659ea9..5f7bdec083 100644 --- a/2024/CVE-2024-3857.md +++ b/2024/CVE-2024-3857.md @@ -16,6 +16,7 @@ The JIT created incorrect code for arguments in certain cases. This led to poten No PoCs from references. #### Github +- https://github.com/5211-yx/javascript_fuzzer - https://github.com/googleprojectzero/fuzzilli - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2024/CVE-2024-38570.md b/2024/CVE-2024-38570.md new file mode 100644 index 0000000000..a73fd59845 --- /dev/null +++ b/2024/CVE-2024-38570.md @@ -0,0 +1,18 @@ +### [CVE-2024-38570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=fb6791d100d1%3C%200636b34b4458%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:gfs2: Fix potential glock use-after-free on unmountWhen a DLM lockspace is released and there ares still locks in thatlockspace, DLM will unlock those locks automatically. Commitfb6791d100d1b started exploiting this behavior to speed up filesystemunmount: gfs2 would simply free glocks it didn't want to unlock and thenrelease the lockspace. This didn't take the bast callbacks forasynchronous lock contention notifications into account, which remainactive until until a lock is unlocked or its lockspace is released.To prevent those callbacks from accessing deallocated objects, put theglocks that should not be unlocked on the sd_dead_glocks list, releasethe lockspace, and only then free those glocks.As an additional measure, ignore unexpected ast and bast callbacks ifthe receiving glock is dead. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-38575.md b/2024/CVE-2024-38575.md new file mode 100644 index 0000000000..2f3c999cc9 --- /dev/null +++ b/2024/CVE-2024-38575.md @@ -0,0 +1,17 @@ +### [CVE-2024-38575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=c35105f375b5%3C%200eb2c0528e23%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:wifi: brcmfmac: pcie: handle randbuf allocation failureThe kzalloc() in brcmf_pcie_download_fw_nvram() will return nullif the physical memory has run out. As a result, if we useget_random_bytes() to generate random bytes in the randbuf, thenull pointer dereference bug will happen.In order to prevent allocation failure, this patch adds a separatefunction using buffer on kernel stack to generate random bytes inthe randbuf, which could prevent the kernel stack from overflow. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/owenneal/lkml-patch-analysis + diff --git a/2024/CVE-2024-3858.md b/2024/CVE-2024-3858.md index b22c394a12..7e76960dbd 100644 --- a/2024/CVE-2024-3858.md +++ b/2024/CVE-2024-3858.md @@ -13,6 +13,7 @@ It was possible to mutate a JavaScript object so that the JIT could crash while No PoCs from references. #### Github +- https://github.com/5211-yx/javascript_fuzzer - https://github.com/googleprojectzero/fuzzilli - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2024/CVE-2024-3859.md b/2024/CVE-2024-3859.md new file mode 100644 index 0000000000..bbc8f87f77 --- /dev/null +++ b/2024/CVE-2024-3859.md @@ -0,0 +1,20 @@ +### [CVE-2024-3859](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3859) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20115.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20125%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Integer-overflow%20led%20to%20out-of-bounds-read%20in%20the%20OpenType%20sanitizer&color=brighgreen) + +### Description + +On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38608.md b/2024/CVE-2024-38608.md new file mode 100644 index 0000000000..c3113e644d --- /dev/null +++ b/2024/CVE-2024-38608.md @@ -0,0 +1,17 @@ +### [CVE-2024-38608](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38608) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2c3b5beec46a%3C%20f7e6cfb864a5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net/mlx5e: Fix netif state handlingmlx5e_suspend cleans resources only if netif_device_present() returnstrue. However, mlx5e_resume changes the state of netif, viamlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.In the below case, the above leads to NULL-ptr Oops[1] and memoryleaks:mlx5e_probe _mlx5e_resume mlx5e_attach_netdev mlx5e_nic_enable <-- netdev not reg, not calling netif_device_attach() register_netdev <-- failed for some reason.ERROR_FLOW: _mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(Hence, clean resources in this case as well.[1]BUG: kernel NULL pointer dereference, address: 0000000000000000PGD 0 P4D 0Oops: 0010 [#1] SMPCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014RIP: 0010:0x0Code: Unable to access opcode bytes at0xffffffffffffffd6.RSP: 0018:ffff888178aaf758 EFLAGS: 00010246Call Trace: ? __die+0x20/0x60 ? page_fault_oops+0x14c/0x3c0 ? exc_page_fault+0x75/0x140 ? asm_exc_page_fault+0x22/0x30 notifier_call_chain+0x35/0xb0 blocking_notifier_call_chain+0x3d/0x60 mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core] mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core] mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib] mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib] __mlx5_ib_add+0x34/0xd0 [mlx5_ib] mlx5r_probe+0xe1/0x210 [mlx5_ib] ? auxiliary_match_id+0x6a/0x90 auxiliary_bus_probe+0x38/0x80 ? driver_sysfs_add+0x51/0x80 really_probe+0xc9/0x3e0 ? driver_probe_device+0x90/0x90 __driver_probe_device+0x80/0x160 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 bus_for_each_drv+0x80/0xd0 __device_attach+0xbc/0x1f0 bus_probe_device+0x86/0xa0 device_add+0x637/0x840 __auxiliary_device_add+0x3b/0xa0 add_adev+0xc9/0x140 [mlx5_core] mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core] mlx5_register_device+0x53/0xa0 [mlx5_core] mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core] mlx5_init_one+0x3b/0x60 [mlx5_core] probe_one+0x44c/0x730 [mlx5_core] local_pci_probe+0x3e/0x90 pci_device_probe+0xbf/0x210 ? kernfs_create_link+0x5d/0xa0 ? sysfs_do_create_link_sd+0x60/0xc0 really_probe+0xc9/0x3e0 ? driver_probe_device+0x90/0x90 __driver_probe_device+0x80/0x160 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 bus_for_each_drv+0x80/0xd0 __device_attach+0xbc/0x1f0 pci_bus_add_device+0x54/0x80 pci_iov_add_virtfn+0x2e6/0x320 sriov_enable+0x208/0x420 mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core] sriov_numvfs_store+0xae/0x1a0 kernfs_fop_write_iter+0x10c/0x1a0 vfs_write+0x291/0x3c0 ksys_write+0x5f/0xe0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oogasawa/Utility-security + diff --git a/2024/CVE-2024-38630.md b/2024/CVE-2024-38630.md new file mode 100644 index 0000000000..b2f2446afe --- /dev/null +++ b/2024/CVE-2024-38630.md @@ -0,0 +1,17 @@ +### [CVE-2024-38630](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38630) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%209b1c063ffc07%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_triggerWhen the cpu5wdt module is removing, the origin code uses del_timer() tode-activate the timer. If the timer handler is running, del_timer() couldnot stop it and will return directly. If the port region is released byrelease_region() and then the timer handler cpu5wdt_trigger() calls outb()to write into the region that is released, the use-after-free bug willhappen.Change del_timer() to timer_shutdown_sync() in order that the timer handlercould be finished before the port region is released. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-38652.md b/2024/CVE-2024-38652.md index 5b4db09b38..fe0a6c4d91 100644 --- a/2024/CVE-2024-38652.md +++ b/2024/CVE-2024-38652.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-38653.md b/2024/CVE-2024-38653.md index 595f5dba3c..43a0be47e0 100644 --- a/2024/CVE-2024-38653.md +++ b/2024/CVE-2024-38653.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/opendr-io/causality +- https://github.com/pwnfuzz/POCs diff --git a/2024/CVE-2024-38688.md b/2024/CVE-2024-38688.md index edbad972d2..c0d7d05006 100644 --- a/2024/CVE-2024-38688.md +++ b/2024/CVE-2024-38688.md @@ -1,11 +1,11 @@ ### [CVE-2024-38688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38688) -![](https://img.shields.io/static/v1?label=Product&message=Recipe%20Maker%20For%20Your%20Food%20Blog%20from%20Zip%20Recipes&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%208.2.6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -Missing Authorization vulnerability in Igor Benić Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6. +** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ### POC diff --git a/2024/CVE-2024-38689.md b/2024/CVE-2024-38689.md new file mode 100644 index 0000000000..23414abbea --- /dev/null +++ b/2024/CVE-2024-38689.md @@ -0,0 +1,17 @@ +### [CVE-2024-38689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38689) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Popup&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows Stored XSS.This issue affects Simple Popup: from n/a through 4.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-38724.md b/2024/CVE-2024-38724.md index 15dbe2835f..d27ee257b4 100644 --- a/2024/CVE-2024-38724.md +++ b/2024/CVE-2024-38724.md @@ -14,5 +14,6 @@ Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web P No PoCs from references. #### Github +- https://github.com/Cr0nu3/Cr0nu3 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-38738.md b/2024/CVE-2024-38738.md new file mode 100644 index 0000000000..cc21b73972 --- /dev/null +++ b/2024/CVE-2024-38738.md @@ -0,0 +1,17 @@ +### [CVE-2024-38738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38738) +![](https://img.shields.io/static/v1?label=Product&message=Change%20From%20Email&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Kadanka Change From Email allows Stored XSS.This issue affects Change From Email: from n/a through 1.2.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Cr0nu3/Cr0nu3 + diff --git a/2024/CVE-2024-3874.md b/2024/CVE-2024-3874.md index ef22af9968..cf1fa40f25 100644 --- a/2024/CVE-2024-3874.md +++ b/2024/CVE-2024-3874.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as criti #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-3875.md b/2024/CVE-2024-3875.md index 38f422a505..4b39c0c480 100644 --- a/2024/CVE-2024-3875.md +++ b/2024/CVE-2024-3875.md @@ -14,5 +14,6 @@ A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as cri #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-3876.md b/2024/CVE-2024-3876.md index 9d2eb302a0..78283721d4 100644 --- a/2024/CVE-2024-3876.md +++ b/2024/CVE-2024-3876.md @@ -14,5 +14,6 @@ A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(40 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-3877.md b/2024/CVE-2024-3877.md index 2e6b1f000f..fd6b6585ac 100644 --- a/2024/CVE-2024-3877.md +++ b/2024/CVE-2024-3877.md @@ -14,4 +14,5 @@ A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). A #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-3878.md b/2024/CVE-2024-3878.md index 694eb8d8dc..7072b522a2 100644 --- a/2024/CVE-2024-3878.md +++ b/2024/CVE-2024-3878.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, has been found in Tenda F1202 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-3879.md b/2024/CVE-2024-3879.md index 1564a5e4b4..906f8d0505 100644 --- a/2024/CVE-2024-3879.md +++ b/2024/CVE-2024-3879.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-38793.md b/2024/CVE-2024-38793.md index ae6dcabcdd..86f44b821e 100644 --- a/2024/CVE-2024-38793.md +++ b/2024/CVE-2024-38793.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ret2desync/CVE-2024-38793-PoC diff --git a/2024/CVE-2024-3880.md b/2024/CVE-2024-3880.md index b28de7a721..58d7710568 100644 --- a/2024/CVE-2024-3880.md +++ b/2024/CVE-2024-3880.md @@ -14,4 +14,5 @@ A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as cri #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-38807.md b/2024/CVE-2024-38807.md index b24172e7c1..274e808392 100644 --- a/2024/CVE-2024-38807.md +++ b/2024/CVE-2024-38807.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-38809.md b/2024/CVE-2024-38809.md new file mode 100644 index 0000000000..1ac471d102 --- /dev/null +++ b/2024/CVE-2024-38809.md @@ -0,0 +1,19 @@ +### [CVE-2024-38809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38809) +![](https://img.shields.io/static/v1?label=Product&message=Spring%20Framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.1.0%20-%206.1.11%2C%206.0.0%20-%206.0.22%2C%205.3.0%20-%205.3.37%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Spring%20Framework%20DoS%20via%20conditional%20HTTP%20request&color=brighgreen) + +### Description + +Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.Users of affected versions should upgrade to the corresponding fixed version.Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ch4n3-yoon/ch4n3-yoon +- https://github.com/diegopacheco/Smith +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-3881.md b/2024/CVE-2024-3881.md index d3b20f216a..b233f9826d 100644 --- a/2024/CVE-2024-3881.md +++ b/2024/CVE-2024-3881.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-38812.md b/2024/CVE-2024-38812.md new file mode 100644 index 0000000000..71d13f91dd --- /dev/null +++ b/2024/CVE-2024-38812.md @@ -0,0 +1,21 @@ +### [CVE-2024-38812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38812) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20vCenter%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8.0%3C%208.0%20U3b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/ascii42/check_vmware_cve +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-38813.md b/2024/CVE-2024-38813.md new file mode 100644 index 0000000000..cc8bc08be7 --- /dev/null +++ b/2024/CVE-2024-38813.md @@ -0,0 +1,20 @@ +### [CVE-2024-38813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38813) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20vCenter%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8.0%3C%208.0%20U3b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-273%20Improper%20Check%20for%20Dropped%20Privileges&color=brighgreen) + +### Description + +The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-38816.md b/2024/CVE-2024-38816.md new file mode 100644 index 0000000000..a81a25d124 --- /dev/null +++ b/2024/CVE-2024-38816.md @@ -0,0 +1,39 @@ +### [CVE-2024-38816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38816) +![](https://img.shields.io/static/v1?label=Product&message=Spring&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource locationHowever, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use * the application runs on Tomcat or Jetty + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/Anthony1078/App-vulnerable +- https://github.com/CllmsyK/YYBaby-Spring_Scan +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Threekiii/CVE +- https://github.com/WULINPIN/CVE-2024-38816-PoC +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/diegopacheco/Smith +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/jaloon/spring-webmvc5 +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/startsw1th/cve-2024-38816-demo +- https://github.com/swarathesh/AI-Experts +- https://github.com/tanjiti/sec_profile +- https://github.com/wdragondragon/spring-framework + diff --git a/2024/CVE-2024-38819.md b/2024/CVE-2024-38819.md new file mode 100644 index 0000000000..6911a26c9e --- /dev/null +++ b/2024/CVE-2024-38819.md @@ -0,0 +1,30 @@ +### [CVE-2024-38819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38819) +![](https://img.shields.io/static/v1?label=Product&message=Spring%20Framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Spring%20Framework%205.3.0%20-%205.3.40%2C%206.0.0%20-%206.0.24%2C%206.1.0%20-%206.1.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GhostS3c/CVE-2024-38819 +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Ostorlab/KEV +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/diegopacheco/Smith +- https://github.com/jaloon/spring-webmvc5 +- https://github.com/masa42/CVE-2024-38819-POC +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/skrkcb2/Secure +- https://github.com/skrkcb2/cve-2024-38819 +- https://github.com/swarathesh/AI-Experts +- https://github.com/vishalnoza/CVE-2024-38819-POC2 +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-3882.md b/2024/CVE-2024-3882.md index cf0e0683c1..1ac54a8199 100644 --- a/2024/CVE-2024-3882.md +++ b/2024/CVE-2024-3882.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-38820.md b/2024/CVE-2024-38820.md new file mode 100644 index 0000000000..fc4c1fdc61 --- /dev/null +++ b/2024/CVE-2024-38820.md @@ -0,0 +1,17 @@ +### [CVE-2024-38820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38820) +![](https://img.shields.io/static/v1?label=Product&message=Spring&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/diegopacheco/Smith + diff --git a/2024/CVE-2024-38821.md b/2024/CVE-2024-38821.md new file mode 100644 index 0000000000..ec280f3d8b --- /dev/null +++ b/2024/CVE-2024-38821.md @@ -0,0 +1,19 @@ +### [CVE-2024-38821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38821) +![](https://img.shields.io/static/v1?label=Product&message=Spring&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's static resources support * It must have a non-permitAll authorization rule applied to the static resources support + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/masa42/CVE-2024-38821-POC +- https://github.com/mouadk/cve-2024-38821 +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-38827.md b/2024/CVE-2024-38827.md new file mode 100644 index 0000000000..35f83a698c --- /dev/null +++ b/2024/CVE-2024-38827.md @@ -0,0 +1,17 @@ +### [CVE-2024-38827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38827) +![](https://img.shields.io/static/v1?label=Product&message=Spring%20Security&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.7.0%20-%205.7.13%2C%205.8.0%20-%205.8.15%2C%206.0.0%20-%206.0.13%2C%206.1.0%20-%206.1.11%2C%206.2.0%20-%206.2.7%2C%206.3.0%20-%206.3.4%2C%20Older%20unsupported%20versions%20are%20also%20affected%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639&color=brighgreen) + +### Description + +The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-38828.md b/2024/CVE-2024-38828.md new file mode 100644 index 0000000000..b15806cbb8 --- /dev/null +++ b/2024/CVE-2024-38828.md @@ -0,0 +1,22 @@ +### [CVE-2024-38828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38828) +![](https://img.shields.io/static/v1?label=Product&message=Spring&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/First-Roman/sprig-mvc-demo-patch +- https://github.com/funcid/CVE-2024-38828 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/swarathesh/AI-Experts +- https://github.com/topilov/axiom-jdk +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-38829.md b/2024/CVE-2024-38829.md new file mode 100644 index 0000000000..56421196aa --- /dev/null +++ b/2024/CVE-2024-38829.md @@ -0,0 +1,17 @@ +### [CVE-2024-38829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38829) +![](https://img.shields.io/static/v1?label=Product&message=Spring%20LDAP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-178&color=brighgreen) + +### Description + +A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queriedRelated to CVE-2024-38820 https://spring.io/security/cve-2024-38820 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-38830.md b/2024/CVE-2024-38830.md new file mode 100644 index 0000000000..ff71eb6894 --- /dev/null +++ b/2024/CVE-2024-38830.md @@ -0,0 +1,17 @@ +### [CVE-2024-38830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38830) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Aria%20Operations&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.x%3C%208.18.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/thiscodecc/thiscodecc + diff --git a/2024/CVE-2024-38831.md b/2024/CVE-2024-38831.md new file mode 100644 index 0000000000..d8cf8e75bc --- /dev/null +++ b/2024/CVE-2024-38831.md @@ -0,0 +1,17 @@ +### [CVE-2024-38831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38831) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Aria%20Operations&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.x%3C%208.18.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/thiscodecc/thiscodecc + diff --git a/2024/CVE-2024-38856.md b/2024/CVE-2024-38856.md index 70af0ed0c5..f6f872966d 100644 --- a/2024/CVE-2024-38856.md +++ b/2024/CVE-2024-38856.md @@ -13,16 +13,52 @@ Incorrect Authorization vulnerability in Apache OFBiz.This issue affects Apache No PoCs from references. #### Github +- https://github.com/0x20c/CVE-2024-38856-EXP +- https://github.com/12442RF/POC - https://github.com/20142995/nuclei-templates +- https://github.com/AlissonFaoli/Apache-OFBiz-Exploit +- https://github.com/BBD-YZZ/CVE-2024-38856-RCE +- https://github.com/Co5mos/nuclei-tps +- https://github.com/DMW11525708/wiki +- https://github.com/DoTTak/Apache-OFBiz-1-Day-Analysis +- https://github.com/FakesiteSecurity/CVE-2024-38856_Scen +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV +- https://github.com/Praison001/CVE-2024-38856-ApacheOfBiz - https://github.com/RacerZ-fighting/CVE-2024-32113-POC - https://github.com/RacerZ-fighting/RacerZ-fighting +- https://github.com/Tamerabdalrazaq/Linux-Stateful-Firewall +- https://github.com/ThatNotEasy/CVE-2024-38856 +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/XiaomingX/cve-2024-38856-poc +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/emanueldosreis/CVE-2024-38856 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/guinea-offensive-security/Ofbiz-RCE +- https://github.com/hsvhora/research_blogs +- https://github.com/iemotion/POC +- https://github.com/ismailmazumder/SL7CVELabsBuilder - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main +- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance - https://github.com/qiuluo-oss/Tiger +- https://github.com/securelayer7/CVE-2024-38856_Scanner +- https://github.com/securelayer7/Research - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-38871.md b/2024/CVE-2024-38871.md new file mode 100644 index 0000000000..1722098f1f --- /dev/null +++ b/2024/CVE-2024-38871.md @@ -0,0 +1,18 @@ +### [CVE-2024-38871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38871) +![](https://img.shields.io/static/v1?label=Product&message=Exchange%20Reporter%20Plus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205717%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/minhgalaxy/CVE +- https://github.com/minhgalaxy/minhgalaxy + diff --git a/2024/CVE-2024-3899.md b/2024/CVE-2024-3899.md new file mode 100644 index 0000000000..08d4bce42e --- /dev/null +++ b/2024/CVE-2024-3899.md @@ -0,0 +1,17 @@ +### [CVE-2024-3899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3899) +![](https://img.shields.io/static/v1?label=Product&message=Gallery%20Plugin%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.8.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e3afadda-4d9a-4a51-b744-10de7d8d8578/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38998.md b/2024/CVE-2024-38998.md index 5131def560..518a5ee3bd 100644 --- a/2024/CVE-2024-38998.md +++ b/2024/CVE-2024-38998.md @@ -1,11 +1,11 @@ ### [CVE-2024-38998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38998) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. ### POC @@ -13,5 +13,6 @@ jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the - https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a #### Github -No PoCs found on GitHub currently. +- https://github.com/cesarbtakeda/PP_CVE-2024-38998 +- https://github.com/z3ldr1/PP_CVE-2024-38998 diff --git a/2024/CVE-2024-38999.md b/2024/CVE-2024-38999.md index 8b77d9e6c7..4ea01f0f1c 100644 --- a/2024/CVE-2024-38999.md +++ b/2024/CVE-2024-38999.md @@ -13,5 +13,5 @@ jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the - https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a #### Github -No PoCs found on GitHub currently. +- https://github.com/spashx/cyclonedx2cytoscape diff --git a/2024/CVE-2024-3900.md b/2024/CVE-2024-3900.md new file mode 100644 index 0000000000..f49c05eace --- /dev/null +++ b/2024/CVE-2024-3900.md @@ -0,0 +1,17 @@ +### [CVE-2024-3900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3900) +![](https://img.shields.io/static/v1?label=Product&message=Xpdf&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%204.05%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fr0m1s9/fr0m1s9 + diff --git a/2024/CVE-2024-3901.md b/2024/CVE-2024-3901.md new file mode 100644 index 0000000000..2d7909f10c --- /dev/null +++ b/2024/CVE-2024-3901.md @@ -0,0 +1,17 @@ +### [CVE-2024-3901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3901) +![](https://img.shields.io/static/v1?label=Product&message=Genesis%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9502e1ac-346e-4431-90a6-61143d2df37b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39027.md b/2024/CVE-2024-39027.md index 5452b8e3e9..dba4bbe2d6 100644 --- a/2024/CVE-2024-39027.md +++ b/2024/CVE-2024-39027.md @@ -13,5 +13,5 @@ SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability - https://github.com/seacms-net/CMS/issues/17 #### Github -No PoCs found on GitHub currently. +- https://github.com/nn0nkey/mytools diff --git a/2024/CVE-2024-39031.md b/2024/CVE-2024-39031.md index 41777a9159..8c5031b13c 100644 --- a/2024/CVE-2024-39031.md +++ b/2024/CVE-2024-39031.md @@ -14,4 +14,5 @@ In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and ad #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/toneemarqus/CVE-2024-39031 diff --git a/2024/CVE-2024-3905.md b/2024/CVE-2024-3905.md index 4cb13690c0..592509f38d 100644 --- a/2024/CVE-2024-3905.md +++ b/2024/CVE-2024-3905.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been classified a #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-3906.md b/2024/CVE-2024-3906.md index c55b229f97..7bf0c66b3e 100644 --- a/2024/CVE-2024-3906.md +++ b/2024/CVE-2024-3906.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-39069.md b/2024/CVE-2024-39069.md index 917aa2e566..4702ae288a 100644 --- a/2024/CVE-2024-39069.md +++ b/2024/CVE-2024-39069.md @@ -14,5 +14,6 @@ An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers - https://youtu.be/oMIobV2M0T8 #### Github +- https://github.com/AungSoePaing/CVE-2024-39069 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3907.md b/2024/CVE-2024-3907.md index 6ada072b98..7f79df83c9 100644 --- a/2024/CVE-2024-3907.md +++ b/2024/CVE-2024-3907.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as cri #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-3908.md b/2024/CVE-2024-3908.md index 62030e744f..c72fd84762 100644 --- a/2024/CVE-2024-3908.md +++ b/2024/CVE-2024-3908.md @@ -14,4 +14,5 @@ A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(130 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-39081.md b/2024/CVE-2024-39081.md new file mode 100644 index 0000000000..ca6313602e --- /dev/null +++ b/2024/CVE-2024-39081.md @@ -0,0 +1,18 @@ +### [CVE-2024-39081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39081) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Amirasaiyad/BLE-TPMS +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-3909.md b/2024/CVE-2024-3909.md index 6f4bf141e2..6de859adeb 100644 --- a/2024/CVE-2024-3909.md +++ b/2024/CVE-2024-3909.md @@ -15,4 +15,5 @@ A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). A #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-39090.md b/2024/CVE-2024-39090.md index fa657c3e7a..d4b2dc28c2 100644 --- a/2024/CVE-2024-39090.md +++ b/2024/CVE-2024-39090.md @@ -14,4 +14,5 @@ The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerabili #### Github - https://github.com/arijitdirghangi/arijitdirghangi +- https://github.com/ghostwirez/CVE-2024-39090-PoC diff --git a/2024/CVE-2024-39091.md b/2024/CVE-2024-39091.md index 330be15626..108095295b 100644 --- a/2024/CVE-2024-39091.md +++ b/2024/CVE-2024-39091.md @@ -13,5 +13,5 @@ An OS command injection vulnerability in the ccm_debug component of MIPC Camera - https://joerngermany.github.io/mipc_vulnerability/ #### Github -No PoCs found on GitHub currently. +- https://github.com/joerngermany/mipc_vulnerability diff --git a/2024/CVE-2024-39094.md b/2024/CVE-2024-39094.md new file mode 100644 index 0000000000..73df0b13bd --- /dev/null +++ b/2024/CVE-2024-39094.md @@ -0,0 +1,17 @@ +### [CVE-2024-39094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39094) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Devilx86/friendica-xss-worm + diff --git a/2024/CVE-2024-3910.md b/2024/CVE-2024-3910.md index 2f97a2a0d8..e57bc2e948 100644 --- a/2024/CVE-2024-3910.md +++ b/2024/CVE-2024-3910.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, has been found in Tenda AC500 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-39119.md b/2024/CVE-2024-39119.md index cc28c76f2a..e62005a983 100644 --- a/2024/CVE-2024-39119.md +++ b/2024/CVE-2024-39119.md @@ -13,5 +13,5 @@ idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via a - https://github.com/2477231995/cms/blob/main/1.md #### Github -No PoCs found on GitHub currently. +- https://github.com/phtcloud-dev/CVE-2024-39199 diff --git a/2024/CVE-2024-39123.md b/2024/CVE-2024-39123.md index 05085ff553..ce09eca4c2 100644 --- a/2024/CVE-2024-39123.md +++ b/2024/CVE-2024-39123.md @@ -13,5 +13,6 @@ In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vuln - https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123 #### Github -No PoCs found on GitHub currently. +- https://github.com/FelinaeBlanc/CVE_2024_39123 +- https://github.com/theexploiters/CVE-2024-39123-Exploit diff --git a/2024/CVE-2024-39178.md b/2024/CVE-2024-39178.md new file mode 100644 index 0000000000..a654989754 --- /dev/null +++ b/2024/CVE-2024-39178.md @@ -0,0 +1,18 @@ +### [CVE-2024-39178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39178) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul + diff --git a/2024/CVE-2024-39205.md b/2024/CVE-2024-39205.md new file mode 100644 index 0000000000..641ccbeff0 --- /dev/null +++ b/2024/CVE-2024-39205.md @@ -0,0 +1,18 @@ +### [CVE-2024-39205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39205) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Marven11/CVE-2024-39205-Pyload-RCE +- https://github.com/Marven11/Marven11 + diff --git a/2024/CVE-2024-39210.md b/2024/CVE-2024-39210.md index bfbba45adc..9a52763552 100644 --- a/2024/CVE-2024-39210.md +++ b/2024/CVE-2024-39210.md @@ -13,5 +13,6 @@ Best House Rental Management System v1.0 was discovered to contain an arbitrary No PoCs from references. #### Github +- https://github.com/KRookieSec/CVE-2024-39210 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39211.md b/2024/CVE-2024-39211.md index 941633a75d..f0cead89b7 100644 --- a/2024/CVE-2024-39211.md +++ b/2024/CVE-2024-39211.md @@ -13,5 +13,6 @@ Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted No PoCs from references. #### Github +- https://github.com/artemy-ccrsky/CVE-2024-39211 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3922.md b/2024/CVE-2024-3922.md index c07dfc1e02..84eb0d7654 100644 --- a/2024/CVE-2024-3922.md +++ b/2024/CVE-2024-3922.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/truonghuuphuc/CVE-2024-3922-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-39220.md b/2024/CVE-2024-39220.md new file mode 100644 index 0000000000..f966053539 --- /dev/null +++ b/2024/CVE-2024-39220.md @@ -0,0 +1,17 @@ +### [CVE-2024-39220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39220) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DrieVlad/BAS-IP-vulnerabilities + diff --git a/2024/CVE-2024-39248.md b/2024/CVE-2024-39248.md index 0e4f2507fc..7dc6389e92 100644 --- a/2024/CVE-2024-39248.md +++ b/2024/CVE-2024-39248.md @@ -14,5 +14,6 @@ A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to e - https://packetstormsecurity.com/files/179219 #### Github +- https://github.com/jasonthename/CVE-2024-39248 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39250.md b/2024/CVE-2024-39250.md index 9bd765acbe..08d581de3d 100644 --- a/2024/CVE-2024-39250.md +++ b/2024/CVE-2024-39250.md @@ -13,5 +13,6 @@ EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injectio - https://github.com/efrann/CVE-2024-39250 #### Github +- https://github.com/efrann/CVE-2024-39250 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39282.md b/2024/CVE-2024-39282.md new file mode 100644 index 0000000000..a4e69b9004 --- /dev/null +++ b/2024/CVE-2024-39282.md @@ -0,0 +1,17 @@ +### [CVE-2024-39282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39282) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=13e920d93e37fcaef4a9309515798a3cae9dcf19%3C%20b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net: wwan: t7xx: Fix FSM command timeout issueWhen driver processes the internal state change command, it use anasynchronous thread to process the command operation. If the mainthread detects that the task has timed out, the asynchronous threadwill panic when executing the completion notification because themain thread completion object has been released.BUG: unable to handle page fault for address: fffffffffffffff8PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0Oops: 0000 [#1] PREEMPT SMP NOPTIRIP: 0010:complete_all+0x3e/0xa0[...]Call Trace: ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x69/0xa0 ? asm_exc_page_fault+0x22/0x30 ? complete_all+0x3e/0xa0 fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xd8/0x110 ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)] ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 [...]CR2: fffffffffffffff8---[ end trace 0000000000000000 ]---Use the reference counter to ensure safe release as Sergey suggests:https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/ + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oogasawa/Utility-security + diff --git a/2024/CVE-2024-3930.md b/2024/CVE-2024-3930.md new file mode 100644 index 0000000000..dab96d6ca2 --- /dev/null +++ b/2024/CVE-2024-3930.md @@ -0,0 +1,17 @@ +### [CVE-2024-3930](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3930) +![](https://img.shields.io/static/v1?label=Product&message=Akana%20API%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%202024.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SUKLYA4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39304.md b/2024/CVE-2024-39304.md index 7065648146..4ef53bbbfe 100644 --- a/2024/CVE-2024-39304.md +++ b/2024/CVE-2024-39304.md @@ -13,5 +13,6 @@ ChurchCRM is an open-source church management system. Versions of the applicatio - https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9 #### Github +- https://github.com/apena-ba/CVE-2024-39304 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39306.md b/2024/CVE-2024-39306.md index e2d8ac1c07..4efc54ace2 100644 --- a/2024/CVE-2024-39306.md +++ b/2024/CVE-2024-39306.md @@ -13,5 +13,6 @@ No PoCs from references. #### Github +- https://github.com/apena-ba/CVE-2024-39306 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39321.md b/2024/CVE-2024-39321.md index de0cd81edc..4ed47f5ab9 100644 --- a/2024/CVE-2024-39321.md +++ b/2024/CVE-2024-39321.md @@ -13,5 +13,5 @@ Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3. - https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9 #### Github -No PoCs found on GitHub currently. +- https://github.com/MWedl/http3-ip-spoofing diff --git a/2024/CVE-2024-39332.md b/2024/CVE-2024-39332.md new file mode 100644 index 0000000000..271c0103f6 --- /dev/null +++ b/2024/CVE-2024-39332.md @@ -0,0 +1,17 @@ +### [CVE-2024-39332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39332) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. + +### POC + +#### Reference +- https://herolab.usd.de/security-advisories/usd-2024-0008/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39338.md b/2024/CVE-2024-39338.md new file mode 100644 index 0000000000..abc5daf390 --- /dev/null +++ b/2024/CVE-2024-39338.md @@ -0,0 +1,19 @@ +### [CVE-2024-39338](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39338) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DripEmail/drip-nodejs +- https://github.com/squidx232/loadtest +- https://github.com/tdonaworth/axios-ssrf + diff --git a/2024/CVE-2024-39343.md b/2024/CVE-2024-39343.md new file mode 100644 index 0000000000..31bf96c121 --- /dev/null +++ b/2024/CVE-2024-39343.md @@ -0,0 +1,17 @@ +### [CVE-2024-39343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39343) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/N3vv/N3vv + diff --git a/2024/CVE-2024-39345.md b/2024/CVE-2024-39345.md index f9c32d6e10..08c028329f 100644 --- a/2024/CVE-2024-39345.md +++ b/2024/CVE-2024-39345.md @@ -5,7 +5,7 @@ ### Description -AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. +AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1. ### POC @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/actuator/cve +- https://github.com/adminlove520/CyberIntelSearch diff --git a/2024/CVE-2024-39406.md b/2024/CVE-2024-39406.md index 5109aeba8f..c8b5255816 100644 --- a/2024/CVE-2024-39406.md +++ b/2024/CVE-2024-39406.md @@ -5,7 +5,7 @@ ### Description -Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. ### POC diff --git a/2024/CVE-2024-39408.md b/2024/CVE-2024-39408.md index 95bd207556..c8601064c7 100644 --- a/2024/CVE-2024-39408.md +++ b/2024/CVE-2024-39408.md @@ -5,7 +5,7 @@ ### Description -Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. ### POC diff --git a/2024/CVE-2024-39409.md b/2024/CVE-2024-39409.md index 0de41ebb3c..d74b5a1bd0 100644 --- a/2024/CVE-2024-39409.md +++ b/2024/CVE-2024-39409.md @@ -5,7 +5,7 @@ ### Description -Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. ### POC diff --git a/2024/CVE-2024-39410.md b/2024/CVE-2024-39410.md index 32c512080d..b5868ed939 100644 --- a/2024/CVE-2024-39410.md +++ b/2024/CVE-2024-39410.md @@ -5,7 +5,7 @@ ### Description -Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction. ### POC diff --git a/2024/CVE-2024-39412.md b/2024/CVE-2024-39412.md index 6a4670dafe..39cdd85081 100644 --- a/2024/CVE-2024-39412.md +++ b/2024/CVE-2024-39412.md @@ -5,7 +5,7 @@ ### Description -Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. +Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction. ### POC diff --git a/2024/CVE-2024-39479.md b/2024/CVE-2024-39479.md new file mode 100644 index 0000000000..043d372cc8 --- /dev/null +++ b/2024/CVE-2024-39479.md @@ -0,0 +1,18 @@ +### [CVE-2024-39479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39479) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20cfa73607eb21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/i915/hwmon: Get rid of devmWhen both hwmon and hwmon drvdata (on which hwmon depends) are devicemanaged resources, the expectation, on device unbind, is that hwmon will bereleased before drvdata. However, in i915 there are two separate codepaths, which both release either drvdata or hwmon and either can bereleased before the other. These code paths (for device unbind) are asfollows (see also the bug referenced below):Call Trace:release_nodes+0x11/0x70devres_release_group+0xb2/0x110component_unbind_all+0x8d/0xa0component_del+0xa5/0x140intel_pxp_tee_component_fini+0x29/0x40 [i915]intel_pxp_fini+0x33/0x80 [i915]i915_driver_remove+0x4c/0x120 [i915]i915_pci_remove+0x19/0x30 [i915]pci_device_remove+0x32/0xa0device_release_driver_internal+0x19c/0x200unbind_store+0x9c/0xb0andCall Trace:release_nodes+0x11/0x70devres_release_all+0x8a/0xc0device_unbind_cleanup+0x9/0x70device_release_driver_internal+0x1c1/0x200unbind_store+0x9c/0xb0This means that in i915, if use devm, we cannot gurantee that hwmon willalways be released before drvdata. Which means that we have a uaf if hwmonsysfs is accessed when drvdata has been released but hwmon hasn't.The only way out of this seems to be do get rid of devm_ and release/freeeverything explicitly during device unbind.v2: Change commit message and other minor code changesv3: Cleanup from i915_hwmon_register on error (Armin Wolf)v4: Eliminate potential static analyzer warning (Rodrigo) Eliminate fetch_and_zero (Jani)v5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-39487.md b/2024/CVE-2024-39487.md new file mode 100644 index 0000000000..073a360fad --- /dev/null +++ b/2024/CVE-2024-39487.md @@ -0,0 +1,17 @@ +### [CVE-2024-39487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=f9de11a16594%3C%206a8a4fd082c4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()In function bond_option_arp_ip_targets_set(), if newval->string is anempty string, newval->string+1 will point to the byte after thestring, causing an out-of-bound read.BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b---[ end trace ]---Fix it by adding a check of string length before using it. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/takaaki-fukunaga/cvechecker + diff --git a/2024/CVE-2024-39503.md b/2024/CVE-2024-39503.md new file mode 100644 index 0000000000..fb7eafb69f --- /dev/null +++ b/2024/CVE-2024-39503.md @@ -0,0 +1,17 @@ +### [CVE-2024-39503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39503) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=c7f2733e5011%3C%20c0761d1f1ce1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:netfilter: ipset: Fix race between namespace cleanup and gc in the list:set typeLion Ackermann reported that there is a race condition between namespace cleanupin ipset and the garbage collection of the list:set type. The namespacecleanup can destroy the list:set type of sets while the gc of the set type iswaiting to run in rcu cleanup. The latter uses data from the destroyed set whichthus leads use after free. The patch contains the following parts:- When destroying all sets, first remove the garbage collectors, then wait if needed and then destroy the sets.- Fix the badly ordered "wait then remove gc" for the destroy a single set case.- Fix the missing rcu locking in the list:set type in the userspace test case.- Use proper RCU list handlings in the list:set type.The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Vn78/vn78p + diff --git a/2024/CVE-2024-39508.md b/2024/CVE-2024-39508.md new file mode 100644 index 0000000000..6728af14ab --- /dev/null +++ b/2024/CVE-2024-39508.md @@ -0,0 +1,18 @@ +### [CVE-2024-39508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39508) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20ab702c3483db%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:io_uring/io-wq: Use set_bit() and test_bit() at worker->flagsUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wqto address potential data races.The structure io_worker->flags may be accessed through various datapaths, leading to concurrency issues. When KCSAN is enabled, it revealsdata races occurring in io_worker_handle_work andio_wq_activate_free_worker functions. BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28: io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569) io_wq_worker (io_uring/io-wq.c:?) read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5: io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285) io_wq_enqueue (io_uring/io-wq.c:947) io_queue_iowq (io_uring/io_uring.c:524) io_req_task_submit (io_uring/io_uring.c:1511) io_handle_tw_list (io_uring/io_uring.c:1198)Line numbers against commit 18daea77cca6 ("Merge tag 'for-linus' ofgit://git.kernel.org/pub/scm/virt/kvm/kvm").These races involve writes and reads to the same memory location bydifferent tasks running on different CPUs. To mitigate this, refactorthe code to use atomic operations such as set_bit(), test_bit(), andclear_bit() instead of basic "and" and "or" operations. This ensuresthread-safe manipulation of worker flags.Also, move `create_index` to avoid holes in the structure. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-39549.md b/2024/CVE-2024-39549.md index bf971ca8ea..791144f741 100644 --- a/2024/CVE-2024-39549.md +++ b/2024/CVE-2024-39549.md @@ -7,7 +7,7 @@ ### Description -A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).Memory utilization could be monitored by: user@host> show system memory or show system monitor memory statusThis issue affects:Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO.Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO. +A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).Memory utilization could be monitored by: user@host> show system memory or show system monitor memory statusThis issue affects:Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2.Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO. ### POC diff --git a/2024/CVE-2024-39573.md b/2024/CVE-2024-39573.md new file mode 100644 index 0000000000..da59bf57ba --- /dev/null +++ b/2024/CVE-2024-39573.md @@ -0,0 +1,22 @@ +### [CVE-2024-39573](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.Users are recommended to upgrade to version 2.4.60, which fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GhostTroops/TOP +- https://github.com/NeoOniX/5ATTACK +- https://github.com/Y09a514/Test-Apache-Vulnerability +- https://github.com/kennyHuang1110/apache-confusion-scanner +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/mrmtwoj/apache-vulnerability-testing + diff --git a/2024/CVE-2024-39610.md b/2024/CVE-2024-39610.md new file mode 100644 index 0000000000..917e8ca2bc --- /dev/null +++ b/2024/CVE-2024-39610.md @@ -0,0 +1,18 @@ +### [CVE-2024-39610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39610) +![](https://img.shields.io/static/v1?label=Product&message=FitNesse&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20releases%20prior%20to%2020241026%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20scripting%20(XSS)&color=brighgreen) + +### Description + +Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Wala-Alnozmai/SVD-Benchmark +- https://github.com/oananbeh/LLM-Java-SVR-Benchmark + diff --git a/2024/CVE-2024-39614.md b/2024/CVE-2024-39614.md index acb1400e38..e8af7fc3d1 100644 --- a/2024/CVE-2024-39614.md +++ b/2024/CVE-2024-39614.md @@ -13,5 +13,6 @@ An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_su No PoCs from references. #### Github +- https://github.com/Abdurahmon3236/-CVE-2024-39614 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39639.md b/2024/CVE-2024-39639.md new file mode 100644 index 0000000000..2666909d7e --- /dev/null +++ b/2024/CVE-2024-39639.md @@ -0,0 +1,17 @@ +### [CVE-2024-39639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39639) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20File%20Upload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Broken%20Access%20Control&color=brighgreen) + +### Description + +Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39640.md b/2024/CVE-2024-39640.md new file mode 100644 index 0000000000..e949b11c36 --- /dev/null +++ b/2024/CVE-2024-39640.md @@ -0,0 +1,17 @@ +### [CVE-2024-39640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39640) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Social%20Feed%20Gallery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39650.md b/2024/CVE-2024-39650.md new file mode 100644 index 0000000000..4c03d9c25a --- /dev/null +++ b/2024/CVE-2024-39650.md @@ -0,0 +1,17 @@ +### [CVE-2024-39650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39650) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20PDF%20Vouchers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39654.md b/2024/CVE-2024-39654.md new file mode 100644 index 0000000000..2fab4e8ca7 --- /dev/null +++ b/2024/CVE-2024-39654.md @@ -0,0 +1,17 @@ +### [CVE-2024-39654](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39654) +![](https://img.shields.io/static/v1?label=Product&message=Sign-up%20Sheets&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Fetch Designs Sign-up Sheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sign-up Sheets: from n/a through 2.2.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39664.md b/2024/CVE-2024-39664.md new file mode 100644 index 0000000000..f146210404 --- /dev/null +++ b/2024/CVE-2024-39664.md @@ -0,0 +1,17 @@ +### [CVE-2024-39664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39664) +![](https://img.shields.io/static/v1?label=Product&message=Filter%20%26%20Grids&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-39689.md b/2024/CVE-2024-39689.md index 658e19ab2c..06e08bc315 100644 --- a/2024/CVE-2024-39689.md +++ b/2024/CVE-2024-39689.md @@ -1,11 +1,11 @@ ### [CVE-2024-39689](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39689) ![](https://img.shields.io/static/v1?label=Product&message=python-certifi&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202021.05.30%2C%20%3C%202024.07.04%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202021.5.30%2C%20%3C%202024.7.4%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%3A%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen) ### Description -Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues." +Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues." ### POC diff --git a/2024/CVE-2024-39694.md b/2024/CVE-2024-39694.md index 2333b05b5d..f8357b9806 100644 --- a/2024/CVE-2024-39694.md +++ b/2024/CVE-2024-39694.md @@ -13,5 +13,12 @@ Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET C No PoCs from references. #### Github +- https://github.com/ArcherTrister/IdentityServer4 +- https://github.com/Evolutionary-Networking-Designs/IdentityServer4-Modernization - https://github.com/IdentityServer/IdentityServer4 +- https://github.com/IkerCelorrio/IdentityServer4Fork +- https://github.com/VC-P10/IdentityServer4 +- https://github.com/gndev-vn/IdentityServer +- https://github.com/joshuanicol89/IdentityServer4 +- https://github.com/skoruba/Duende.IdentityServer.Admin diff --git a/2024/CVE-2024-39698.md b/2024/CVE-2024-39698.md new file mode 100644 index 0000000000..77e628edb9 --- /dev/null +++ b/2024/CVE-2024-39698.md @@ -0,0 +1,17 @@ +### [CVE-2024-39698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39698) +![](https://img.shields.io/static/v1?label=Product&message=electron-builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%206.3.0-alpha.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-154%3A%20Improper%20Neutralization%20of%20Variable%20Name%20Delimiters&color=brighgreen) + +### Description + +electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DutchErwin/electron-channel-doctor + diff --git a/2024/CVE-2024-39700.md b/2024/CVE-2024-39700.md index b659725671..4d0df4468b 100644 --- a/2024/CVE-2024-39700.md +++ b/2024/CVE-2024-39700.md @@ -13,5 +13,6 @@ JupyterLab extension template is a `copier` template for JupyterLab extensions. No PoCs from references. #### Github +- https://github.com/LOURC0D3/CVE-2024-39700-PoC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39702.md b/2024/CVE-2024-39702.md new file mode 100644 index 0000000000..ff60b67780 --- /dev/null +++ b/2024/CVE-2024-39702.md @@ -0,0 +1,17 @@ +### [CVE-2024-39702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39702) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/XiaomingX/weekly + diff --git a/2024/CVE-2024-39704.md b/2024/CVE-2024-39704.md new file mode 100644 index 0000000000..7b6cdc867b --- /dev/null +++ b/2024/CVE-2024-39704.md @@ -0,0 +1,17 @@ +### [CVE-2024-39704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39704) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vabold/Melty-Blood-Actress-Again-Current-Code-Remote-Code-Execution + diff --git a/2024/CVE-2024-39713.md b/2024/CVE-2024-39713.md new file mode 100644 index 0000000000..ffde154b93 --- /dev/null +++ b/2024/CVE-2024-39713.md @@ -0,0 +1,17 @@ +### [CVE-2024-39713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39713) +![](https://img.shields.io/static/v1?label=Product&message=Rocket.Chat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.10.1%3C%206.10.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/typical-pashochek/CVE-2024-39713 + diff --git a/2024/CVE-2024-39717.md b/2024/CVE-2024-39717.md index fee5b52814..cf3b0d88b4 100644 --- a/2024/CVE-2024-39717.md +++ b/2024/CVE-2024-39717.md @@ -13,5 +13,8 @@ The Versa Director GUI provides an option to customize the look and feel of the No PoCs from references. #### Github +- https://github.com/FidgetCube/CTF_writeups - https://github.com/Ostorlab/KEV +- https://github.com/ahays248/VT_Viz +- https://github.com/lsbxa/VersaMemRule diff --git a/2024/CVE-2024-39719.md b/2024/CVE-2024-39719.md new file mode 100644 index 0000000000..9621a6c4b3 --- /dev/null +++ b/2024/CVE-2024-39719.md @@ -0,0 +1,22 @@ +### [CVE-2024-39719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39719) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the server. + +### POC + +#### Reference +- https://www.oligo.security/blog/more-models-more-probllms + +#### Github +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Threekiii/Awesome-POC +- https://github.com/dansarmiento/ollama_sql_runner +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/srcx404/CVE-2024-39719 +- https://github.com/wowtalon/LLM-Security + diff --git a/2024/CVE-2024-39720.md b/2024/CVE-2024-39720.md new file mode 100644 index 0000000000..90734538bd --- /dev/null +++ b/2024/CVE-2024-39720.md @@ -0,0 +1,18 @@ +### [CVE-2024-39720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39720) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file, the attacker can crash the application through the CreateModel route, leading to a segmentation fault (signal SIGSEGV: segmentation violation). + +### POC + +#### Reference +- https://oligo.security/blog/more-models-more-probllms + +#### Github +- https://github.com/datawhalechina/handy-ollama +- https://github.com/wowtalon/LLM-Security + diff --git a/2024/CVE-2024-39721.md b/2024/CVE-2024-39721.md new file mode 100644 index 0000000000..6c1c4f7dd7 --- /dev/null +++ b/2024/CVE-2024-39721.md @@ -0,0 +1,17 @@ +### [CVE-2024-39721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39721) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client). + +### POC + +#### Reference +- https://www.oligo.security/blog/more-models-more-probllms + +#### Github +- https://github.com/wowtalon/LLM-Security + diff --git a/2024/CVE-2024-39722.md b/2024/CVE-2024-39722.md new file mode 100644 index 0000000000..ffd759a9a5 --- /dev/null +++ b/2024/CVE-2024-39722.md @@ -0,0 +1,22 @@ +### [CVE-2024-39722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39722) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route. + +### POC + +#### Reference +- https://www.oligo.security/blog/more-models-more-probllms + +#### Github +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Threekiii/Awesome-POC +- https://github.com/dansarmiento/ollama_sql_runner +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/srcx404/CVE-2024-39722 +- https://github.com/wowtalon/LLM-Security + diff --git a/2024/CVE-2024-39766.md b/2024/CVE-2024-39766.md new file mode 100644 index 0000000000..203ee42437 --- /dev/null +++ b/2024/CVE-2024-39766.md @@ -0,0 +1,18 @@ +### [CVE-2024-39766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39766) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Neural%20Compressor%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%20v3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20neutralization%20of%20special%20elements%20used%20in%20SQL%20command&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sunriseXu/sunriseXu + diff --git a/2024/CVE-2024-39828.md b/2024/CVE-2024-39828.md index d2e82e1fe4..6202ff0603 100644 --- a/2024/CVE-2024-39828.md +++ b/2024/CVE-2024-39828.md @@ -14,5 +14,5 @@ R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-g - https://github.com/ggod2/sandboxels_xss_test/blob/main/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/ggod2/sandboxels_xss_test diff --git a/2024/CVE-2024-39838.md b/2024/CVE-2024-39838.md new file mode 100644 index 0000000000..a8099eab98 --- /dev/null +++ b/2024/CVE-2024-39838.md @@ -0,0 +1,17 @@ +### [CVE-2024-39838](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39838) +![](https://img.shields.io/static/v1?label=Product&message=ZWX-2000CSW2-HN&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20firmware%20versions%20prior%20to%20Ver.0.3.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Hard-coded%20Credentials&color=brighgreen) + +### Description + +ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device. + +### POC + +#### Reference +- https://www.zexelon.co.jp/pdf/jvn70666401.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39844.md b/2024/CVE-2024-39844.md index 8dc10b9791..164581abfb 100644 --- a/2024/CVE-2024-39844.md +++ b/2024/CVE-2024-39844.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ph1ns/CVE-2024-39844 diff --git a/2024/CVE-2024-39877.md b/2024/CVE-2024-39877.md index cfd66e7f93..7d4acc5abb 100644 --- a/2024/CVE-2024-39877.md +++ b/2024/CVE-2024-39877.md @@ -14,4 +14,8 @@ No PoCs from references. #### Github - https://github.com/ch4n3-yoon/ch4n3-yoon +- https://github.com/ismailmazumder/SL7CVELabsBuilder +- https://github.com/ricardojoserf/amazon-mwaa-RCE +- https://github.com/securelayer7/Research +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-39884.md b/2024/CVE-2024-39884.md index 2f0e943ce0..f56a9749df 100644 --- a/2024/CVE-2024-39884.md +++ b/2024/CVE-2024-39884.md @@ -13,5 +13,10 @@ A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the le No PoCs from references. #### Github +- https://github.com/NeoOniX/5ATTACK +- https://github.com/iliasfouskas/Thesis +- https://github.com/lekctut/sdb-hw-13-01 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pedr0alencar/vlab-metasploitable2 +- https://github.com/tmyymmt/docker-ansible-apache-tomcat-spring_boot diff --git a/2024/CVE-2024-39890.md b/2024/CVE-2024-39890.md new file mode 100644 index 0000000000..f0159bab40 --- /dev/null +++ b/2024/CVE-2024-39890.md @@ -0,0 +1,17 @@ +### [CVE-2024-39890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39890) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC (Call Control). This can lead to an Out-of-Bounds write. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/N3vv/N3vv + diff --git a/2024/CVE-2024-39894.md b/2024/CVE-2024-39894.md new file mode 100644 index 0000000000..a1f3954476 --- /dev/null +++ b/2024/CVE-2024-39894.md @@ -0,0 +1,17 @@ +### [CVE-2024-39894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39894) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. + +### POC + +#### Reference +- https://crzphil.github.io/posts/ssh-obfuscation-bypass/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39904.md b/2024/CVE-2024-39904.md index 0669af5ab4..08f363a72a 100644 --- a/2024/CVE-2024-39904.md +++ b/2024/CVE-2024-39904.md @@ -13,5 +13,5 @@ VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability - https://github.com/vnotex/vnote/security/advisories/GHSA-vhh5-8wcv-68gj #### Github -No PoCs found on GitHub currently. +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-39907.md b/2024/CVE-2024-39907.md index 6465d5bc2a..2f0b225745 100644 --- a/2024/CVE-2024-39907.md +++ b/2024/CVE-2024-39907.md @@ -13,5 +13,6 @@ - https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 #### Github -No PoCs found on GitHub currently. +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Threekiii/Awesome-POC diff --git a/2024/CVE-2024-39908.md b/2024/CVE-2024-39908.md index 7b45f54713..b33700f80c 100644 --- a/2024/CVE-2024-39908.md +++ b/2024/CVE-2024-39908.md @@ -13,5 +13,6 @@ No PoCs from references. #### Github +- https://github.com/SpiralBL0CK/CVE-2024-39908 - https://github.com/lifeparticle/Ruby-Cheatsheet diff --git a/2024/CVE-2024-39911.md b/2024/CVE-2024-39911.md index 39f4e14fd1..d375a142e1 100644 --- a/2024/CVE-2024-39911.md +++ b/2024/CVE-2024-39911.md @@ -10,9 +10,25 @@ ### POC #### Reference -No PoCs from references. +- https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-39912.md b/2024/CVE-2024-39912.md index 698579d0ff..57a11200b3 100644 --- a/2024/CVE-2024-39912.md +++ b/2024/CVE-2024-39912.md @@ -13,5 +13,5 @@ web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundl - https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-875x-g8p7-5w27 #### Github -No PoCs found on GitHub currently. +- https://github.com/hitoshura25/mpo-api-authn-server diff --git a/2024/CVE-2024-39914.md b/2024/CVE-2024-39914.md index 9aad92b432..c4e78af25f 100644 --- a/2024/CVE-2024-39914.md +++ b/2024/CVE-2024-39914.md @@ -13,6 +13,23 @@ FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5. - https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/9874621368/FOG-Project +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-39917.md b/2024/CVE-2024-39917.md new file mode 100644 index 0000000000..eb9ca420b5 --- /dev/null +++ b/2024/CVE-2024-39917.md @@ -0,0 +1,17 @@ +### [CVE-2024-39917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39917) +![](https://img.shields.io/static/v1?label=Product&message=xrdp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-307%3A%20Improper%20Restriction%20of%20Excessive%20Authentication%20Attempts&color=brighgreen) + +### Description + +xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EsselKobby/Virtual_Infosec_Africa_LAB + diff --git a/2024/CVE-2024-39922.md b/2024/CVE-2024-39922.md new file mode 100644 index 0000000000..035246e1a7 --- /dev/null +++ b/2024/CVE-2024-39922.md @@ -0,0 +1,32 @@ +### [CVE-2024-39922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39922) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%2012%2F24RCE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%2012%2F24RCEo&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%20230RCE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%20230RCEo&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%2024CE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%2024CEo&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%2024RCE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=LOGO!%2024RCEo&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%2012%2F24RCE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%2012%2F24RCEo&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%20230RCE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%20230RCEo&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%2024CE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%2024CEo&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%2024RCE&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20LOGO!%2024RCEo&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-256%3A%20Plaintext%20Storage%20of%20a%20Password&color=brighgreen) + +### Description + +A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/biero-el-corridor/Talk_Workshop_and_Chall_creation + diff --git a/2024/CVE-2024-39924.md b/2024/CVE-2024-39924.md new file mode 100644 index 0000000000..366d7b16f4 --- /dev/null +++ b/2024/CVE-2024-39924.md @@ -0,0 +1,18 @@ +### [CVE-2024-39924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39924) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/l4rm4nd/PoC-CVE-2024-39924 +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-39925.md b/2024/CVE-2024-39925.md new file mode 100644 index 0000000000..264f9e9b82 --- /dev/null +++ b/2024/CVE-2024-39925.md @@ -0,0 +1,17 @@ +### [CVE-2024-39925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39925) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data. + +### POC + +#### Reference +- https://www.mgm-sp.com/cve/missing-rotation-of-the-organization-key + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39929.md b/2024/CVE-2024-39929.md index e852716b66..5a47dae55b 100644 --- a/2024/CVE-2024-39929.md +++ b/2024/CVE-2024-39929.md @@ -13,6 +13,10 @@ Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus rem No PoCs from references. #### Github +- https://github.com/krlabs/eximsmtp-vulnerabilities +- https://github.com/michael-david-fry/CVE-2024-39929 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/rxerium/CVE-2024-39929 - https://github.com/rxerium/stars diff --git a/2024/CVE-2024-39930.md b/2024/CVE-2024-39930.md index 067da325c6..84ffc85cf6 100644 --- a/2024/CVE-2024-39930.md +++ b/2024/CVE-2024-39930.md @@ -13,5 +13,8 @@ The built-in SSH server of Gogs through 0.13.0 allows argument injection in inte - https://www.vicarius.io/vsociety/posts/argument-injection-in-gogs-ssh-server-cve-2024-39930 #### Github -No PoCs found on GitHub currently. +- https://github.com/alexander47777/-CVE-2024-39930 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/theMcSam/CVE-2024-39930-PoC +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-39943.md b/2024/CVE-2024-39943.md index 80a099e115..3584613986 100644 --- a/2024/CVE-2024-39943.md +++ b/2024/CVE-2024-39943.md @@ -13,6 +13,30 @@ rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS al No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AlienTec1908/Matrioshka_HackMyVM_Medium +- https://github.com/DMW11525708/wiki +- https://github.com/Heyholiday067/CVE-2024-39943-Poc +- https://github.com/JenmrR/Node.js-CVE-2024-39943 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/c1ph3rbyt3/ShodanSpider +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/tequilasunsh1ne/CVE_2024_39943 +- https://github.com/truonghuuphuc/CVE-2024-39943-Poc +- https://github.com/truonghuuphuc/Poc - https://github.com/wy876/POC diff --git a/2024/CVE-2024-3995.md b/2024/CVE-2024-3995.md new file mode 100644 index 0000000000..98bbe84264 --- /dev/null +++ b/2024/CVE-2024-3995.md @@ -0,0 +1,17 @@ +### [CVE-2024-3995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3995) +![](https://img.shields.io/static/v1?label=Product&message=Helix%20ALM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%202024.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. + +### POC + +#### Reference +- https://portal.perforce.com/s/detail/a91PA000001SU5pYAG + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3996.md b/2024/CVE-2024-3996.md new file mode 100644 index 0000000000..bba2116045 --- /dev/null +++ b/2024/CVE-2024-3996.md @@ -0,0 +1,17 @@ +### [CVE-2024-3996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3996) +![](https://img.shields.io/static/v1?label=Product&message=Smart%20Post%20Show&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.28%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Smart Post Show WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4035e3f9-89fe-49e1-8aa2-55ab3f1aa528/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4002.md b/2024/CVE-2024-4002.md new file mode 100644 index 0000000000..29ffc4e2ac --- /dev/null +++ b/2024/CVE-2024-4002.md @@ -0,0 +1,17 @@ +### [CVE-2024-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4002) +![](https://img.shields.io/static/v1?label=Product&message=Carousel%2C%20Slider%2C%20Gallery%20by%20WP%20Carousel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/298b51ec-afad-4bc1-968d-76c59e55fc05/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4004.md b/2024/CVE-2024-4004.md new file mode 100644 index 0000000000..b78cedb4b4 --- /dev/null +++ b/2024/CVE-2024-4004.md @@ -0,0 +1,17 @@ +### [CVE-2024-4004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4004) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Cron%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.5.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8e5e7040-b824-4af7-90a1-90801d12abb6/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40068.md b/2024/CVE-2024-40068.md new file mode 100644 index 0000000000..b5caec06fb --- /dev/null +++ b/2024/CVE-2024-40068.md @@ -0,0 +1,17 @@ +### [CVE-2024-40068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40068) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiliLearngent/BugReport + diff --git a/2024/CVE-2024-40069.md b/2024/CVE-2024-40069.md new file mode 100644 index 0000000000..1889226257 --- /dev/null +++ b/2024/CVE-2024-40069.md @@ -0,0 +1,17 @@ +### [CVE-2024-40069](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40069) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiliLearngent/BugReport + diff --git a/2024/CVE-2024-40070.md b/2024/CVE-2024-40070.md new file mode 100644 index 0000000000..71459fc2d3 --- /dev/null +++ b/2024/CVE-2024-40070.md @@ -0,0 +1,17 @@ +### [CVE-2024-40070](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40070) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiliLearngent/BugReport + diff --git a/2024/CVE-2024-40071.md b/2024/CVE-2024-40071.md new file mode 100644 index 0000000000..1f02471213 --- /dev/null +++ b/2024/CVE-2024-40071.md @@ -0,0 +1,17 @@ +### [CVE-2024-40071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40071) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiliLearngent/BugReport + diff --git a/2024/CVE-2024-40072.md b/2024/CVE-2024-40072.md new file mode 100644 index 0000000000..885db050e9 --- /dev/null +++ b/2024/CVE-2024-40072.md @@ -0,0 +1,17 @@ +### [CVE-2024-40072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40072) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiliLearngent/BugReport + diff --git a/2024/CVE-2024-40073.md b/2024/CVE-2024-40073.md new file mode 100644 index 0000000000..02162b0b6c --- /dev/null +++ b/2024/CVE-2024-40073.md @@ -0,0 +1,17 @@ +### [CVE-2024-40073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40073) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiliLearngent/BugReport + diff --git a/2024/CVE-2024-40074.md b/2024/CVE-2024-40074.md new file mode 100644 index 0000000000..1cf14ccf0f --- /dev/null +++ b/2024/CVE-2024-40074.md @@ -0,0 +1,17 @@ +### [CVE-2024-40074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40074) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiliLearngent/BugReport + diff --git a/2024/CVE-2024-40083.md b/2024/CVE-2024-40083.md new file mode 100644 index 0000000000..3ca76192b2 --- /dev/null +++ b/2024/CVE-2024-40083.md @@ -0,0 +1,17 @@ +### [CVE-2024-40083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40083) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40084.md b/2024/CVE-2024-40084.md new file mode 100644 index 0000000000..ee1f185d0c --- /dev/null +++ b/2024/CVE-2024-40084.md @@ -0,0 +1,17 @@ +### [CVE-2024-40084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40084) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40085.md b/2024/CVE-2024-40085.md new file mode 100644 index 0000000000..4ccd219dd4 --- /dev/null +++ b/2024/CVE-2024-40085.md @@ -0,0 +1,17 @@ +### [CVE-2024-40085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40085) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40086.md b/2024/CVE-2024-40086.md new file mode 100644 index 0000000000..776b04b85d --- /dev/null +++ b/2024/CVE-2024-40086.md @@ -0,0 +1,17 @@ +### [CVE-2024-40086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40086) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40087.md b/2024/CVE-2024-40087.md new file mode 100644 index 0000000000..4f8618f77c --- /dev/null +++ b/2024/CVE-2024-40087.md @@ -0,0 +1,17 @@ +### [CVE-2024-40087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40087) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40088.md b/2024/CVE-2024-40088.md new file mode 100644 index 0000000000..af0e1e24b2 --- /dev/null +++ b/2024/CVE-2024-40088.md @@ -0,0 +1,17 @@ +### [CVE-2024-40088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40088) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40089.md b/2024/CVE-2024-40089.md new file mode 100644 index 0000000000..9a9688285e --- /dev/null +++ b/2024/CVE-2024-40089.md @@ -0,0 +1,17 @@ +### [CVE-2024-40089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40089) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40090.md b/2024/CVE-2024-40090.md new file mode 100644 index 0000000000..fbf61409bf --- /dev/null +++ b/2024/CVE-2024-40090.md @@ -0,0 +1,17 @@ +### [CVE-2024-40090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40090) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40091.md b/2024/CVE-2024-40091.md new file mode 100644 index 0000000000..f1d0f2d20b --- /dev/null +++ b/2024/CVE-2024-40091.md @@ -0,0 +1,17 @@ +### [CVE-2024-40091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40091) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/byu-cybersecurity-research/vilo + diff --git a/2024/CVE-2024-40094.md b/2024/CVE-2024-40094.md new file mode 100644 index 0000000000..6c67514ee3 --- /dev/null +++ b/2024/CVE-2024-40094.md @@ -0,0 +1,17 @@ +### [CVE-2024-40094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40094) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kabiri-labs/CVE-2024-40094 + diff --git a/2024/CVE-2024-40110.md b/2024/CVE-2024-40110.md index 22c3043ebd..0746e4062f 100644 --- a/2024/CVE-2024-40110.md +++ b/2024/CVE-2024-40110.md @@ -13,5 +13,10 @@ Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated R - https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/ #### Github +- https://github.com/Abdurahmon3236/CVE-2024-40110 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/shacrony/redcock.py +- https://github.com/thiagosmith/CVE-2024-40110 +- https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0 diff --git a/2024/CVE-2024-40111.md b/2024/CVE-2024-40111.md new file mode 100644 index 0000000000..522758678c --- /dev/null +++ b/2024/CVE-2024-40111.md @@ -0,0 +1,18 @@ +### [CVE-2024-40111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40111) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the forum. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/theexploiters/CVE-2024-40111-Exploit +- https://github.com/w3bn00b3r/Stored-Cross-Site-Scripting-XSS---Automad-2.0.0-alpha.4 + diff --git a/2024/CVE-2024-40116.md b/2024/CVE-2024-40116.md index 954daea22c..d72f87532a 100644 --- a/2024/CVE-2024-40116.md +++ b/2024/CVE-2024-40116.md @@ -5,7 +5,7 @@ ### Description -An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files. +An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base. ### POC diff --git a/2024/CVE-2024-40117.md b/2024/CVE-2024-40117.md index 07424dd785..f06f7f00cf 100644 --- a/2024/CVE-2024-40117.md +++ b/2024/CVE-2024-40117.md @@ -5,7 +5,7 @@ ### Description -Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. +Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base. ### POC diff --git a/2024/CVE-2024-40119.md b/2024/CVE-2024-40119.md index 9e10071dc2..ffc5b10938 100644 --- a/2024/CVE-2024-40119.md +++ b/2024/CVE-2024-40119.md @@ -13,5 +13,6 @@ Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 No PoCs from references. #### Github +- https://github.com/baroi-ai/nepstech-xpon-router-CVE-2024-40119 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-40137.md b/2024/CVE-2024-40137.md index e3cde88589..c6ecd0b3f3 100644 --- a/2024/CVE-2024-40137.md +++ b/2024/CVE-2024-40137.md @@ -13,5 +13,5 @@ Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code ex - https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-40137 #### Github -No PoCs found on GitHub currently. +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-40239.md b/2024/CVE-2024-40239.md new file mode 100644 index 0000000000..9cae8196e3 --- /dev/null +++ b/2024/CVE-2024-40239.md @@ -0,0 +1,17 @@ +### [CVE-2024-40239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40239) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/FpAuth/FpAuthAnalysis + diff --git a/2024/CVE-2024-4024.md b/2024/CVE-2024-4024.md index c85d80b50d..ae45f86f9d 100644 --- a/2024/CVE-2024-4024.md +++ b/2024/CVE-2024-4024.md @@ -1,7 +1,7 @@ ### [CVE-2024-4024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4024) ![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=7.8%3C%2016.9.6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-302%3A%20Authentication%20Bypass%20by%20Assumed-Immutable%20Data&color=brighgreen) ### Description diff --git a/2024/CVE-2024-40240.md b/2024/CVE-2024-40240.md new file mode 100644 index 0000000000..6d2436a2c0 --- /dev/null +++ b/2024/CVE-2024-40240.md @@ -0,0 +1,17 @@ +### [CVE-2024-40240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40240) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/FpAuth/FpAuthAnalysis + diff --git a/2024/CVE-2024-4029.md b/2024/CVE-2024-4029.md index 02c8e98a88..222a2f22f8 100644 --- a/2024/CVE-2024-4029.md +++ b/2024/CVE-2024-4029.md @@ -1,11 +1,16 @@ ### [CVE-2024-4029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4029) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20on%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208.0%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208.0%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) diff --git a/2024/CVE-2024-40318.md b/2024/CVE-2024-40318.md index 1427b680aa..48428279e6 100644 --- a/2024/CVE-2024-40318.md +++ b/2024/CVE-2024-40318.md @@ -13,5 +13,6 @@ An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attacke No PoCs from references. #### Github +- https://github.com/3v1lC0d3/RCE-QloApps-CVE-2024-40318 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-4032.md b/2024/CVE-2024-4032.md index b60f35aa1b..ca2aaf19be 100644 --- a/2024/CVE-2024-4032.md +++ b/2024/CVE-2024-4032.md @@ -1,6 +1,6 @@ ### [CVE-2024-4032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032) ![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.12.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.8.20%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/GitHubForSnap/matrix-commander-gael +- https://github.com/Roldo97/cve-patching diff --git a/2024/CVE-2024-40324.md b/2024/CVE-2024-40324.md index bfd8a2a4a3..c4b8af09b4 100644 --- a/2024/CVE-2024-40324.md +++ b/2024/CVE-2024-40324.md @@ -13,5 +13,6 @@ A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carria No PoCs from references. #### Github +- https://github.com/aleksey-vi/CVE-2024-40324 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-40348.md b/2024/CVE-2024-40348.md index 2b3a051454..f82b826b17 100644 --- a/2024/CVE-2024-40348.md +++ b/2024/CVE-2024-40348.md @@ -13,7 +13,25 @@ An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthen No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/NingXin2002/Bazaar_poc +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/bigb0x/CVE-2024-40348 +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/qiuluo-oss/Tiger - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC diff --git a/2024/CVE-2024-4040.md b/2024/CVE-2024-4040.md index b3ee687d81..5604ba125d 100644 --- a/2024/CVE-2024-4040.md +++ b/2024/CVE-2024-4040.md @@ -14,28 +14,57 @@ A server side template injection vulnerability in CrushFTP in all versions befor - https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/0xN7y/CVE-2024-4040 +- https://github.com/12442RF/POC - https://github.com/1ncendium/CVE-2024-4040 +- https://github.com/AboSteam/POPC +- https://github.com/Ahmadam37/Enumeration +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mohammaddvd/CVE-2024-4040 - https://github.com/Mufti22/CVE-2024-4040 - https://github.com/Ostorlab/KEV - https://github.com/Praison001/CVE-2024-4040-CrushFTP-server - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC +- https://github.com/WhosGa/MyWiki - https://github.com/Y4tacker/JavaSec +- https://github.com/Yuan08o/pocs - https://github.com/absholi7ly/absholi7ly +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC - https://github.com/airbus-cert/CVE-2024-4040 +- https://github.com/art-of-defence/NSE +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote - https://github.com/entroychang/CVE-2024-4040 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/frontal1660/VanuatuForensic +- https://github.com/geniuszly/GenCrushSSTIExploit - https://github.com/getdrive/PoC - https://github.com/gotr00t0day/CVE-2024-4040 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed - https://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability - https://github.com/k3ppf0r/2024-PocLib +- https://github.com/laoa1573/wy876 - https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/olebris/CVE-2024-4040 +- https://github.com/pwnfuzz/POCs - https://github.com/qt2a23/CVE-2024-4040 +- https://github.com/rahisec/CVE-2024-4040 - https://github.com/rbih-boulanouar/CVE-2024-4040 +- https://github.com/rix4uni/CVE-Nuclei +- https://github.com/safeer-accuknox/CrushFTP-cve-2024-4040-poc - https://github.com/tanjiti/sec_profile +- https://github.com/tongchengbin/nuclei-sdk - https://github.com/toxyl/lscve - https://github.com/tr4c3rs/CVE-2024-4040-RCE-POC - https://github.com/tucommenceapousser/CVE-2024-4040-Scanner @@ -43,4 +72,5 @@ A server side template injection vulnerability in CrushFTP in all versions befor - https://github.com/wy876/POC - https://github.com/wy876/wiki - https://github.com/zgimszhd61/cve-exploit-collection-scanner +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-40420.md b/2024/CVE-2024-40420.md index 7dd0f08517..268010ffa6 100644 --- a/2024/CVE-2024-40420.md +++ b/2024/CVE-2024-40420.md @@ -1,11 +1,11 @@ ### [CVE-2024-40420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40420) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -A Server-Side Template Injection (SSTI) vulnerability in the edit theme function of openCart project v4.0.2.3 allows attackers to execute arbitrary code via injecting a crafted payload. +** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-36694. Reason: This record is a duplicate of CVE-2024-36694. Notes: All CVE users should reference CVE-2024-36694 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. ### POC diff --git a/2024/CVE-2024-40422.md b/2024/CVE-2024-40422.md index 4a81e5af6d..c475d8604f 100644 --- a/2024/CVE-2024-40422.md +++ b/2024/CVE-2024-40422.md @@ -10,9 +10,12 @@ The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stition ### POC #### Reference -No PoCs from references. +- https://medium.com/@alpernae/uncovering-path-traversal-in-devika-v1-a-deep-dive-into-cve-2024-40422-f8ce81398b99 #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/alpernae/vulnerability-research +- https://github.com/j3r1ch0123/CVE-2024-40422 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-40430.md b/2024/CVE-2024-40430.md index 64e4207d5e..0bf305b158 100644 --- a/2024/CVE-2024-40430.md +++ b/2024/CVE-2024-40430.md @@ -1,11 +1,11 @@ ### [CVE-2024-40430](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40430) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -** DISPUTED ** In SFTPGO 2.6.2, the JWT implementation lacks certain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. NOTE: The vendor argues that the prerequisite for this exploit is to be able to steal another user's cookie. Additionally, it is argued that SFTPGo validates cookies being used by the IP address it was issued to, so stolen cookies from different IP addresses will not work. +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. ### POC diff --git a/2024/CVE-2024-40431.md b/2024/CVE-2024-40431.md new file mode 100644 index 0000000000..0b507d3743 --- /dev/null +++ b/2024/CVE-2024-40431.md @@ -0,0 +1,18 @@ +### [CVE-2024-40431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40431) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user. + +### POC + +#### Reference +- https://zwclose.github.io/2024/10/14/rtsper1.html + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN +- https://github.com/zwclose/realteksd + diff --git a/2024/CVE-2024-40432.md b/2024/CVE-2024-40432.md new file mode 100644 index 0000000000..4f6e49a7a9 --- /dev/null +++ b/2024/CVE-2024-40432.md @@ -0,0 +1,17 @@ +### [CVE-2024-40432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40432) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SFFDISK_DEVICE_COMMAND control of the SD card reader driver allows a privileged attacker to crash the OS. + +### POC + +#### Reference +- https://zwclose.github.io/2024/10/14/rtsper1.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40433.md b/2024/CVE-2024-40433.md index 30959725e7..bbda2027df 100644 --- a/2024/CVE-2024-40433.md +++ b/2024/CVE-2024-40433.md @@ -13,5 +13,5 @@ Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker - https://github.com/yikaikkk/CookieShareInWebView/blob/master/README.md #### Github -No PoCs found on GitHub currently. +- https://github.com/NanZhao1512/SuperAppSec diff --git a/2024/CVE-2024-40443.md b/2024/CVE-2024-40443.md new file mode 100644 index 0000000000..b0c2704c54 --- /dev/null +++ b/2024/CVE-2024-40443.md @@ -0,0 +1,17 @@ +### [CVE-2024-40443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40443) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Yuma-Tsushima07/CVE-2024-40443 + diff --git a/2024/CVE-2024-40445.md b/2024/CVE-2024-40445.md new file mode 100644 index 0000000000..ffafabcd92 --- /dev/null +++ b/2024/CVE-2024-40445.md @@ -0,0 +1,19 @@ +### [CVE-2024-40445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40445) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446 +- https://github.com/TaiYou-TW/TaiYou-TW +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-40446.md b/2024/CVE-2024-40446.md new file mode 100644 index 0000000000..a733e00fb0 --- /dev/null +++ b/2024/CVE-2024-40446.md @@ -0,0 +1,19 @@ +### [CVE-2024-40446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40446) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446 +- https://github.com/TaiYou-TW/TaiYou-TW +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-40453.md b/2024/CVE-2024-40453.md new file mode 100644 index 0000000000..62de0fcd96 --- /dev/null +++ b/2024/CVE-2024-40453.md @@ -0,0 +1,20 @@ +### [CVE-2024-40453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40453) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/BwithE/CVE-2024-40453 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/shuciran/shuciran +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-40457.md b/2024/CVE-2024-40457.md new file mode 100644 index 0000000000..cbbef77a83 --- /dev/null +++ b/2024/CVE-2024-40457.md @@ -0,0 +1,17 @@ +### [CVE-2024-40457](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40457) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jeppojeps/CVE-2024-40457-PoC + diff --git a/2024/CVE-2024-40458.md b/2024/CVE-2024-40458.md new file mode 100644 index 0000000000..f73512deed --- /dev/null +++ b/2024/CVE-2024-40458.md @@ -0,0 +1,17 @@ +### [CVE-2024-40458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40458) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40459.md b/2024/CVE-2024-40459.md new file mode 100644 index 0000000000..6d73d730c0 --- /dev/null +++ b/2024/CVE-2024-40459.md @@ -0,0 +1,17 @@ +### [CVE-2024-40459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40459) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40460.md b/2024/CVE-2024-40460.md new file mode 100644 index 0000000000..46bab80e2f --- /dev/null +++ b/2024/CVE-2024-40460.md @@ -0,0 +1,17 @@ +### [CVE-2024-40460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40460) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40461.md b/2024/CVE-2024-40461.md new file mode 100644 index 0000000000..fa95202e83 --- /dev/null +++ b/2024/CVE-2024-40461.md @@ -0,0 +1,17 @@ +### [CVE-2024-40461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40461) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40462.md b/2024/CVE-2024-40462.md new file mode 100644 index 0000000000..7187c94165 --- /dev/null +++ b/2024/CVE-2024-40462.md @@ -0,0 +1,17 @@ +### [CVE-2024-40462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40462) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40492.md b/2024/CVE-2024-40492.md index 573ba14fd6..b476dbfafa 100644 --- a/2024/CVE-2024-40492.md +++ b/2024/CVE-2024-40492.md @@ -13,5 +13,6 @@ Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote at - https://github.com/minendie/POC_CVE-2024-40492 #### Github +- https://github.com/minendie/POC_CVE-2024-40492 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-40498.md b/2024/CVE-2024-40498.md index 7ce169eabe..c6054aa489 100644 --- a/2024/CVE-2024-40498.md +++ b/2024/CVE-2024-40498.md @@ -13,6 +13,7 @@ SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v No PoCs from references. #### Github +- https://github.com/Dirac231/CVE-2024-40498 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-40505.md b/2024/CVE-2024-40505.md index c7ddf7117f..78c06c4ee2 100644 --- a/2024/CVE-2024-40505.md +++ b/2024/CVE-2024-40505.md @@ -5,7 +5,7 @@ ### Description -**UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. +** UNSUPPORTED WHEN ASSIGNED ** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. ### POC diff --git a/2024/CVE-2024-40506.md b/2024/CVE-2024-40506.md new file mode 100644 index 0000000000..02274048ce --- /dev/null +++ b/2024/CVE-2024-40506.md @@ -0,0 +1,18 @@ +### [CVE-2024-40506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40506) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jansen-C-Moreira/CVE-2024-40506 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40507.md b/2024/CVE-2024-40507.md new file mode 100644 index 0000000000..b75a4e1ec4 --- /dev/null +++ b/2024/CVE-2024-40507.md @@ -0,0 +1,18 @@ +### [CVE-2024-40507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40507) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jansen-C-Moreira/CVE-2024-40507 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40508.md b/2024/CVE-2024-40508.md new file mode 100644 index 0000000000..cf0a821e5f --- /dev/null +++ b/2024/CVE-2024-40508.md @@ -0,0 +1,18 @@ +### [CVE-2024-40508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40508) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jansen-C-Moreira/CVE-2024-40508 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40509.md b/2024/CVE-2024-40509.md new file mode 100644 index 0000000000..d0c8102695 --- /dev/null +++ b/2024/CVE-2024-40509.md @@ -0,0 +1,18 @@ +### [CVE-2024-40509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40509) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jansen-C-Moreira/CVE-2024-40509 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40510.md b/2024/CVE-2024-40510.md new file mode 100644 index 0000000000..c7ca5f44ac --- /dev/null +++ b/2024/CVE-2024-40510.md @@ -0,0 +1,18 @@ +### [CVE-2024-40510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40510) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jansen-C-Moreira/CVE-2024-40510 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40511.md b/2024/CVE-2024-40511.md new file mode 100644 index 0000000000..721a8e3867 --- /dev/null +++ b/2024/CVE-2024-40511.md @@ -0,0 +1,18 @@ +### [CVE-2024-40511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40511) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jansen-C-Moreira/CVE-2024-40511 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40512.md b/2024/CVE-2024-40512.md new file mode 100644 index 0000000000..f13aba4ddf --- /dev/null +++ b/2024/CVE-2024-40512.md @@ -0,0 +1,18 @@ +### [CVE-2024-40512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40512) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Jansen-C-Moreira/CVE-2024-40512 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-4058.md b/2024/CVE-2024-4058.md index c844236eeb..487e6c7b7e 100644 --- a/2024/CVE-2024-4058.md +++ b/2024/CVE-2024-4058.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-40586.md b/2024/CVE-2024-40586.md new file mode 100644 index 0000000000..d46a722715 --- /dev/null +++ b/2024/CVE-2024-40586.md @@ -0,0 +1,17 @@ +### [CVE-2024-40586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40586) +![](https://img.shields.io/static/v1?label=Product&message=FortiClientWindows&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Escalation%20of%20privilege&color=brighgreen) + +### Description + +An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Hagrid29/CVE-2024-40586-Windows-Coerced-Authentication-in-FortiClient + diff --git a/2024/CVE-2024-40617.md b/2024/CVE-2024-40617.md index d0cbdd0105..b1090d97a1 100644 --- a/2024/CVE-2024-40617.md +++ b/2024/CVE-2024-40617.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/H4lo/awesome-IoT-security-article +- https://github.com/KyssK00L/CVE-2024-40617 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-4062.md b/2024/CVE-2024-4062.md new file mode 100644 index 0000000000..399fcb160c --- /dev/null +++ b/2024/CVE-2024-4062.md @@ -0,0 +1,17 @@ +### [CVE-2024-4062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4062) +![](https://img.shields.io/static/v1?label=Product&message=iSC5&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.2.2_112%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-295%20Improper%20Certificate%20Validation&color=brighgreen) + +### Description + +A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-261788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/L3ster1337/JumpServer_ResetPassword + diff --git a/2024/CVE-2024-40635.md b/2024/CVE-2024-40635.md new file mode 100644 index 0000000000..1931878776 --- /dev/null +++ b/2024/CVE-2024-40635.md @@ -0,0 +1,20 @@ +### [CVE-2024-40635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635) +![](https://img.shields.io/static/v1?label=Product&message=containerd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.6.38%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Eleson-Souza/security-scan-pipeline +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/yen5004/CVE-2024-40635_POC +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-40638.md b/2024/CVE-2024-40638.md new file mode 100644 index 0000000000..9a473f5d4e --- /dev/null +++ b/2024/CVE-2024-40638.md @@ -0,0 +1,18 @@ +### [CVE-2024-40638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40638) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.85%2C%20%3C%2010.0.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Orange-Cyberdefense/CVE-repository +- https://github.com/Orange-Cyberdefense/glpwnme + diff --git a/2024/CVE-2024-4064.md b/2024/CVE-2024-4064.md index bc344353e3..d1bf8e2570 100644 --- a/2024/CVE-2024-4064.md +++ b/2024/CVE-2024-4064.md @@ -14,5 +14,6 @@ A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as crit #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-4065.md b/2024/CVE-2024-4065.md index 4cfa46ca84..5e712bf644 100644 --- a/2024/CVE-2024-4065.md +++ b/2024/CVE-2024-4065.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critica #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-40656.md b/2024/CVE-2024-40656.md new file mode 100644 index 0000000000..fbe52e4573 --- /dev/null +++ b/2024/CVE-2024-40656.md @@ -0,0 +1,17 @@ +### [CVE-2024-40656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40656) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20disclosure&color=brighgreen) + +### Description + +In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. + +### POC + +#### Reference +- https://android.googlesource.com/platform/packages/services/Telecomm/+/f3e6a6c02439401eb7aeb3749ee5ec0b51a625b9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4066.md b/2024/CVE-2024-4066.md index 3c04662680..e570118c6f 100644 --- a/2024/CVE-2024-4066.md +++ b/2024/CVE-2024-4066.md @@ -14,4 +14,5 @@ A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-40662.md b/2024/CVE-2024-40662.md new file mode 100644 index 0000000000..2e36f5afac --- /dev/null +++ b/2024/CVE-2024-40662.md @@ -0,0 +1,17 @@ +### [CVE-2024-40662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40662) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bb33bb/net_G2.5_CVE-2024-40662 + diff --git a/2024/CVE-2024-40676.md b/2024/CVE-2024-40676.md new file mode 100644 index 0000000000..32897c48dc --- /dev/null +++ b/2024/CVE-2024-40676.md @@ -0,0 +1,17 @@ +### [CVE-2024-40676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40676) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CrackerCat/accounts_CVE-2024-40676- + diff --git a/2024/CVE-2024-4068.md b/2024/CVE-2024-4068.md index 86f3d52f1e..2d7fc64005 100644 --- a/2024/CVE-2024-4068.md +++ b/2024/CVE-2024-4068.md @@ -14,5 +14,6 @@ The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of - https://github.com/micromatch/braces/pull/37 #### Github +- https://github.com/Goroza7/Devops-Final - https://github.com/seal-community/patches diff --git a/2024/CVE-2024-40711.md b/2024/CVE-2024-40711.md new file mode 100644 index 0000000000..5d3b56e350 --- /dev/null +++ b/2024/CVE-2024-40711.md @@ -0,0 +1,23 @@ +### [CVE-2024-40711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40711) +![](https://img.shields.io/static/v1?label=Product&message=Backup%20and%20%20Recovery&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=12.1.2%3C%3D%2012.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories +- https://github.com/XiaomingX/cve-2024-40711-poc +- https://github.com/hsvhora/research_blogs +- https://github.com/realstatus/CVE-2024-40711-Exp +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/watchtowrlabs/CVE-2024-40711 + diff --git a/2024/CVE-2024-40725.md b/2024/CVE-2024-40725.md index 5fd8487002..9a7db3f40d 100644 --- a/2024/CVE-2024-40725.md +++ b/2024/CVE-2024-40725.md @@ -13,6 +13,11 @@ A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 igno No PoCs from references. #### Github +- https://github.com/0xMarcio/cve +- https://github.com/Andromeda254/cve +- https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898 +- https://github.com/krlabs/apache-vulnerabilities - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/soltanali0/CVE-2024-40725 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-40797.md b/2024/CVE-2024-40797.md new file mode 100644 index 0000000000..ac1fe047a8 --- /dev/null +++ b/2024/CVE-2024-40797.md @@ -0,0 +1,17 @@ +### [CVE-2024-40797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40797) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2013.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Visiting%20a%20malicious%20website%20may%20lead%20to%20user%20interface%20spoofing&color=brighgreen) + +### Description + +This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RNando1337/RNando1337 + diff --git a/2024/CVE-2024-40801.md b/2024/CVE-2024-40801.md new file mode 100644 index 0000000000..72fc74b569 --- /dev/null +++ b/2024/CVE-2024-40801.md @@ -0,0 +1,17 @@ +### [CVE-2024-40801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40801) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20access%20protected%20user%20data&color=brighgreen) + +### Description + +A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pvieito/ContainerMigrationExploit + diff --git a/2024/CVE-2024-40815.md b/2024/CVE-2024-40815.md index b9922d9742..a5ae397542 100644 --- a/2024/CVE-2024-40815.md +++ b/2024/CVE-2024-40815.md @@ -20,5 +20,5 @@ A race condition was addressed with additional validation. This issue is fixed i - http://seclists.org/fulldisclosure/2024/Jul/19 #### Github -No PoCs found on GitHub currently. +- https://github.com/w0wbox/CVE-2024-40815 diff --git a/2024/CVE-2024-40838.md b/2024/CVE-2024-40838.md new file mode 100644 index 0000000000..5a28d5debe --- /dev/null +++ b/2024/CVE-2024-40838.md @@ -0,0 +1,17 @@ +### [CVE-2024-40838](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40838) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20malicious%20app%20may%20be%20able%20to%20access%20notifications%20from%20the%20user's%20device&color=brighgreen) + +### Description + +A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/iCMDdev/iCMDdev + diff --git a/2024/CVE-2024-40843.md b/2024/CVE-2024-40843.md new file mode 100644 index 0000000000..bbe6186a92 --- /dev/null +++ b/2024/CVE-2024-40843.md @@ -0,0 +1,17 @@ +### [CVE-2024-40843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40843) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20modify%20protected%20parts%20of%20the%20file%20system&color=brighgreen) + +### Description + +The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kohnakagawa/kohnakagawa + diff --git a/2024/CVE-2024-40854.md b/2024/CVE-2024-40854.md new file mode 100644 index 0000000000..6b5310178f --- /dev/null +++ b/2024/CVE-2024-40854.md @@ -0,0 +1,19 @@ +### [CVE-2024-40854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40854) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20cause%20unexpected%20system%20termination&color=brighgreen) + +### Description + +A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/didi/kemon + diff --git a/2024/CVE-2024-4089.md b/2024/CVE-2024-4089.md new file mode 100644 index 0000000000..720f45535c --- /dev/null +++ b/2024/CVE-2024-4089.md @@ -0,0 +1,17 @@ +### [CVE-2024-4089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4089) +![](https://img.shields.io/static/v1?label=Product&message=SuperFile&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%20Uncontrolled%20Search%20Path%20Element&color=brighgreen) + +### Description + +A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-40890.md b/2024/CVE-2024-40890.md new file mode 100644 index 0000000000..4d982993f7 --- /dev/null +++ b/2024/CVE-2024-40890.md @@ -0,0 +1,17 @@ +### [CVE-2024-40890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40890) +![](https://img.shields.io/static/v1?label=Product&message=VMG4325-B10A%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%201.00(AAFR.4)C0_20170615%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** **UNSUPPORTED WHEN ASSIGNED**A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-40891.md b/2024/CVE-2024-40891.md new file mode 100644 index 0000000000..06195fde21 --- /dev/null +++ b/2024/CVE-2024-40891.md @@ -0,0 +1,17 @@ +### [CVE-2024-40891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40891) +![](https://img.shields.io/static/v1?label=Product&message=VMG4325-B10A%20firmware&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%201.00(AAFR.4)C0_20170615%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** **UNSUPPORTED WHEN ASSIGNED**A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-40892.md b/2024/CVE-2024-40892.md index aaebe7e805..350de666ff 100644 --- a/2024/CVE-2024-40892.md +++ b/2024/CVE-2024-40892.md @@ -14,4 +14,5 @@ A weak credential vulnerability exists in Firewalla Box Software versions before #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/xen0bit/fwbt diff --git a/2024/CVE-2024-40893.md b/2024/CVE-2024-40893.md index 85271f9f6e..5bb8a00c4a 100644 --- a/2024/CVE-2024-40893.md +++ b/2024/CVE-2024-40893.md @@ -13,5 +13,5 @@ Multiple authenticated operating system (OS) command injection vulnerabilities e - https://www.labs.greynoise.io/grimoire/2024-08-20-bluuid-firewalla/ #### Github -No PoCs found on GitHub currently. +- https://github.com/xen0bit/fwbt diff --git a/2024/CVE-2024-40898.md b/2024/CVE-2024-40898.md index 900f48b571..7bcbd2bf5a 100644 --- a/2024/CVE-2024-40898.md +++ b/2024/CVE-2024-40898.md @@ -13,6 +13,21 @@ SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, No PoCs from references. #### Github +- https://github.com/0xMarcio/cve +- https://github.com/Andromeda254/cve +- https://github.com/ForceEA001/CVE-2024-40898-SSL-Bypass-Detection +- https://github.com/NeoOniX/5ATTACK +- https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898 +- https://github.com/anilpatel199n/CVE-2024-40898 +- https://github.com/dusbot/cpe2cve +- https://github.com/jeanrafaellourenco/shodan-host-recon +- https://github.com/krlabs/apache-vulnerabilities +- https://github.com/lekctut/sdb-hw-13-01 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pedr0alencar/vlab-metasploitable2 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/rajeshwarideoraj/Vulnerability_Data_Extraction_and_Analysis +- https://github.com/soltanali0/CVE-2024-40725 - https://github.com/tanjiti/sec_profile +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-4091.md b/2024/CVE-2024-4091.md new file mode 100644 index 0000000000..d996a63827 --- /dev/null +++ b/2024/CVE-2024-4091.md @@ -0,0 +1,17 @@ +### [CVE-2024-4091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4091) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Gallery%20Grid&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e28e79fa-f461-41fe-ad1c-ca768ea5f982/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41003.md b/2024/CVE-2024-41003.md index 5de451568e..e6a84abebe 100644 --- a/2024/CVE-2024-41003.md +++ b/2024/CVE-2024-41003.md @@ -13,5 +13,7 @@ In the Linux kernel, the following vulnerability has been resolved:bpf: Fix reg_ No PoCs from references. #### Github +- https://github.com/SDUzbh/buzzer-klee - https://github.com/google/buzzer +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2024/CVE-2024-41009.md b/2024/CVE-2024-41009.md new file mode 100644 index 0000000000..25e9be7ab7 --- /dev/null +++ b/2024/CVE-2024-41009.md @@ -0,0 +1,17 @@ +### [CVE-2024-41009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41009) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=457f44363a88%3C%20be35504b959f%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:bpf: Fix overrunning reservations in ringbufThe BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logical position the consumer consumed thedata, and producer_pos which is the producer counter denoting the amount ofdata reserved by all producers.Each time a record is reserved, the producer that "owns" the record willsuccessfully advance producer counter. In user space each time a record isread, the consumer of the data advanced the consumer counter once it finishedprocessing. Both counters are stored in separate pages so that from userspace, the producer counter is read-only and the consumer counter is read-write.One aspect that simplifies and thus speeds up the implementation of bothproducers and consumers is how the data area is mapped twice contiguouslyback-to-back in the virtual memory, allowing to not take any special measuresfor samples that have to wrap around at the end of the circular buffer dataarea, because the next page after the last data page would be first data pageagain, and thus the sample will still appear completely contiguous in virtualmemory.Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header forbook-keeping the length and offset, and is inaccessible to the BPF program.Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`for the BPF program to use. Bing-Jhong and Muhammad reported that it is howeverpossible to make a second allocated memory chunk overlapping with the firstchunk and as a result, the BPF program is now able to edit first chunk'sheader.For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with sizeof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call tobpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, letsallocate a chunk B with size 0x3000. This will succeed because consumer_poswas edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`check. Chunk B will be in range [0x3008,0x6010], and the BPF program is ableto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentionedearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same datapages. This means that chunk B at [0x4000,0x4008] is chunk A's header.bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to thenlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunkB modified chunk A's header, then bpf_ringbuf_commit() refers to the wrongpage and could cause a crash.Fix it by calculating the oldest pending_pos and check whether the rangefrom the oldest outstanding record to the newest would span beyond the ringbuffer size. If that is the case, then reject the request. We've tested withthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)before/after the fix and while it seems a bit slower on some benchmarks, itis still not significantly enough to matter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-41010.md b/2024/CVE-2024-41010.md new file mode 100644 index 0000000000..8d00ee8193 --- /dev/null +++ b/2024/CVE-2024-41010.md @@ -0,0 +1,17 @@ +### [CVE-2024-41010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41010) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=e420bed02507%3C%20230bb13650b0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:bpf: Fix too early release of tcx_entryPedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reportedan issue that the tcx_entry can be released too early leading to a useafter free (UAF) when an active old-style ingress or clsact qdisc with ashared tc block is later replaced by another ingress or clsact instance.Essentially, the sequence to trigger the UAF (one example) can be as follows: 1. A network namespace is created 2. An ingress qdisc is created. This allocates a tcx_entry, and &tcx_entry->miniq is stored in the qdisc's miniqp->p_miniq. At the same time, a tcf block with index 1 is created. 3. chain0 is attached to the tcf block. chain0 must be connected to the block linked to the ingress qdisc to later reach the function tcf_chain0_head_change_cb_del() which triggers the UAF. 4. Create and graft a clsact qdisc. This causes the ingress qdisc created in step 1 to be removed, thus freeing the previously linked tcx_entry: rtnetlink_rcv_msg() => tc_modify_qdisc() => qdisc_create() => clsact_init() [a] => qdisc_graft() => qdisc_destroy() => __qdisc_destroy() => ingress_destroy() [b] => tcx_entry_free() => kfree_rcu() // tcx_entry freed 5. Finally, the network namespace is closed. This registers the cleanup_net worker, and during the process of releasing the remaining clsact qdisc, it accesses the tcx_entry that was already freed in step 4, causing the UAF to occur: cleanup_net() => ops_exit_list() => default_device_exit_batch() => unregister_netdevice_many() => unregister_netdevice_many_notify() => dev_shutdown() => qdisc_put() => clsact_destroy() [c] => tcf_block_put_ext() => tcf_chain0_head_change_cb_del() => tcf_chain_head_change_item() => clsact_chain_head_change() => mini_qdisc_pair_swap() // UAFThere are also other variants, the gist is to add an ingress (or clsact)qdisc with a specific shared block, then to replace that qdisc, waitingfor the tcx_entry kfree_rcu() to be executed and subsequently accessingthe current active qdisc's miniq one way or another.The correct fix is to turn the miniq_active boolean into a counter. Whatcan be observed, at step 2 above, the counter transitions from 0->1, atstep [a] from 1->2 (in order for the miniq object to remain active duringthe replacement), then in [b] from 2->1 and finally [c] 1->0 with theeventual release. The reference counter in general ranges from [0,2] andit does not need to be atomic since all access to the counter is protectedby the rtnl mutex. With this in place, there is no longer a UAF happeningand the tcx_entry is freed at the correct time. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-41013.md b/2024/CVE-2024-41013.md new file mode 100644 index 0000000000..e03330c3f4 --- /dev/null +++ b/2024/CVE-2024-41013.md @@ -0,0 +1,20 @@ +### [CVE-2024-41013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%3C%20ca96d83c93071f95cf962ce92406621a472df31b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:xfs: don't walk off the end of a directory data blockThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entryto make sure don't stray beyond valid memory region. Before patching, theloop simply checks that the start offset of the dup and dep is within therange. So in a crafted image, if last entry is xfs_dir2_data_unused, wecan change dup->length to dup->length-1 and leave 1 byte of space. In thenext traversal, this space will be considered as dup or dep. We mayencounter an out of bound read when accessing the fixed members.In the patch, we make sure that the remaining bytes large enough to holdan unused entry before accessing xfs_dir2_data_unused andxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also makesure that the remaining bytes large enough to hold a dirent with asingle-byte name before accessing xfs_dir2_data_entry. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/oogasawa/Utility-security +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-41014.md b/2024/CVE-2024-41014.md new file mode 100644 index 0000000000..3a36abddb1 --- /dev/null +++ b/2024/CVE-2024-41014.md @@ -0,0 +1,17 @@ +### [CVE-2024-41014](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20d1e3efe78336%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:xfs: add bounds checking to xlog_recover_process_dataThere is a lack of verification of the space occupied by fixed membersof xlog_op_header in the xlog_recover_process_data.We can create a crafted image to trigger an out of bounds read byfollowing these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crcFix:Add a check to make sure there is sufficient space to access fixed membersof xlog_op_header. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob + diff --git a/2024/CVE-2024-41015.md b/2024/CVE-2024-41015.md new file mode 100644 index 0000000000..fa3172f18b --- /dev/null +++ b/2024/CVE-2024-41015.md @@ -0,0 +1,17 @@ +### [CVE-2024-41015](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41015) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2013d38c00df97%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:ocfs2: add bounds checking to ocfs2_check_dir_entry()This adds sanity checks for ocfs2_dir_entry to make sure all members ofocfs2_dir_entry don't stray beyond valid memory region. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob + diff --git a/2024/CVE-2024-41016.md b/2024/CVE-2024-41016.md new file mode 100644 index 0000000000..2fefaa4d7a --- /dev/null +++ b/2024/CVE-2024-41016.md @@ -0,0 +1,17 @@ +### [CVE-2024-41016](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41016) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20e2b3d7a9d019%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()xattr in ocfs2 maybe 'non-indexed', which saved with additional spacerequested. It's better to check if the memory is out of bound beforememcmp, although this possibility mainly comes from crafted poisonousimages. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob + diff --git a/2024/CVE-2024-41017.md b/2024/CVE-2024-41017.md new file mode 100644 index 0000000000..12854ae1f1 --- /dev/null +++ b/2024/CVE-2024-41017.md @@ -0,0 +1,17 @@ +### [CVE-2024-41017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41017) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%207f91bd0f2941%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:jfs: don't walk off the end of ealistAdd a check before visiting the members of ea tomake sure each ea stays within the ealist. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob + diff --git a/2024/CVE-2024-41018.md b/2024/CVE-2024-41018.md new file mode 100644 index 0000000000..e4c4b6d491 --- /dev/null +++ b/2024/CVE-2024-41018.md @@ -0,0 +1,18 @@ +### [CVE-2024-41018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41018) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=e0b64e4ad2eb%3C%20f3124d51e4e7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:fs/ntfs3: Add a check for attr_names and oatblAdded out-of-bound checking for *ane (ATTR_NAME_ENTRY). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob +- https://github.com/XiaozaYa/DCO + diff --git a/2024/CVE-2024-41019.md b/2024/CVE-2024-41019.md new file mode 100644 index 0000000000..a0eef463ee --- /dev/null +++ b/2024/CVE-2024-41019.md @@ -0,0 +1,17 @@ +### [CVE-2024-41019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41019) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4534a70b7056%3C%2035652dfa8cc9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:fs/ntfs3: Validate ff offsetThis adds sanity checks for ff offset. There is a checkon rt->first_free at first, but walking through by ffwithout any check. If the second ff is a large offset.We may encounter an out-of-bound read. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LLfam/foob + diff --git a/2024/CVE-2024-41061.md b/2024/CVE-2024-41061.md new file mode 100644 index 0000000000..ce0059bb36 --- /dev/null +++ b/2024/CVE-2024-41061.md @@ -0,0 +1,17 @@ +### [CVE-2024-41061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41061) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2094166fe12543%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport[Why]Potential out of bounds access in dml2_calculate_rq_and_dlg_params()because the value of out_lowest_state_idx used as an index for FCLKChangeSupportarray can be greater than 1.[How]Currently dml2 core specifies identical values for all FCLKChangeSupportelements. Always use index 0 in the condition to avoid out of bounds access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-41071.md b/2024/CVE-2024-41071.md new file mode 100644 index 0000000000..272009551c --- /dev/null +++ b/2024/CVE-2024-41071.md @@ -0,0 +1,18 @@ +### [CVE-2024-41071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41071) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-41096.md b/2024/CVE-2024-41096.md new file mode 100644 index 0000000000..53ed71dfa1 --- /dev/null +++ b/2024/CVE-2024-41096.md @@ -0,0 +1,17 @@ +### [CVE-2024-41096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=bf6e054e0e3f%3C%200ae40b2d0a5d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:PCI/MSI: Fix UAF in msi_capability_initKFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488 Use-after-free read at 0x0000000024629571 (in kfence-#12): __pci_enable_msi_range+0x2c0/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128 allocated by task 81 on cpu 7 at 10.808142s: __kmem_cache_alloc_node+0x1f0/0x2bc kmalloc_trace+0x44/0x138 msi_alloc_desc+0x3c/0x9c msi_domain_insert_msi_desc+0x30/0x78 msi_setup_msi_desc+0x13c/0x184 __pci_enable_msi_range+0x258/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 freed by task 81 on cpu 7 at 10.811436s: msi_domain_free_descs+0xd4/0x10c msi_domain_free_locked.part.0+0xc0/0x1d8 msi_domain_alloc_irqs_all_locked+0xb4/0xbc pci_msi_setup_msi_irqs+0x30/0x4c __pci_enable_msi_range+0x2a8/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28Descriptor allocation done in:__pci_enable_msi_range msi_capability_init msi_setup_msi_desc msi_insert_msi_desc msi_domain_insert_msi_desc msi_alloc_desc ...Freed in case of failure in __msi_domain_alloc_locked()__pci_enable_msi_range msi_capability_init pci_msi_setup_msi_irqs msi_domain_alloc_irqs_all_locked msi_domain_alloc_locked __msi_domain_alloc_locked => fails msi_domain_free_locked ...That failure propagates back to pci_msi_setup_msi_irqs() inmsi_capability_init() which accesses the descriptor for unmasking in theerror exit path.Cure it by copying the descriptor and using the copy for the error exit pathunmask operation.[ tglx: Massaged change log ] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-41107.md b/2024/CVE-2024-41107.md index b4233f9cb3..d7cda019d2 100644 --- a/2024/CVE-2024-41107.md +++ b/2024/CVE-2024-41107.md @@ -13,8 +13,25 @@ The CloudStack SAML authentication (disabled by default) does not enforce signat No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/d0rb/CVE-2024-41107 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-4111.md b/2024/CVE-2024-4111.md index f2f82bdc44..ec58bcd7b2 100644 --- a/2024/CVE-2024-4111.md +++ b/2024/CVE-2024-4111.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critica #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41110.md b/2024/CVE-2024-41110.md index 765a73b160..cd3e494d39 100644 --- a/2024/CVE-2024-41110.md +++ b/2024/CVE-2024-41110.md @@ -15,6 +15,12 @@ Moby is an open-source project created by Docker for software containerization. No PoCs from references. #### Github +- https://github.com/DrAmmarMoustafa/CHASE-LB-Container-IDS-Dataset +- https://github.com/PauloParoPP/CVE-2024-41110-SCAN +- https://github.com/h4ckm1n-dev/report-test +- https://github.com/lampensau/server-setup - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/rancher/vexhub - https://github.com/tanjiti/sec_profile +- https://github.com/vvpoglazov/cve-2024-41110-checker diff --git a/2024/CVE-2024-4112.md b/2024/CVE-2024-4112.md index 0ae46a5e94..19d0b59bb2 100644 --- a/2024/CVE-2024-4112.md +++ b/2024/CVE-2024-4112.md @@ -15,4 +15,5 @@ A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41121.md b/2024/CVE-2024-41121.md new file mode 100644 index 0000000000..8d67fcec70 --- /dev/null +++ b/2024/CVE-2024-41121.md @@ -0,0 +1,17 @@ +### [CVE-2024-41121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41121) +![](https://img.shields.io/static/v1?label=Product&message=woodpecker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) + +### Description + +Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are overwritten. This issue has been addressed in release version 2.7.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/woodpecker-ci/woodpecker/issues/3924 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41124.md b/2024/CVE-2024-41124.md new file mode 100644 index 0000000000..9e0d3e63e0 --- /dev/null +++ b/2024/CVE-2024-41124.md @@ -0,0 +1,18 @@ +### [CVE-2024-41124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41124) +![](https://img.shields.io/static/v1?label=Product&message=puncia&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%3A%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-319%3A%20Cleartext%20Transmission%20of%20Sensitive%20Information&color=brighgreen) + +### Description + +Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SCH227/own-research + diff --git a/2024/CVE-2024-41128.md b/2024/CVE-2024-41128.md new file mode 100644 index 0000000000..d74acfdc87 --- /dev/null +++ b/2024/CVE-2024-41128.md @@ -0,0 +1,17 @@ +### [CVE-2024-41128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128) +![](https://img.shields.io/static/v1?label=Product&message=rails&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.1.0%2C%20%3C%206.1.7.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to version 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. One may use Ruby 3.2 as a workaround. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ch4n3-yoon/ch4n3-yoon + diff --git a/2024/CVE-2024-41129.md b/2024/CVE-2024-41129.md index a219e60512..f51b18b935 100644 --- a/2024/CVE-2024-41129.md +++ b/2024/CVE-2024-41129.md @@ -13,5 +13,5 @@ The ops library is a Python framework for developing and testing Kubernetes and - https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm #### Github -No PoCs found on GitHub currently. +- https://github.com/haiyen11231/automation-tool-for-patch-backporting diff --git a/2024/CVE-2024-4113.md b/2024/CVE-2024-4113.md index dcd3a693e7..6214dc70dd 100644 --- a/2024/CVE-2024-4113.md +++ b/2024/CVE-2024-4113.md @@ -15,4 +15,5 @@ A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4114.md b/2024/CVE-2024-4114.md index 9af4316033..d6ce56029c 100644 --- a/2024/CVE-2024-4114.md +++ b/2024/CVE-2024-4114.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, has been found in Tenda TX9 2 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4115.md b/2024/CVE-2024-4115.md index 442edd5d75..16d34c2738 100644 --- a/2024/CVE-2024-4115.md +++ b/2024/CVE-2024-4115.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, was found in Tenda W15E 15.11 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4116.md b/2024/CVE-2024-4116.md index 9bb95d8214..2110da6ae9 100644 --- a/2024/CVE-2024-4116.md +++ b/2024/CVE-2024-4116.md @@ -14,4 +14,5 @@ A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4117.md b/2024/CVE-2024-4117.md index 80d3694a78..bd4d81591d 100644 --- a/2024/CVE-2024-4117.md +++ b/2024/CVE-2024-4117.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. A #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4118.md b/2024/CVE-2024-4118.md index 8d374dc4e2..356f3952f1 100644 --- a/2024/CVE-2024-4118.md +++ b/2024/CVE-2024-4118.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as cr #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4119.md b/2024/CVE-2024-4119.md index ab7d4a8c1e..cee43ed9a2 100644 --- a/2024/CVE-2024-4119.md +++ b/2024/CVE-2024-4119.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as crit #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41195.md b/2024/CVE-2024-41195.md new file mode 100644 index 0000000000..6e4a6ffcde --- /dev/null +++ b/2024/CVE-2024-41195.md @@ -0,0 +1,17 @@ +### [CVE-2024-41195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41195) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41196.md b/2024/CVE-2024-41196.md new file mode 100644 index 0000000000..aaf06dcfd9 --- /dev/null +++ b/2024/CVE-2024-41196.md @@ -0,0 +1,17 @@ +### [CVE-2024-41196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41196) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41197.md b/2024/CVE-2024-41197.md new file mode 100644 index 0000000000..04685088b4 --- /dev/null +++ b/2024/CVE-2024-41197.md @@ -0,0 +1,17 @@ +### [CVE-2024-41197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41197) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41198.md b/2024/CVE-2024-41198.md new file mode 100644 index 0000000000..c699d78133 --- /dev/null +++ b/2024/CVE-2024-41198.md @@ -0,0 +1,17 @@ +### [CVE-2024-41198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41198) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41199.md b/2024/CVE-2024-41199.md new file mode 100644 index 0000000000..1b57f0aba1 --- /dev/null +++ b/2024/CVE-2024-41199.md @@ -0,0 +1,17 @@ +### [CVE-2024-41199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41199) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. + +### POC + +#### Reference +- https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4120.md b/2024/CVE-2024-4120.md index 2855987aa4..2791ff91cd 100644 --- a/2024/CVE-2024-4120.md +++ b/2024/CVE-2024-4120.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critica #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41209.md b/2024/CVE-2024-41209.md new file mode 100644 index 0000000000..cb68a5c60f --- /dev/null +++ b/2024/CVE-2024-41209.md @@ -0,0 +1,17 @@ +### [CVE-2024-41209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41209) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. + +### POC + +#### Reference +- https://ricercasecurity.blogspot.com/2024/10/rezzuf0-day-cve-2024-41209.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4121.md b/2024/CVE-2024-4121.md index 4b92304c70..37b4cf7529 100644 --- a/2024/CVE-2024-4121.md +++ b/2024/CVE-2024-4121.md @@ -14,4 +14,5 @@ A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41217.md b/2024/CVE-2024-41217.md new file mode 100644 index 0000000000..07e26535f1 --- /dev/null +++ b/2024/CVE-2024-41217.md @@ -0,0 +1,17 @@ +### [CVE-2024-41217](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41217) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file. + +### POC + +#### Reference +- https://github.com/justdan96/tsMuxer/issues/846 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4122.md b/2024/CVE-2024-4122.md index 89d5048906..de0ee987b9 100644 --- a/2024/CVE-2024-4122.md +++ b/2024/CVE-2024-4122.md @@ -14,4 +14,5 @@ A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affec #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41226.md b/2024/CVE-2024-41226.md index 15d0c552f1..f02f363aa0 100644 --- a/2024/CVE-2024-41226.md +++ b/2024/CVE-2024-41226.md @@ -5,13 +5,15 @@ ### Description -A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. +** DISPUTED ** A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from the client-side, so the owner of the Response and payload is the end user in this case. They contend that the server's security controls have no impact or role to play in this situation and therefore this is not a valid vulnerability. ### POC #### Reference +- https://medium.com/%40aksalsalimi/cve-2024-41226-response-manipulation-led-to-csv-injection-9ae3182dcc02 - https://medium.com/@aksalsalimi/cve-2024-41226-response-manipulation-led-to-csv-injection-9ae3182dcc02 #### Github +- https://github.com/aksalsalimi/aksalsalimi - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-4123.md b/2024/CVE-2024-4123.md index 8be0f3e249..1bcd439852 100644 --- a/2024/CVE-2024-4123.md +++ b/2024/CVE-2024-4123.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, has been found in Tenda W15E #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4124.md b/2024/CVE-2024-4124.md index 3409f8abcf..2ca8ad3049 100644 --- a/2024/CVE-2024-4124.md +++ b/2024/CVE-2024-4124.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, was found in Tenda W15E 15.11 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4125.md b/2024/CVE-2024-4125.md index 6062e64a22..5c3e86153b 100644 --- a/2024/CVE-2024-4125.md +++ b/2024/CVE-2024-4125.md @@ -14,4 +14,5 @@ A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4126.md b/2024/CVE-2024-4126.md index 37e5051621..c98fe9da4b 100644 --- a/2024/CVE-2024-4126.md +++ b/2024/CVE-2024-4126.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. T #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4127.md b/2024/CVE-2024-4127.md index d43a27d825..cf21c8df33 100644 --- a/2024/CVE-2024-4127.md +++ b/2024/CVE-2024-4127.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as cr #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41270.md b/2024/CVE-2024-41270.md new file mode 100644 index 0000000000..2faf2f4223 --- /dev/null +++ b/2024/CVE-2024-41270.md @@ -0,0 +1,17 @@ +### [CVE-2024-41270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41270) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nissiuser/Vulnerability-Scan-Report + diff --git a/2024/CVE-2024-41276.md b/2024/CVE-2024-41276.md new file mode 100644 index 0000000000..4c0c01d91e --- /dev/null +++ b/2024/CVE-2024-41276.md @@ -0,0 +1,17 @@ +### [CVE-2024-41276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41276) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/artemy-ccrsky/CVE-2024-41276 + diff --git a/2024/CVE-2024-41290.md b/2024/CVE-2024-41290.md new file mode 100644 index 0000000000..7e50dec70a --- /dev/null +++ b/2024/CVE-2024-41290.md @@ -0,0 +1,17 @@ +### [CVE-2024-41290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41290) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/paragbagul111/CVE-2024-41290 + diff --git a/2024/CVE-2024-41319.md b/2024/CVE-2024-41319.md new file mode 100644 index 0000000000..fb1aba6dd8 --- /dev/null +++ b/2024/CVE-2024-41319.md @@ -0,0 +1,17 @@ +### [CVE-2024-41319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41319) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NingXin2002/TOTOLINK_poc + diff --git a/2024/CVE-2024-41344.md b/2024/CVE-2024-41344.md new file mode 100644 index 0000000000..84a40d07d3 --- /dev/null +++ b/2024/CVE-2024-41344.md @@ -0,0 +1,17 @@ +### [CVE-2024-41344](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41344) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. + +### POC + +#### Reference +- https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/264 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41345.md b/2024/CVE-2024-41345.md new file mode 100644 index 0000000000..948dee10a4 --- /dev/null +++ b/2024/CVE-2024-41345.md @@ -0,0 +1,17 @@ +### [CVE-2024-41345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41345) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41346.md b/2024/CVE-2024-41346.md new file mode 100644 index 0000000000..5c251f99b5 --- /dev/null +++ b/2024/CVE-2024-41346.md @@ -0,0 +1,17 @@ +### [CVE-2024-41346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41346) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41347.md b/2024/CVE-2024-41347.md new file mode 100644 index 0000000000..42dc645d7b --- /dev/null +++ b/2024/CVE-2024-41347.md @@ -0,0 +1,17 @@ +### [CVE-2024-41347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41347) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41348.md b/2024/CVE-2024-41348.md new file mode 100644 index 0000000000..5e46e476d4 --- /dev/null +++ b/2024/CVE-2024-41348.md @@ -0,0 +1,17 @@ +### [CVE-2024-41348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41348) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php + +### POC + +#### Reference +- https://github.com/jpatokal/openflights/issues/1478 + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41349.md b/2024/CVE-2024-41349.md new file mode 100644 index 0000000000..56e014f703 --- /dev/null +++ b/2024/CVE-2024-41349.md @@ -0,0 +1,17 @@ +### [CVE-2024-41349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41349) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41350.md b/2024/CVE-2024-41350.md new file mode 100644 index 0000000000..79f20afcc7 --- /dev/null +++ b/2024/CVE-2024-41350.md @@ -0,0 +1,17 @@ +### [CVE-2024-41350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41350) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41351.md b/2024/CVE-2024-41351.md new file mode 100644 index 0000000000..9ae28c2e4f --- /dev/null +++ b/2024/CVE-2024-41351.md @@ -0,0 +1,17 @@ +### [CVE-2024-41351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41351) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41353.md b/2024/CVE-2024-41353.md index 5d3e50e6b1..83c4135524 100644 --- a/2024/CVE-2024-41353.md +++ b/2024/CVE-2024-41353.md @@ -13,5 +13,5 @@ phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edi - https://github.com/phpipam/phpipam/issues/4147 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41354.md b/2024/CVE-2024-41354.md index 088d774124..a5eac20859 100644 --- a/2024/CVE-2024-41354.md +++ b/2024/CVE-2024-41354.md @@ -13,5 +13,5 @@ phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/e - https://github.com/phpipam/phpipam/issues/4150 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41355.md b/2024/CVE-2024-41355.md index 10a3e4c7d9..b219fd49cd 100644 --- a/2024/CVE-2024-41355.md +++ b/2024/CVE-2024-41355.md @@ -13,5 +13,5 @@ phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-i - https://github.com/phpipam/phpipam/issues/4151 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41356.md b/2024/CVE-2024-41356.md index 28fe831840..d0445d8e2e 100644 --- a/2024/CVE-2024-41356.md +++ b/2024/CVE-2024-41356.md @@ -13,5 +13,5 @@ phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-z - https://github.com/phpipam/phpipam/issues/4146 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41357.md b/2024/CVE-2024-41357.md index 02b07638d7..5cb48b68e7 100644 --- a/2024/CVE-2024-41357.md +++ b/2024/CVE-2024-41357.md @@ -10,8 +10,9 @@ phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/ ### POC #### Reference +- https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41357.md - https://github.com/phpipam/phpipam/issues/4149 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41358.md b/2024/CVE-2024-41358.md new file mode 100644 index 0000000000..93b91803bc --- /dev/null +++ b/2024/CVE-2024-41358.md @@ -0,0 +1,19 @@ +### [CVE-2024-41358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41358) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. + +### POC + +#### Reference +- https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2024-41358.md +- https://github.com/phpipam/phpipam/issues/4148 + +#### Github +- https://github.com/MarkLee131/PHP_Taint_Slice +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41361.md b/2024/CVE-2024-41361.md new file mode 100644 index 0000000000..aba1202eae --- /dev/null +++ b/2024/CVE-2024-41361.md @@ -0,0 +1,17 @@ +### [CVE-2024-41361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41361) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php + +### POC + +#### Reference +- https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2398 + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41364.md b/2024/CVE-2024-41364.md new file mode 100644 index 0000000000..243df518b5 --- /dev/null +++ b/2024/CVE-2024-41364.md @@ -0,0 +1,17 @@ +### [CVE-2024-41364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41364) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41366.md b/2024/CVE-2024-41366.md new file mode 100644 index 0000000000..a57ebf04ef --- /dev/null +++ b/2024/CVE-2024-41366.md @@ -0,0 +1,17 @@ +### [CVE-2024-41366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41366) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php + +### POC + +#### Reference +- https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2399 + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41367.md b/2024/CVE-2024-41367.md new file mode 100644 index 0000000000..60b55dfad6 --- /dev/null +++ b/2024/CVE-2024-41367.md @@ -0,0 +1,17 @@ +### [CVE-2024-41367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41367) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41368.md b/2024/CVE-2024-41368.md new file mode 100644 index 0000000000..152bf419b7 --- /dev/null +++ b/2024/CVE-2024-41368.md @@ -0,0 +1,17 @@ +### [CVE-2024-41368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41368) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php + +### POC + +#### Reference +- https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2396 + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41369.md b/2024/CVE-2024-41369.md new file mode 100644 index 0000000000..ca72de00b8 --- /dev/null +++ b/2024/CVE-2024-41369.md @@ -0,0 +1,17 @@ +### [CVE-2024-41369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41369) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41370.md b/2024/CVE-2024-41370.md new file mode 100644 index 0000000000..701bb7667a --- /dev/null +++ b/2024/CVE-2024-41370.md @@ -0,0 +1,17 @@ +### [CVE-2024-41370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41370) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41371.md b/2024/CVE-2024-41371.md new file mode 100644 index 0000000000..648bea01ef --- /dev/null +++ b/2024/CVE-2024-41371.md @@ -0,0 +1,17 @@ +### [CVE-2024-41371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41371) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. + +### POC + +#### Reference +- https://github.com/causefx/Organizr/issues/1997 + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41372.md b/2024/CVE-2024-41372.md new file mode 100644 index 0000000000..097a663aae --- /dev/null +++ b/2024/CVE-2024-41372.md @@ -0,0 +1,17 @@ +### [CVE-2024-41372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41372) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. + +### POC + +#### Reference +- https://github.com/causefx/Organizr/issues/1999 + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-41373.md b/2024/CVE-2024-41373.md index f112b323c1..568530461b 100644 --- a/2024/CVE-2024-41373.md +++ b/2024/CVE-2024-41373.md @@ -13,5 +13,5 @@ ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-pre - https://github.com/xjzzzxx/vulFound/blob/main/icecoder/icecoder8.1_PT.md #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41374.md b/2024/CVE-2024-41374.md index 45d34b4bbc..c8408a67b8 100644 --- a/2024/CVE-2024-41374.md +++ b/2024/CVE-2024-41374.md @@ -13,5 +13,5 @@ ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen - https://github.com/xjzzzxx/vulFound/blob/main/icecoder/icecoder8.1_xss2.md #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41375.md b/2024/CVE-2024-41375.md index 9dfc02d211..b480e794a6 100644 --- a/2024/CVE-2024-41375.md +++ b/2024/CVE-2024-41375.md @@ -13,5 +13,5 @@ ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.ph - https://github.com/xjzzzxx/vulFound/blob/main/icecoder/icecoder8.1_xss1.md #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41376.md b/2024/CVE-2024-41376.md index 7278b11199..6dd0f21665 100644 --- a/2024/CVE-2024-41376.md +++ b/2024/CVE-2024-41376.md @@ -13,5 +13,5 @@ dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. - https://github.com/zyx0814/dzzoffice/issues/252 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41380.md b/2024/CVE-2024-41380.md index 001f6c9e15..b304c8e9a3 100644 --- a/2024/CVE-2024-41380.md +++ b/2024/CVE-2024-41380.md @@ -13,5 +13,5 @@ microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnera - https://github.com/microweber/microweber/issues/1111 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41381.md b/2024/CVE-2024-41381.md index 24238b0d18..1573961846 100644 --- a/2024/CVE-2024-41381.md +++ b/2024/CVE-2024-41381.md @@ -13,5 +13,5 @@ microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnera - https://github.com/microweber/microweber/issues/1110 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-41436.md b/2024/CVE-2024-41436.md new file mode 100644 index 0000000000..b9a9f1ca0e --- /dev/null +++ b/2024/CVE-2024-41436.md @@ -0,0 +1,17 @@ +### [CVE-2024-41436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41436) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit + diff --git a/2024/CVE-2024-41447.md b/2024/CVE-2024-41447.md new file mode 100644 index 0000000000..8524f67105 --- /dev/null +++ b/2024/CVE-2024-41447.md @@ -0,0 +1,17 @@ +### [CVE-2024-41447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41447) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function. + +### POC + +#### Reference +- https://www.exploit-db.com/exploits/52209 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41453.md b/2024/CVE-2024-41453.md new file mode 100644 index 0000000000..c137a16a16 --- /dev/null +++ b/2024/CVE-2024-41453.md @@ -0,0 +1,17 @@ +### [CVE-2024-41453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41453) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/code5ecure/CVE-2024-41453_CVE-2024-41454 + diff --git a/2024/CVE-2024-41454.md b/2024/CVE-2024-41454.md new file mode 100644 index 0000000000..bc0cea9304 --- /dev/null +++ b/2024/CVE-2024-41454.md @@ -0,0 +1,17 @@ +### [CVE-2024-41454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41454) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/code5ecure/CVE-2024-41453_CVE-2024-41454 + diff --git a/2024/CVE-2024-41465.md b/2024/CVE-2024-41465.md index d770154fdf..d754248a3c 100644 --- a/2024/CVE-2024-41465.md +++ b/2024/CVE-2024-41465.md @@ -14,4 +14,5 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow v #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-41466.md b/2024/CVE-2024-41466.md index b74d64e9a6..699c9804c5 100644 --- a/2024/CVE-2024-41466.md +++ b/2024/CVE-2024-41466.md @@ -14,4 +14,5 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow v #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-41468.md b/2024/CVE-2024-41468.md index f410f8dba3..bda7bbeb7d 100644 --- a/2024/CVE-2024-41468.md +++ b/2024/CVE-2024-41468.md @@ -13,7 +13,24 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili - https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/Co5mos/nuclei-tps +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-41473.md b/2024/CVE-2024-41473.md index dc67e7da35..a329db1031 100644 --- a/2024/CVE-2024-41473.md +++ b/2024/CVE-2024-41473.md @@ -13,7 +13,24 @@ Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerabili - https://github.com/iotresearch/iot-vuln/tree/main/Tenda/FH1201/WriteFacMac #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/Co5mos/nuclei-tps +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 - https://github.com/ibaiw/2024Hvv +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-41481.md b/2024/CVE-2024-41481.md new file mode 100644 index 0000000000..d1da46bba5 --- /dev/null +++ b/2024/CVE-2024-41481.md @@ -0,0 +1,17 @@ +### [CVE-2024-41481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41481) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-41482.md b/2024/CVE-2024-41482.md new file mode 100644 index 0000000000..e904b6387c --- /dev/null +++ b/2024/CVE-2024-41482.md @@ -0,0 +1,17 @@ +### [CVE-2024-41482](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41482) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-4157.md b/2024/CVE-2024-4157.md new file mode 100644 index 0000000000..1adcd800df --- /dev/null +++ b/2024/CVE-2024-4157.md @@ -0,0 +1,17 @@ +### [CVE-2024-4157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4157) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin%20by%20Fluent%20Forms%20for%20Quiz%2C%20Survey%2C%20and%20Drag%20%26%20Drop%20WP%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.1.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Successful exploitation requires the attacker to have "View Form" and "Manage Form" permissions, which must be explicitly set by an administrator. However, this requirement can be bypassed when this vulnerability is chained with CVE-2024-2771. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ch4os1/CVE-2024-4157-SSRF-RCE-Reverse-Shell + diff --git a/2024/CVE-2024-41570.md b/2024/CVE-2024-41570.md index a5a0d1a03b..d476533322 100644 --- a/2024/CVE-2024-41570.md +++ b/2024/CVE-2024-41570.md @@ -13,5 +13,14 @@ An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling - https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/ #### Github +- https://github.com/EndermanSUPREME/Havoc-C2-SSRF-to-RCE-POC +- https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE +- https://github.com/Michael-Meade/Links-Repository +- https://github.com/Nicolas-Arsenault/Havoc-C2-RCE-2024 +- https://github.com/chebuya/Havoc-C2-SSRF-poc +- https://github.com/dxlerYT/Havoc-C2-RCE-2024 +- https://github.com/kit4py/CVE-2024-41570 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE +- https://github.com/thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE diff --git a/2024/CVE-2024-41594.md b/2024/CVE-2024-41594.md new file mode 100644 index 0000000000..3ed4850da2 --- /dev/null +++ b/2024/CVE-2024-41594.md @@ -0,0 +1,17 @@ +### [CVE-2024-41594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41594) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG of OpenSSL. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2024/CVE-2024-41597.md b/2024/CVE-2024-41597.md index 15309a19e0..1ea785597c 100644 --- a/2024/CVE-2024-41597.md +++ b/2024/CVE-2024-41597.md @@ -13,5 +13,5 @@ Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remot - https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md #### Github -No PoCs found on GitHub currently. +- https://github.com/abhishek-praveen/abhishek-praveen diff --git a/2024/CVE-2024-41622.md b/2024/CVE-2024-41622.md new file mode 100644 index 0000000000..026e733903 --- /dev/null +++ b/2024/CVE-2024-41622.md @@ -0,0 +1,17 @@ +### [CVE-2024-41622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41622) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. + +### POC + +#### Reference +- https://github.com/yali-1002/some-poc/blob/main/CVE-2024-41622 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41623.md b/2024/CVE-2024-41623.md new file mode 100644 index 0000000000..fdd7e8e530 --- /dev/null +++ b/2024/CVE-2024-41623.md @@ -0,0 +1,17 @@ +### [CVE-2024-41623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41623) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Anonymous120386/Anonymous + diff --git a/2024/CVE-2024-41628.md b/2024/CVE-2024-41628.md index 88674b33d9..5656af92b2 100644 --- a/2024/CVE-2024-41628.md +++ b/2024/CVE-2024-41628.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/Redshift-CyberSecurity/CVE-2024-41628 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-41629.md b/2024/CVE-2024-41629.md new file mode 100644 index 0000000000..5db1447b68 --- /dev/null +++ b/2024/CVE-2024-41629.md @@ -0,0 +1,17 @@ +### [CVE-2024-41629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41629) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials + +### POC + +#### Reference +- https://seclists.org/fulldisclosure/2024/Sep/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4164.md b/2024/CVE-2024-4164.md index e88ae28100..26f2f88026 100644 --- a/2024/CVE-2024-4164.md +++ b/2024/CVE-2024-4164.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, has been found in Tenda G3 15 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41640.md b/2024/CVE-2024-41640.md index ca2c473ed6..53497e9ea9 100644 --- a/2024/CVE-2024-41640.md +++ b/2024/CVE-2024-41640.md @@ -13,5 +13,6 @@ Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an a No PoCs from references. #### Github +- https://github.com/alemusix/CVE-2024-41640 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-41644.md b/2024/CVE-2024-41644.md new file mode 100644 index 0000000000..5381600625 --- /dev/null +++ b/2024/CVE-2024-41644.md @@ -0,0 +1,17 @@ +### [CVE-2024-41644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41644) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-41645.md b/2024/CVE-2024-41645.md new file mode 100644 index 0000000000..430d47c8e7 --- /dev/null +++ b/2024/CVE-2024-41645.md @@ -0,0 +1,17 @@ +### [CVE-2024-41645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41645) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-41646.md b/2024/CVE-2024-41646.md new file mode 100644 index 0000000000..cb6a66166c --- /dev/null +++ b/2024/CVE-2024-41646.md @@ -0,0 +1,17 @@ +### [CVE-2024-41646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41646) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-41647.md b/2024/CVE-2024-41647.md new file mode 100644 index 0000000000..3d0ca31465 --- /dev/null +++ b/2024/CVE-2024-41647.md @@ -0,0 +1,17 @@ +### [CVE-2024-41647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41647) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-41648.md b/2024/CVE-2024-41648.md new file mode 100644 index 0000000000..08ce6e14d4 --- /dev/null +++ b/2024/CVE-2024-41648.md @@ -0,0 +1,17 @@ +### [CVE-2024-41648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41648) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-41649.md b/2024/CVE-2024-41649.md new file mode 100644 index 0000000000..2b1010b7a0 --- /dev/null +++ b/2024/CVE-2024-41649.md @@ -0,0 +1,17 @@ +### [CVE-2024-41649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41649) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-4165.md b/2024/CVE-2024-4165.md index fcc48a3ca8..fb3238457d 100644 --- a/2024/CVE-2024-4165.md +++ b/2024/CVE-2024-4165.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41650.md b/2024/CVE-2024-41650.md new file mode 100644 index 0000000000..fda3f5594f --- /dev/null +++ b/2024/CVE-2024-41650.md @@ -0,0 +1,17 @@ +### [CVE-2024-41650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41650) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-41651.md b/2024/CVE-2024-41651.md index eb9d52e2b0..18eb9fbf86 100644 --- a/2024/CVE-2024-41651.md +++ b/2024/CVE-2024-41651.md @@ -5,7 +5,7 @@ ### Description -An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. +** DISPUTED ** An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server). ### POC @@ -13,5 +13,7 @@ An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute ar No PoCs from references. #### Github +- https://github.com/Fckroun/CVE-2024-41651 +- https://github.com/FredAsareQuaye/mgbako - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-4166.md b/2024/CVE-2024-4166.md index bbda274f71..da13d184e0 100644 --- a/2024/CVE-2024-4166.md +++ b/2024/CVE-2024-4166.md @@ -14,4 +14,5 @@ A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41660.md b/2024/CVE-2024-41660.md index 3e2a84f4aa..b6d8e976e3 100644 --- a/2024/CVE-2024-41660.md +++ b/2024/CVE-2024-41660.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/tanjiti/sec_profile +- https://github.com/tylzars/awesome-vrre-writeups diff --git a/2024/CVE-2024-41662.md b/2024/CVE-2024-41662.md index 97f1a43845..eb0d611f4e 100644 --- a/2024/CVE-2024-41662.md +++ b/2024/CVE-2024-41662.md @@ -14,6 +14,8 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/m0d0ri205/m0d0ri205 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sh3bu/CVE-2024-41662 - https://github.com/sh3bu/sh3bu diff --git a/2024/CVE-2024-41667.md b/2024/CVE-2024-41667.md index 739d5341ab..0a54ef5e73 100644 --- a/2024/CVE-2024-41667.md +++ b/2024/CVE-2024-41667.md @@ -13,5 +13,6 @@ OpenAM is an open access management solution. In versions 15.0.3 and prior, the No PoCs from references. #### Github +- https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-4167.md b/2024/CVE-2024-4167.md index e80675882d..908c2fb330 100644 --- a/2024/CVE-2024-4167.md +++ b/2024/CVE-2024-4167.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Aff #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41678.md b/2024/CVE-2024-41678.md new file mode 100644 index 0000000000..990ec1eb17 --- /dev/null +++ b/2024/CVE-2024-41678.md @@ -0,0 +1,17 @@ +### [CVE-2024-41678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41678) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.50%2C%20%3C%2010.0.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/4rdr/proofs + diff --git a/2024/CVE-2024-4168.md b/2024/CVE-2024-4168.md index 65fe13a075..9c44668a81 100644 --- a/2024/CVE-2024-4168.md +++ b/2024/CVE-2024-4168.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as crit #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4169.md b/2024/CVE-2024-4169.md index 6b3cd1f6e7..9999351cdc 100644 --- a/2024/CVE-2024-4169.md +++ b/2024/CVE-2024-4169.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4170.md b/2024/CVE-2024-4170.md index bf23cc44fc..b6340fb744 100644 --- a/2024/CVE-2024-4170.md +++ b/2024/CVE-2024-4170.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41703.md b/2024/CVE-2024-41703.md new file mode 100644 index 0000000000..37f37a24df --- /dev/null +++ b/2024/CVE-2024-41703.md @@ -0,0 +1,17 @@ +### [CVE-2024-41703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41703) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +LibreChat through 0.7.4-rc1 has incorrect access control for message updates. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/realestate-com-au/vulnerability-disclosures + diff --git a/2024/CVE-2024-41704.md b/2024/CVE-2024-41704.md new file mode 100644 index 0000000000..c12dce70a5 --- /dev/null +++ b/2024/CVE-2024-41704.md @@ -0,0 +1,17 @@ +### [CVE-2024-41704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41704) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/realestate-com-au/vulnerability-disclosures + diff --git a/2024/CVE-2024-4171.md b/2024/CVE-2024-4171.md index 37e1cd0783..b2d5df5bcc 100644 --- a/2024/CVE-2024-4171.md +++ b/2024/CVE-2024-4171.md @@ -15,4 +15,5 @@ A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-41710.md b/2024/CVE-2024-41710.md new file mode 100644 index 0000000000..106f88c098 --- /dev/null +++ b/2024/CVE-2024-41710.md @@ -0,0 +1,20 @@ +### [CVE-2024-41710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41710) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kwburns/CVE +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT +- https://github.com/packetlabs/vulnerability-advisory + diff --git a/2024/CVE-2024-41713.md b/2024/CVE-2024-41713.md new file mode 100644 index 0000000000..40d4f2753d --- /dev/null +++ b/2024/CVE-2024-41713.md @@ -0,0 +1,29 @@ +### [CVE-2024-41713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41713) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xNehru/mitel-micollab-exploit +- https://github.com/Emirhan-C4Z/exploit-poc1 +- https://github.com/Ostorlab/KEV +- https://github.com/Sanandd/cve-2024-CVE-2024-41713 +- https://github.com/amanverma-wsu/CVE-2024-41713-Scan +- https://github.com/gunyakit/CVE-2024-41713-PoC-exploit +- https://github.com/opendr-io/causality +- https://github.com/packetinside/CISA_BOT +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/uklad/Micollab-Script +- https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713 +- https://github.com/zulloper/cve-poc +- https://github.com/zxj-hub/CVE-2024-41713POC + diff --git a/2024/CVE-2024-41714.md b/2024/CVE-2024-41714.md new file mode 100644 index 0000000000..ecd458788f --- /dev/null +++ b/2024/CVE-2024-41714.md @@ -0,0 +1,17 @@ +### [CVE-2024-41714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41714) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/uklad/Micollab-Script + diff --git a/2024/CVE-2024-41720.md b/2024/CVE-2024-41720.md new file mode 100644 index 0000000000..0341463910 --- /dev/null +++ b/2024/CVE-2024-41720.md @@ -0,0 +1,17 @@ +### [CVE-2024-41720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41720) +![](https://img.shields.io/static/v1?label=Product&message=ZWX-2000CSW2-HN&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20firmware%20versions%20prior%20to%20Ver.0.3.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. + +### POC + +#### Reference +- https://www.zexelon.co.jp/pdf/jvn70666401.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41730.md b/2024/CVE-2024-41730.md new file mode 100644 index 0000000000..c2a66b0b6b --- /dev/null +++ b/2024/CVE-2024-41730.md @@ -0,0 +1,18 @@ +### [CVE-2024-41730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41730) +![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Business%20Intelligence%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20ENTERPRISE%20430%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%3A%20Missing%20Authorization&color=brighgreen) + +### Description + +In SAP BusinessObjects Business IntelligencePlatform, if Single Signed On is enabled on Enterprise authentication, anunauthorized user can get a logon token using a REST endpoint. The attacker canfully compromise the system resulting in High impact on confidentiality,integrity and availability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024 +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-4176.md b/2024/CVE-2024-4176.md new file mode 100644 index 0000000000..9547a91fce --- /dev/null +++ b/2024/CVE-2024-4176.md @@ -0,0 +1,17 @@ +### [CVE-2024-4176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4176) +![](https://img.shields.io/static/v1?label=Product&message=Trellix%20EDR%20UI%20%20(XConsole)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Earlier%20than%20May%2017%2C%202024%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lorenzo-de-Sa/Vulnerability-Research + diff --git a/2024/CVE-2024-4181.md b/2024/CVE-2024-4181.md new file mode 100644 index 0000000000..eccf33a360 --- /dev/null +++ b/2024/CVE-2024-4181.md @@ -0,0 +1,18 @@ +### [CVE-2024-4181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4181) +![](https://img.shields.io/static/v1?label=Product&message=run-llama%2Fllama_index&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.10.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code&color=brighgreen) + +### Description + +A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/XiaomingX/weekly +- https://github.com/yux1azhengye/yux1azhengye + diff --git a/2024/CVE-2024-41817.md b/2024/CVE-2024-41817.md index 1c04220b04..091a29e39d 100644 --- a/2024/CVE-2024-41817.md +++ b/2024/CVE-2024-41817.md @@ -13,5 +13,11 @@ ImageMagick is a free and open-source software suite, used for editing and manip - https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8 #### Github -No PoCs found on GitHub currently. +- https://github.com/Dxsk/CVE-2024-41817-poc +- https://github.com/OneGoshko12/htb-titanic +- https://github.com/maikneysm/AutoPwn-Titanic.htb +- https://github.com/mxdelta/CVE +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/sorshi/comistream-reader +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-41818.md b/2024/CVE-2024-41818.md index 971f8d2342..b27e823207 100644 --- a/2024/CVE-2024-41818.md +++ b/2024/CVE-2024-41818.md @@ -1,7 +1,7 @@ ### [CVE-2024-41818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41818) ![](https://img.shields.io/static/v1?label=Product&message=fast-xml-parser&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.4.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%204.3.5%2C%20%3C%204.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) ### Description diff --git a/2024/CVE-2024-41856.md b/2024/CVE-2024-41856.md index 8f49982cff..c82fed0126 100644 --- a/2024/CVE-2024-41856.md +++ b/2024/CVE-2024-41856.md @@ -5,7 +5,7 @@ ### Description -Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. +Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. ### POC diff --git a/2024/CVE-2024-41946.md b/2024/CVE-2024-41946.md index 7002f750cb..c54897bd09 100644 --- a/2024/CVE-2024-41946.md +++ b/2024/CVE-2024-41946.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/lifeparticle/Ruby-Cheatsheet +- https://github.com/trevor0106/cheatsheet diff --git a/2024/CVE-2024-41955.md b/2024/CVE-2024-41955.md index e94773332a..5fd71b3830 100644 --- a/2024/CVE-2024-41955.md +++ b/2024/CVE-2024-41955.md @@ -13,5 +13,6 @@ Mobile Security Framework (MobSF) is a security research platform for mobile app - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4 #### Github +- https://github.com/afine-com/research - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-41958.md b/2024/CVE-2024-41958.md index 75b1a90199..ad5b12eb6d 100644 --- a/2024/CVE-2024-41958.md +++ b/2024/CVE-2024-41958.md @@ -13,5 +13,6 @@ mailcow: dockerized is an open source groupware/email suite based on docker. A v No PoCs from references. #### Github +- https://github.com/OrangeJuiceHU/CVE-2024-41958-PoC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-41965.md b/2024/CVE-2024-41965.md index 286e5bd536..efc636363e 100644 --- a/2024/CVE-2024-41965.md +++ b/2024/CVE-2024-41965.md @@ -13,5 +13,6 @@ Vim is an open source command line text editor. double-free in dialog_changed() - https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f #### Github +- https://github.com/a85tract/Lancet - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-41967.md b/2024/CVE-2024-41967.md new file mode 100644 index 0000000000..2f9e411d80 --- /dev/null +++ b/2024/CVE-2024-41967.md @@ -0,0 +1,29 @@ +### [CVE-2024-41967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41967) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G1%200750-810x%2Fxxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G1%20750-820x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%203.10.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41968.md b/2024/CVE-2024-41968.md new file mode 100644 index 0000000000..860ed85fc5 --- /dev/null +++ b/2024/CVE-2024-41968.md @@ -0,0 +1,29 @@ +### [CVE-2024-41968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41968) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G1%200750-810x%2Fxxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G1%20750-820x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%203.10.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41969.md b/2024/CVE-2024-41969.md new file mode 100644 index 0000000000..7db6c0d87e --- /dev/null +++ b/2024/CVE-2024-41969.md @@ -0,0 +1,29 @@ +### [CVE-2024-41969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41969) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G1%200750-810x%2Fxxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G1%20750-820x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%203.10.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41970.md b/2024/CVE-2024-41970.md new file mode 100644 index 0000000000..d499ada532 --- /dev/null +++ b/2024/CVE-2024-41970.md @@ -0,0 +1,26 @@ +### [CVE-2024-41970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41970) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41971.md b/2024/CVE-2024-41971.md new file mode 100644 index 0000000000..f4025b8d3a --- /dev/null +++ b/2024/CVE-2024-41971.md @@ -0,0 +1,26 @@ +### [CVE-2024-41971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41971) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41972.md b/2024/CVE-2024-41972.md new file mode 100644 index 0000000000..0f79f50bce --- /dev/null +++ b/2024/CVE-2024-41972.md @@ -0,0 +1,26 @@ +### [CVE-2024-41972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41972) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-35%20Path%20Traversal%3A%20'...%2F...%2F%2F'&color=brighgreen) + +### Description + +A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41973.md b/2024/CVE-2024-41973.md new file mode 100644 index 0000000000..fc6d33a01a --- /dev/null +++ b/2024/CVE-2024-41973.md @@ -0,0 +1,26 @@ +### [CVE-2024-41973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41973) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-35%20Path%20Traversal%3A%20'...%2F...%2F%2F'&color=brighgreen) + +### Description + +A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41974.md b/2024/CVE-2024-41974.md new file mode 100644 index 0000000000..221ffbddf8 --- /dev/null +++ b/2024/CVE-2024-41974.md @@ -0,0 +1,26 @@ +### [CVE-2024-41974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41974) +![](https://img.shields.io/static/v1?label=Product&message=CC100%200751-9x01&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Edge%20Controller%200752-8303%2F8000-0002&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC100%20G2%200750-811x-xxxx-xxxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PFC200%20G2%20750-821x-xxx-xxx&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-420x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-430x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-520x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-530x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-620x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=TP600%200762-630x%2F8000-000x&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.0%3C%3D%204.5.10%20(FW27)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. + +### POC + +#### Reference +- https://cert.vde.com/en/advisories/VDE-2024-047 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41987.md b/2024/CVE-2024-41987.md new file mode 100644 index 0000000000..c80e2ac976 --- /dev/null +++ b/2024/CVE-2024-41987.md @@ -0,0 +1,17 @@ +### [CVE-2024-41987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41987) +![](https://img.shields.io/static/v1?label=Product&message=Opera%20Plus%20FM%20Family%20Transmitter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2035.45%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. + +### POC + +#### Reference +- https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41988.md b/2024/CVE-2024-41988.md new file mode 100644 index 0000000000..349e56f913 --- /dev/null +++ b/2024/CVE-2024-41988.md @@ -0,0 +1,17 @@ +### [CVE-2024-41988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41988) +![](https://img.shields.io/static/v1?label=Product&message=Opera%20Plus%20FM%20Family%20Transmitter&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2035.45%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen) + +### Description + +TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. + +### POC + +#### Reference +- https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41992.md b/2024/CVE-2024-41992.md new file mode 100644 index 0000000000..4bbfd73d26 --- /dev/null +++ b/2024/CVE-2024-41992.md @@ -0,0 +1,18 @@ +### [CVE-2024-41992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41992) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fj016/CVE-2024-41992-PoC +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-41996.md b/2024/CVE-2024-41996.md index 85173d0a91..d00bb8cd11 100644 --- a/2024/CVE-2024-41996.md +++ b/2024/CVE-2024-41996.md @@ -14,5 +14,6 @@ Validating the order of the public keys in the Diffie-Hellman Key Agreement Prot - https://dheatattack.gitlab.io/faq/ #### Github -No PoCs found on GitHub currently. +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/ardhiatno/ubimicro-fluentbit diff --git a/2024/CVE-2024-42005.md b/2024/CVE-2024-42005.md index 6f63a586f7..3fa909525d 100644 --- a/2024/CVE-2024-42005.md +++ b/2024/CVE-2024-42005.md @@ -13,6 +13,7 @@ An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QueryS No PoCs from references. #### Github +- https://github.com/EyalSec/EyalSec_CVE - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-42007.md b/2024/CVE-2024-42007.md new file mode 100644 index 0000000000..7db6985812 --- /dev/null +++ b/2024/CVE-2024-42007.md @@ -0,0 +1,21 @@ +### [CVE-2024-42007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42007) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/BubblyCola/CVE_2024_42007 +- https://github.com/EssenceCyber/Exploit-List +- https://github.com/MelvinM8/OSCP +- https://github.com/Mr-Tree-S/POC_EXP +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-42008.md b/2024/CVE-2024-42008.md index 0a2aab6c8f..2d6f477bf0 100644 --- a/2024/CVE-2024-42008.md +++ b/2024/CVE-2024-42008.md @@ -13,5 +13,8 @@ A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcu - https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/ #### Github -No PoCs found on GitHub currently. +- https://github.com/Foxer131/CVE-2024-42008-9-exploit +- https://github.com/rpgsec/Roundcube-CVE-2024-42008-POC +- https://github.com/victoni/Roundcube-CVE-2024-42008-and-CVE-2024-42010-POC +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-42009.md b/2024/CVE-2024-42009.md index 51300616f7..4338e12996 100644 --- a/2024/CVE-2024-42009.md +++ b/2024/CVE-2024-42009.md @@ -13,5 +13,11 @@ A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x throug - https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/ #### Github -No PoCs found on GitHub currently. +- https://github.com/0xbassiouny1337/CVE-2024-42009 +- https://github.com/Bhanunamikaze/CVE-2024-42009 +- https://github.com/DaniTheHack3r/CVE-2024-42009-PoC +- https://github.com/Foxer131/CVE-2024-42008-9-exploit +- https://github.com/Shubhankargupta691/CVE-2024-42009 +- https://github.com/packetinside/CISA_BOT +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-42010.md b/2024/CVE-2024-42010.md index 83c72a479a..9d3cf6b2b7 100644 --- a/2024/CVE-2024-42010.md +++ b/2024/CVE-2024-42010.md @@ -14,4 +14,5 @@ mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/victoni/Roundcube-CVE-2024-42008-and-CVE-2024-42010-POC diff --git a/2024/CVE-2024-42041.md b/2024/CVE-2024-42041.md new file mode 100644 index 0000000000..f754cf5576 --- /dev/null +++ b/2024/CVE-2024-42041.md @@ -0,0 +1,17 @@ +### [CVE-2024-42041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42041) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-42049.md b/2024/CVE-2024-42049.md new file mode 100644 index 0000000000..a3fb690051 --- /dev/null +++ b/2024/CVE-2024-42049.md @@ -0,0 +1,18 @@ +### [CVE-2024-42049](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42049) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zeved/CVE-2024-42049-PoC + diff --git a/2024/CVE-2024-42050.md b/2024/CVE-2024-42050.md new file mode 100644 index 0000000000..a0bc3e03e1 --- /dev/null +++ b/2024/CVE-2024-42050.md @@ -0,0 +1,17 @@ +### [CVE-2024-42050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42050) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg. + +### POC + +#### Reference +- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/25584410412571--Splashtop-Streamer-version-v3-7-0-0-for-Windows-released + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42051.md b/2024/CVE-2024-42051.md new file mode 100644 index 0000000000..3bde076d91 --- /dev/null +++ b/2024/CVE-2024-42051.md @@ -0,0 +1,17 @@ +### [CVE-2024-42051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42051) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg. + +### POC + +#### Reference +- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/20716875636763-Splashtop-Streamer-version-v3-6-2-0-for-Windows-released + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42052.md b/2024/CVE-2024-42052.md new file mode 100644 index 0000000000..e0486f693c --- /dev/null +++ b/2024/CVE-2024-42052.md @@ -0,0 +1,17 @@ +### [CVE-2024-42052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42052) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder. + +### POC + +#### Reference +- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42053.md b/2024/CVE-2024-42053.md new file mode 100644 index 0000000000..0c67bb9b73 --- /dev/null +++ b/2024/CVE-2024-42053.md @@ -0,0 +1,17 @@ +### [CVE-2024-42053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42053) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder. + +### POC + +#### Reference +- https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/18223802896539-Splashtop-Streamer-version-v3-6-0-0-for-Windows-released + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42162.md b/2024/CVE-2024-42162.md new file mode 100644 index 0000000000..db65fc8e1a --- /dev/null +++ b/2024/CVE-2024-42162.md @@ -0,0 +1,18 @@ +### [CVE-2024-42162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42162) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2032675d828c8a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:gve: Account for stopped queues when reading NIC statsWe now account for the fact that the NIC might send us stats for asubset of queues. Without this change, gve_get_ethtool_stats might makean invalid access on the priv->stats_report->stats array. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-42218.md b/2024/CVE-2024-42218.md new file mode 100644 index 0000000000..ec7510c397 --- /dev/null +++ b/2024/CVE-2024-42218.md @@ -0,0 +1,19 @@ +### [CVE-2024-42218](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42218) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/HamzaMhirsi/CVE_details_NVD +- https://github.com/theulis/NIST-1Password-Kandji-Public +- https://github.com/theulis/NIST-1Password-Public + diff --git a/2024/CVE-2024-42219.md b/2024/CVE-2024-42219.md new file mode 100644 index 0000000000..5b3d4dd787 --- /dev/null +++ b/2024/CVE-2024-42219.md @@ -0,0 +1,19 @@ +### [CVE-2024-42219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42219) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/HamzaMhirsi/CVE_details_NVD +- https://github.com/theulis/NIST-1Password-Kandji-Public +- https://github.com/theulis/NIST-1Password-Public + diff --git a/2024/CVE-2024-42228.md b/2024/CVE-2024-42228.md new file mode 100644 index 0000000000..4b942e6f91 --- /dev/null +++ b/2024/CVE-2024-42228.md @@ -0,0 +1,17 @@ +### [CVE-2024-42228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42228) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20d35cf41c8eb5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_relocInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-42246.md b/2024/CVE-2024-42246.md index 44920a53f8..1348ac0e75 100644 --- a/2024/CVE-2024-42246.md +++ b/2024/CVE-2024-42246.md @@ -1,6 +1,6 @@ ### [CVE-2024-42246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=4fbac77d2d09%3C%20f2431e7db0fe%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4fbac77d2d09%3C%20bc7902612189%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42308.md b/2024/CVE-2024-42308.md index 20d0c3c4ee..7c3c804250 100644 --- a/2024/CVE-2024-42308.md +++ b/2024/CVE-2024-42308.md @@ -1,11 +1,11 @@ ### [CVE-2024-42308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42308) -![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%2071dbf9535934%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Check for NULL pointer[why & how]Need to make sure plane_state is initializedbefore accessing its members.(cherry picked from commit 295d91cbc700651782a60572f83c24861607b648) +** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ### POC diff --git a/2024/CVE-2024-4231.md b/2024/CVE-2024-4231.md index 241ba219dd..e451c10cab 100644 --- a/2024/CVE-2024-4231.md +++ b/2024/CVE-2024-4231.md @@ -13,5 +13,6 @@ This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; No PoCs from references. #### Github +- https://github.com/Redfox-Security/Digisol-DG-GR1321-s-Improper-Access-Control-CVE-2024-4231 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42314.md b/2024/CVE-2024-42314.md index 6d91b754a3..c27df57025 100644 --- a/2024/CVE-2024-42314.md +++ b/2024/CVE-2024-42314.md @@ -1,6 +1,6 @@ ### [CVE-2024-42314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42314) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=6a4049102055%3C%20c205565e0f2f%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6a4049102055%3C%20c1cc3326e27b%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/robertsirc/sle-bci-demo diff --git a/2024/CVE-2024-42315.md b/2024/CVE-2024-42315.md index c0a03df666..5ec039516b 100644 --- a/2024/CVE-2024-42315.md +++ b/2024/CVE-2024-42315.md @@ -1,6 +1,6 @@ ### [CVE-2024-42315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42315) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=a3ff29a95fde%3C%20a7ac198f8dba%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=bd3bdb9e0d656f760b11d0c638d35d7f7068144d%3C%20632fb232b6bbf8277edcbe9ecd4b4d98ecb122eb%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42319.md b/2024/CVE-2024-42319.md index cbe7f4b96d..797595b77c 100644 --- a/2024/CVE-2024-42319.md +++ b/2024/CVE-2024-42319.md @@ -1,6 +1,6 @@ ### [CVE-2024-42319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42319) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=623a6143a845%3C%2011fa625b45fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=623a6143a845%3C%201403991a40b9%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-4232.md b/2024/CVE-2024-4232.md index 3f850a0929..98f4bfcb6b 100644 --- a/2024/CVE-2024-4232.md +++ b/2024/CVE-2024-4232.md @@ -13,5 +13,7 @@ This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; No PoCs from references. #### Github +- https://github.com/Redfox-Security/Digisol-DG--GR1321-s-Password-Storage-in-Plaintext--CVE-2024-4232 +- https://github.com/Redfox-Security/Digisol-DG-GR1321-s-Password-Storage-in-Plaintext-CVE-2024-4232 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42322.md b/2024/CVE-2024-42322.md index 924f7072de..3b1bdcf88e 100644 --- a/2024/CVE-2024-42322.md +++ b/2024/CVE-2024-42322.md @@ -1,6 +1,6 @@ ### [CVE-2024-42322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=39b972231536%3C%203dd428039e06%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=39b9722315364121c6e2524515a6e95d52287549%3C%2036c997f1e03601475ad0fda0e0f59b7a209e756b%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-42323.md b/2024/CVE-2024-42323.md new file mode 100644 index 0000000000..cbf70819f8 --- /dev/null +++ b/2024/CVE-2024-42323.md @@ -0,0 +1,32 @@ +### [CVE-2024-42323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42323) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HertzBeat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers.This issue affects Apache HertzBeat (incubating): before 1.6.0.Users are recommended to upgrade to version 1.6.0, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/1diot9/MyJavaSecStudy +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Threekiii/Awesome-POC +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 +- https://github.com/yulate/yulate + diff --git a/2024/CVE-2024-42327.md b/2024/CVE-2024-42327.md new file mode 100644 index 0000000000..92769ac5d1 --- /dev/null +++ b/2024/CVE-2024-42327.md @@ -0,0 +1,40 @@ +### [CVE-2024-42327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42327) +![](https://img.shields.io/static/v1?label=Product&message=Zabbix&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20SQL%20Injection&color=brighgreen) + +### Description + +A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/874anthony/CVE-2024-42327_Zabbix_SQLi +- https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Threekiii/CVE +- https://github.com/a1batr0ssG/VulhubExpand +- https://github.com/adysec/POC +- https://github.com/aramosf/cve-2024-42327 +- https://github.com/compr00t/CVE-2024-42327 +- https://github.com/depers-rus/CVE-2024-42327 +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/godylockz/CVE-2024-42327 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hsltz/zabbix_gui_scanner +- https://github.com/iemotion/POC +- https://github.com/igorbf495/CVE-2024-42327 +- https://github.com/itform-fr/Zabbix---CVE-2024-42327 +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/saad0x1/Exploits +- https://github.com/watchdog1337/CVE-2024-42327_Zabbix_SQLI + diff --git a/2024/CVE-2024-42346.md b/2024/CVE-2024-42346.md new file mode 100644 index 0000000000..0900d7fb2e --- /dev/null +++ b/2024/CVE-2024-42346.md @@ -0,0 +1,17 @@ +### [CVE-2024-42346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42346) +![](https://img.shields.io/static/v1?label=Product&message=galaxy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2024.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/partywavesec/CVE-2024-42346 + diff --git a/2024/CVE-2024-42353.md b/2024/CVE-2024-42353.md new file mode 100644 index 0000000000..b7094ee7d2 --- /dev/null +++ b/2024/CVE-2024-42353.md @@ -0,0 +1,17 @@ +### [CVE-2024-42353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42353) +![](https://img.shields.io/static/v1?label=Product&message=webob&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%201.8.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/haiyen11231/automation-tool-for-patch-backporting + diff --git a/2024/CVE-2024-42358.md b/2024/CVE-2024-42358.md index d4a5658c46..273b42e8e1 100644 --- a/2024/CVE-2024-42358.md +++ b/2024/CVE-2024-42358.md @@ -13,5 +13,5 @@ PDFio is a simple C library for reading and writing PDF files. There is a denial - https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-4hh9-j68x-8353 #### Github -No PoCs found on GitHub currently. +- https://github.com/GAP-dev/GAP-dev diff --git a/2024/CVE-2024-4236.md b/2024/CVE-2024-4236.md index 98b30d301d..2b7c040de3 100644 --- a/2024/CVE-2024-4236.md +++ b/2024/CVE-2024-4236.md @@ -15,5 +15,6 @@ A vulnerability, which was classified as critical, has been found in Tenda AX180 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-42364.md b/2024/CVE-2024-42364.md new file mode 100644 index 0000000000..6d7645e674 --- /dev/null +++ b/2024/CVE-2024-42364.md @@ -0,0 +1,18 @@ +### [CVE-2024-42364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42364) +![](https://img.shields.io/static/v1?label=Product&message=homepage&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-350%3A%20Reliance%20on%20Reverse%20DNS%20Resolution%20for%20a%20Security-Critical%20Action&color=brighgreen) + +### Description + +Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit his/her website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the homepage instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the webserver after the IP address has changed. When the attacker domain is fetched, the response will be from the homepage instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, a user’s private information such as API keys (fixed after first report) and other private information can then be extracted by the attacker website. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ibrahmsql/CVE-2024-42364 +- https://github.com/ibrahmsql/discoursemap + diff --git a/2024/CVE-2024-4237.md b/2024/CVE-2024-4237.md index d4d88cedab..99b8d97b0f 100644 --- a/2024/CVE-2024-4237.md +++ b/2024/CVE-2024-4237.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4238.md b/2024/CVE-2024-4238.md index 427f15bb69..ce397db3dc 100644 --- a/2024/CVE-2024-4238.md +++ b/2024/CVE-2024-4238.md @@ -14,4 +14,5 @@ A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critica #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4239.md b/2024/CVE-2024-4239.md index 7f7b652a2a..83b71a4e0f 100644 --- a/2024/CVE-2024-4239.md +++ b/2024/CVE-2024-4239.md @@ -14,5 +14,6 @@ A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Af #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC - https://github.com/helloyhrr/IoT_vulnerability diff --git a/2024/CVE-2024-4240.md b/2024/CVE-2024-4240.md index b1238d513a..1d7335f03f 100644 --- a/2024/CVE-2024-4240.md +++ b/2024/CVE-2024-4240.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as c #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4241.md b/2024/CVE-2024-4241.md index 44797978e8..2d8670c4c4 100644 --- a/2024/CVE-2024-4241.md +++ b/2024/CVE-2024-4241.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as cri #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42415.md b/2024/CVE-2024-42415.md new file mode 100644 index 0000000000..bf2a9eb396 --- /dev/null +++ b/2024/CVE-2024-42415.md @@ -0,0 +1,17 @@ +### [CVE-2024-42415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42415) +![](https://img.shields.io/static/v1?label=Product&message=G%20Structured%20File%20Library%20(libgsf)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.14.52%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4242.md b/2024/CVE-2024-4242.md index 37aab1b6db..ff97710b04 100644 --- a/2024/CVE-2024-4242.md +++ b/2024/CVE-2024-4242.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critic #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4243.md b/2024/CVE-2024-4243.md index 77f850af7d..26c8cd8be4 100644 --- a/2024/CVE-2024-4243.md +++ b/2024/CVE-2024-4243.md @@ -14,4 +14,5 @@ A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4244.md b/2024/CVE-2024-4244.md index a936d7e6ad..5ee23d7990 100644 --- a/2024/CVE-2024-4244.md +++ b/2024/CVE-2024-4244.md @@ -14,4 +14,5 @@ A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affe #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42448.md b/2024/CVE-2024-42448.md new file mode 100644 index 0000000000..64505e5f7f --- /dev/null +++ b/2024/CVE-2024-42448.md @@ -0,0 +1,17 @@ +### [CVE-2024-42448](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42448) +![](https://img.shields.io/static/v1?label=Product&message=Service%20Provider%20Console&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.1%3C%3D%208.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h3lye/CVE-2024-42448-RCE + diff --git a/2024/CVE-2024-4245.md b/2024/CVE-2024-4245.md index 416d70a51c..45f15fed93 100644 --- a/2024/CVE-2024-4245.md +++ b/2024/CVE-2024-4245.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, has been found in Tenda i21 1 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42450.md b/2024/CVE-2024-42450.md new file mode 100644 index 0000000000..9861699e7c --- /dev/null +++ b/2024/CVE-2024-42450.md @@ -0,0 +1,17 @@ +### [CVE-2024-42450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42450) +![](https://img.shields.io/static/v1?label=Product&message=Director&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=22.1.4%3C%3D%2022.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. Exploitation Status:Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.Workarounds or Mitigation:Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports This vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. Please contact Versa Technical Support or Versa account team for any further assistance.Software Download Links:22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-4246.md b/2024/CVE-2024-4246.md index 1fd77eb430..f19340f128 100644 --- a/2024/CVE-2024-4246.md +++ b/2024/CVE-2024-4246.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42461.md b/2024/CVE-2024-42461.md index 4bb94b6758..99d99939d8 100644 --- a/2024/CVE-2024-42461.md +++ b/2024/CVE-2024-42461.md @@ -13,5 +13,11 @@ In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs b No PoCs from references. #### Github +- https://github.com/Alirezarv700/CryptoDeepTools +- https://github.com/Pirtmoppfnx861le/CryptoDeepTools +- https://github.com/demining/CryptoDeepTools +- https://github.com/demining/Signature-Malleability +- https://github.com/fevar54/CVE-2024-42461 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/rileyHoward92/CryptoDeepTools diff --git a/2024/CVE-2024-42462.md b/2024/CVE-2024-42462.md index 1829438d05..0ac276a692 100644 --- a/2024/CVE-2024-42462.md +++ b/2024/CVE-2024-42462.md @@ -10,7 +10,7 @@ Improper Authentication vulnerability in upKeeper Solutions product upKeeper Man ### POC #### Reference -No PoCs from references. +- https://support.upkeeper.se/hc/en-us/articles/15432045399452-CVE-2024-42462-Bypass-multifactor-authentication #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42463.md b/2024/CVE-2024-42463.md index 35bd855a58..7be3bf506a 100644 --- a/2024/CVE-2024-42463.md +++ b/2024/CVE-2024-42463.md @@ -10,7 +10,7 @@ Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solut ### POC #### Reference -No PoCs from references. +- https://support.upkeeper.se/hc/en-us/articles/15432241822620-CVE-2024-42463-Leak-of-organizations-messages #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42464.md b/2024/CVE-2024-42464.md index 2cd4f78052..2e390c5b53 100644 --- a/2024/CVE-2024-42464.md +++ b/2024/CVE-2024-42464.md @@ -10,7 +10,7 @@ Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solut ### POC #### Reference -No PoCs from references. +- https://support.upkeeper.se/hc/en-us/articles/15432275702044-CVE-2024-42464-Leak-of-user-Information #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42465.md b/2024/CVE-2024-42465.md index e88f83eab8..93f43735fa 100644 --- a/2024/CVE-2024-42465.md +++ b/2024/CVE-2024-42465.md @@ -10,7 +10,7 @@ Improper Restriction of Excessive Authentication Attempts vulnerability in upKee ### POC #### Reference -No PoCs from references. +- https://support.upkeeper.se/hc/en-us/articles/15432332385564-CVE-2024-42465-Lack-of-resources-and-rate-limiting-two-factor-authentication #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42466.md b/2024/CVE-2024-42466.md index ddafc647f4..a7673bdfb1 100644 --- a/2024/CVE-2024-42466.md +++ b/2024/CVE-2024-42466.md @@ -10,7 +10,7 @@ Improper Restriction of Excessive Authentication Attempts vulnerability in upKee ### POC #### Reference -No PoCs from references. +- https://support.upkeeper.se/hc/en-us/articles/15432408367260-CVE-2024-42466-Lack-of-resources-and-rate-limiting-login #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-4247.md b/2024/CVE-2024-4247.md index 5b073eeba2..56937beb6a 100644 --- a/2024/CVE-2024-4247.md +++ b/2024/CVE-2024-4247.md @@ -14,4 +14,5 @@ A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as cri #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42471.md b/2024/CVE-2024-42471.md new file mode 100644 index 0000000000..d8e212123f --- /dev/null +++ b/2024/CVE-2024-42471.md @@ -0,0 +1,18 @@ +### [CVE-2024-42471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42471) +![](https://img.shields.io/static/v1?label=Product&message=toolkit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.0.0%2C%20%3C%202.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/theMcSam/CVE-2024-42471-PoC + diff --git a/2024/CVE-2024-42474.md b/2024/CVE-2024-42474.md index 8b3a695b60..dd7c7d4d76 100644 --- a/2024/CVE-2024-42474.md +++ b/2024/CVE-2024-42474.md @@ -13,5 +13,6 @@ Streamlit is a data oriented application development framework for python. Snowf No PoCs from references. #### Github +- https://github.com/haiyen11231/automation-tool-for-patch-backporting - https://github.com/nvn1729/advisories diff --git a/2024/CVE-2024-42477.md b/2024/CVE-2024-42477.md index 2e997eec5f..dbe8b0ad2b 100644 --- a/2024/CVE-2024-42477.md +++ b/2024/CVE-2024-42477.md @@ -16,4 +16,5 @@ llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_ #### Github - https://github.com/7resp4ss/7resp4ss - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/honysyang/eleaipoc diff --git a/2024/CVE-2024-42478.md b/2024/CVE-2024-42478.md index ce541f9c54..f6f683093a 100644 --- a/2024/CVE-2024-42478.md +++ b/2024/CVE-2024-42478.md @@ -16,4 +16,5 @@ llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in t #### Github - https://github.com/7resp4ss/7resp4ss - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/honysyang/eleaipoc diff --git a/2024/CVE-2024-42479.md b/2024/CVE-2024-42479.md index 34075e35aa..7a4c479d8c 100644 --- a/2024/CVE-2024-42479.md +++ b/2024/CVE-2024-42479.md @@ -16,4 +16,5 @@ llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in t #### Github - https://github.com/7resp4ss/7resp4ss - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/honysyang/eleaipoc diff --git a/2024/CVE-2024-4248.md b/2024/CVE-2024-4248.md index fa6577c3a2..b01911618f 100644 --- a/2024/CVE-2024-4248.md +++ b/2024/CVE-2024-4248.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4249.md b/2024/CVE-2024-4249.md index 7b4f121876..f3c3beecea 100644 --- a/2024/CVE-2024-4249.md +++ b/2024/CVE-2024-4249.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4250.md b/2024/CVE-2024-4250.md index 7eb237aba0..0f59556f0b 100644 --- a/2024/CVE-2024-4250.md +++ b/2024/CVE-2024-4250.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as c #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4251.md b/2024/CVE-2024-4251.md index f818b08cbd..f2972812b3 100644 --- a/2024/CVE-2024-4251.md +++ b/2024/CVE-2024-4251.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as crit #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42515.md b/2024/CVE-2024-42515.md new file mode 100644 index 0000000000..573f97e004 --- /dev/null +++ b/2024/CVE-2024-42515.md @@ -0,0 +1,17 @@ +### [CVE-2024-42515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42515) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry. + +### POC + +#### Reference +- https://herolab.usd.de/security-advisories/usd-2024-0011/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4252.md b/2024/CVE-2024-4252.md index f745c710c3..88e4a1a62a 100644 --- a/2024/CVE-2024-4252.md +++ b/2024/CVE-2024-4252.md @@ -15,4 +15,5 @@ A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687) #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42523.md b/2024/CVE-2024-42523.md new file mode 100644 index 0000000000..7ed36be624 --- /dev/null +++ b/2024/CVE-2024-42523.md @@ -0,0 +1,17 @@ +### [CVE-2024-42523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42523) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData + +### POC + +#### Reference +- https://gitee.com/sanluan/PublicCMS/issues/IADVDM + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42531.md b/2024/CVE-2024-42531.md new file mode 100644 index 0000000000..c6e1153604 --- /dev/null +++ b/2024/CVE-2024-42531.md @@ -0,0 +1,17 @@ +### [CVE-2024-42531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42531) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establish RTSP protocol communictaion, but cannot obtain video or audio data; thus, there is no risk. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Anonymous120386/Anonymous + diff --git a/2024/CVE-2024-42543.md b/2024/CVE-2024-42543.md index 61a2e26283..6bdfbbadf3 100644 --- a/2024/CVE-2024-42543.md +++ b/2024/CVE-2024-42543.md @@ -13,5 +13,5 @@ TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in th - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/loginauth.md #### Github -No PoCs found on GitHub currently. +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-42545.md b/2024/CVE-2024-42545.md index ed5ca3d7aa..2c6373a3c8 100644 --- a/2024/CVE-2024-42545.md +++ b/2024/CVE-2024-42545.md @@ -13,5 +13,5 @@ TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in th - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWizardCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4255.md b/2024/CVE-2024-4255.md index 37470a89c6..17d8ed88cb 100644 --- a/2024/CVE-2024-4255.md +++ b/2024/CVE-2024-4255.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/h0e4a0r1t/h0e4a0r1t diff --git a/2024/CVE-2024-4257.md b/2024/CVE-2024-4257.md index df893490b6..5ebb458fb0 100644 --- a/2024/CVE-2024-4257.md +++ b/2024/CVE-2024-4257.md @@ -13,7 +13,24 @@ A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. - https://github.com/GAO-UNO/cve/blob/main/sql.md #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-4263.md b/2024/CVE-2024-4263.md new file mode 100644 index 0000000000..210482a9d4 --- /dev/null +++ b/2024/CVE-2024-4263.md @@ -0,0 +1,17 @@ +### [CVE-2024-4263](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4263) +![](https://img.shields.io/static/v1?label=Product&message=mlflow%2Fmlflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.10.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/IES-Rafael-Alberti/Proyecto1_CybersecurityConsulting + diff --git a/2024/CVE-2024-42633.md b/2024/CVE-2024-42633.md new file mode 100644 index 0000000000..1cbb1025be --- /dev/null +++ b/2024/CVE-2024-42633.md @@ -0,0 +1,17 @@ +### [CVE-2024-42633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42633) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores + diff --git a/2024/CVE-2024-42640.md b/2024/CVE-2024-42640.md new file mode 100644 index 0000000000..57205afa88 --- /dev/null +++ b/2024/CVE-2024-42640.md @@ -0,0 +1,18 @@ +### [CVE-2024-42640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42640) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KTN1990/CVE-2024-42640 +- https://github.com/rvizx/CVE-2024-42640 + diff --git a/2024/CVE-2024-42642.md b/2024/CVE-2024-42642.md new file mode 100644 index 0000000000..72c170dd1c --- /dev/null +++ b/2024/CVE-2024-42642.md @@ -0,0 +1,17 @@ +### [CVE-2024-42642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42642) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/VL4DR/CVE-2024-42642 + diff --git a/2024/CVE-2024-42657.md b/2024/CVE-2024-42657.md index 3add559cb9..2d1a6d936d 100644 --- a/2024/CVE-2024-42657.md +++ b/2024/CVE-2024-42657.md @@ -13,5 +13,6 @@ An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote at No PoCs from references. #### Github +- https://github.com/baroi-ai/CVE-2024-42657 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42658.md b/2024/CVE-2024-42658.md index 77b3c67807..df7110314a 100644 --- a/2024/CVE-2024-42658.md +++ b/2024/CVE-2024-42658.md @@ -13,5 +13,7 @@ An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote at No PoCs from references. #### Github +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/baroi-ai/CVE-2024-42658 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42671.md b/2024/CVE-2024-42671.md new file mode 100644 index 0000000000..5fb9352010 --- /dev/null +++ b/2024/CVE-2024-42671.md @@ -0,0 +1,17 @@ +### [CVE-2024-42671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42671) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/abbisQQ/Appointment-Scheduler-Host-Header-Poisoning-Open-Redirect + diff --git a/2024/CVE-2024-42676.md b/2024/CVE-2024-42676.md index fef99bfdbe..3f4a7630c5 100644 --- a/2024/CVE-2024-42676.md +++ b/2024/CVE-2024-42676.md @@ -13,5 +13,7 @@ File Upload vulnerability in Huizhi enterprise resource management system v.1.0 No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42677.md b/2024/CVE-2024-42677.md index 31793f5bfe..137077723e 100644 --- a/2024/CVE-2024-42677.md +++ b/2024/CVE-2024-42677.md @@ -13,5 +13,7 @@ An issue in Huizhi enterprise resource management system v.1.0 and before allows No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42678.md b/2024/CVE-2024-42678.md index bc74e4ed73..ff95b73498 100644 --- a/2024/CVE-2024-42678.md +++ b/2024/CVE-2024-42678.md @@ -13,5 +13,7 @@ Cross Site Scripting vulnerability in Super easy enterprise management system v. No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42679.md b/2024/CVE-2024-42679.md index 44508e8b5b..02799e915d 100644 --- a/2024/CVE-2024-42679.md +++ b/2024/CVE-2024-42679.md @@ -13,5 +13,7 @@ SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 a No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42680.md b/2024/CVE-2024-42680.md index 2fb25c90d3..bd1012c8fe 100644 --- a/2024/CVE-2024-42680.md +++ b/2024/CVE-2024-42680.md @@ -13,5 +13,7 @@ An issue in Super easy enterprise management system v.1.0.0 and before allows a No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42736.md b/2024/CVE-2024-42736.md index a09c7d4026..fd7e053a38 100644 --- a/2024/CVE-2024-42736.md +++ b/2024/CVE-2024-42736.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/addBlacklist/addBlacklist.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42737.md b/2024/CVE-2024-42737.md index 05627756cd..db94a426f0 100644 --- a/2024/CVE-2024-42737.md +++ b/2024/CVE-2024-42737.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/delBlacklist/delBlacklist.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42738.md b/2024/CVE-2024-42738.md index 1407e38418..2ae4f89d6a 100644 --- a/2024/CVE-2024-42738.md +++ b/2024/CVE-2024-42738.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setDmzCfg/setDmzCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42739.md b/2024/CVE-2024-42739.md index fe06ebc119..28c62d0855 100644 --- a/2024/CVE-2024-42739.md +++ b/2024/CVE-2024-42739.md @@ -13,5 +13,6 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setAccessDeviceCfg/setAccessDeviceCfg.md #### Github +- https://github.com/HouseFuzz/reports - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42740.md b/2024/CVE-2024-42740.md index 244d9a6a86..b772528a9b 100644 --- a/2024/CVE-2024-42740.md +++ b/2024/CVE-2024-42740.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setLedCfg/setLedCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42741.md b/2024/CVE-2024-42741.md index 4b51d7d20b..f465f31897 100644 --- a/2024/CVE-2024-42741.md +++ b/2024/CVE-2024-42741.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setL2tpServerCfg/setL2tpServerCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42742.md b/2024/CVE-2024-42742.md index f78a981b68..1f2c3413a6 100644 --- a/2024/CVE-2024-42742.md +++ b/2024/CVE-2024-42742.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setUrlFilterRules/setUrlFilterRules.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42743.md b/2024/CVE-2024-42743.md index f35ef5641e..e450760eaf 100644 --- a/2024/CVE-2024-42743.md +++ b/2024/CVE-2024-42743.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setSyslogCfg/setSyslogCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42744.md b/2024/CVE-2024-42744.md index 5172f89cd3..6e3530fcb8 100644 --- a/2024/CVE-2024-42744.md +++ b/2024/CVE-2024-42744.md @@ -13,5 +13,6 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setModifyVpnUser/setModifyVpnUser.md #### Github +- https://github.com/HouseFuzz/reports - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42745.md b/2024/CVE-2024-42745.md index 8c02d8b0b8..2ff2b0b96d 100644 --- a/2024/CVE-2024-42745.md +++ b/2024/CVE-2024-42745.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setUPnPCfg/setUPnPCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42747.md b/2024/CVE-2024-42747.md index 96cff9a1b4..2a4505e956 100644 --- a/2024/CVE-2024-42747.md +++ b/2024/CVE-2024-42747.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setWanIeCfg/setWanIeCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42748.md b/2024/CVE-2024-42748.md index f241a7520c..b91930d202 100644 --- a/2024/CVE-2024-42748.md +++ b/2024/CVE-2024-42748.md @@ -13,5 +13,5 @@ In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contai - https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setWiFiWpsCfg/setWiFiWpsCfg.md #### Github -No PoCs found on GitHub currently. +- https://github.com/HouseFuzz/reports diff --git a/2024/CVE-2024-42812.md b/2024/CVE-2024-42812.md new file mode 100644 index 0000000000..3babca5b18 --- /dev/null +++ b/2024/CVE-2024-42812.md @@ -0,0 +1,17 @@ +### [CVE-2024-42812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42812) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores + diff --git a/2024/CVE-2024-42815.md b/2024/CVE-2024-42815.md index 0f3a2fe54f..1f2c4ec5de 100644 --- a/2024/CVE-2024-42815.md +++ b/2024/CVE-2024-42815.md @@ -11,6 +11,7 @@ In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to #### Reference - https://gist.github.com/XiaoCurry/14d46e0becd79d9bb9907f2fbe147cfe +- https://securityonline.info/cve-2024-42815-cvss-9-8-buffer-overflow-flaw-in-tp-link-routers-opens-door-to-rce/ #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-42834.md b/2024/CVE-2024-42834.md new file mode 100644 index 0000000000..e805d9f12c --- /dev/null +++ b/2024/CVE-2024-42834.md @@ -0,0 +1,18 @@ +### [CVE-2024-42834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42834) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the lastName parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CyberSec-Supra/CVE-2024-42834 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-42845.md b/2024/CVE-2024-42845.md index 93f192f92c..c4101bcce9 100644 --- a/2024/CVE-2024-42845.md +++ b/2024/CVE-2024-42845.md @@ -14,6 +14,9 @@ No PoCs from references. #### Github - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes +- https://github.com/alessio-romano/Sfoffo-Research-Blog - https://github.com/alessio-romano/alessio-romano - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/partywavesec/invesalius3_vulnerabilities +- https://github.com/theexploiters/CVE-2024-42845-Exploit diff --git a/2024/CVE-2024-42849.md b/2024/CVE-2024-42849.md index d74e328277..fd69d5a80a 100644 --- a/2024/CVE-2024-42849.md +++ b/2024/CVE-2024-42849.md @@ -13,5 +13,6 @@ An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a den - https://github.com/njmbb8/CVE-2024-42849/tree/main #### Github +- https://github.com/njmbb8/CVE-2024-42849 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42850.md b/2024/CVE-2024-42850.md index cb90214c42..c5a8ba5a4e 100644 --- a/2024/CVE-2024-42850.md +++ b/2024/CVE-2024-42850.md @@ -13,5 +13,6 @@ An issue in the password change function of Silverpeas v6.4.2 and lower allows f No PoCs from references. #### Github +- https://github.com/njmbb8/CVE-2024-42850 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42861.md b/2024/CVE-2024-42861.md new file mode 100644 index 0000000000..5430c02f4b --- /dev/null +++ b/2024/CVE-2024-42861.md @@ -0,0 +1,17 @@ +### [CVE-2024-42861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42861) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/qiupy123/CVE-2024-42861 + diff --git a/2024/CVE-2024-42898.md b/2024/CVE-2024-42898.md new file mode 100644 index 0000000000..fe89f16cc9 --- /dev/null +++ b/2024/CVE-2024-42898.md @@ -0,0 +1,17 @@ +### [CVE-2024-42898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42898) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/simalamuel/simalamuel + diff --git a/2024/CVE-2024-42913.md b/2024/CVE-2024-42913.md index cf4b0d2b1d..c156b38404 100644 --- a/2024/CVE-2024-42913.md +++ b/2024/CVE-2024-42913.md @@ -13,5 +13,6 @@ RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the No PoCs from references. #### Github +- https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42919.md b/2024/CVE-2024-42919.md index a76ffdb53c..f33c1eb6fa 100644 --- a/2024/CVE-2024-42919.md +++ b/2024/CVE-2024-42919.md @@ -13,5 +13,6 @@ eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Contro No PoCs from references. #### Github +- https://github.com/jeyabalaji711/CVE-2024-42919 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-42940.md b/2024/CVE-2024-42940.md index 191c6333ae..f8354760b1 100644 --- a/2024/CVE-2024-42940.md +++ b/2024/CVE-2024-42940.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromP2pListFilter.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42941.md b/2024/CVE-2024-42941.md index bb6d3828ef..c8962d50b3 100644 --- a/2024/CVE-2024-42941.md +++ b/2024/CVE-2024-42941.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAdvSetWan_pptpPPW.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42942.md b/2024/CVE-2024-42942.md index eaaea98e78..1a703251ca 100644 --- a/2024/CVE-2024-42942.md +++ b/2024/CVE-2024-42942.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/frmL7ImForm.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42943.md b/2024/CVE-2024-42943.md index b907559f46..bf40675875 100644 --- a/2024/CVE-2024-42943.md +++ b/2024/CVE-2024-42943.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAdvSetWan_PPPOEPassword.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42944.md b/2024/CVE-2024-42944.md index bb45c29057..afa3d13b75 100644 --- a/2024/CVE-2024-42944.md +++ b/2024/CVE-2024-42944.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromNatlimit.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42945.md b/2024/CVE-2024-42945.md index 97f0191a77..f20a9039f4 100644 --- a/2024/CVE-2024-42945.md +++ b/2024/CVE-2024-42945.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromAddressNat_page.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42946.md b/2024/CVE-2024-42946.md index b702e916fa..7be57ac826 100644 --- a/2024/CVE-2024-42946.md +++ b/2024/CVE-2024-42946.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromVirtualSer.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42947.md b/2024/CVE-2024-42947.md index 08c73246f7..5f8817c7cc 100644 --- a/2024/CVE-2024-42947.md +++ b/2024/CVE-2024-42947.md @@ -13,5 +13,5 @@ An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (40 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/telnet.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42948.md b/2024/CVE-2024-42948.md index 1e2042bb6e..2d5bf277e8 100644 --- a/2024/CVE-2024-42948.md +++ b/2024/CVE-2024-42948.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromPptpUserSetting.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42949.md b/2024/CVE-2024-42949.md index ea1e0aaac1..c6828c35c2 100644 --- a/2024/CVE-2024-42949.md +++ b/2024/CVE-2024-42949.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromqossetting_qos.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-4295.md b/2024/CVE-2024-4295.md index f0cc5bd739..1fbd381923 100644 --- a/2024/CVE-2024-4295.md +++ b/2024/CVE-2024-4295.md @@ -13,6 +13,19 @@ The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to S No PoCs from references. #### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/TgHook/CVE-2024-4295-Poc +- https://github.com/adysec/POC +- https://github.com/cve-2024/CVE-2024-4295-Poc +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/rtenacity/cve-docker-test - https://github.com/truonghuuphuc/CVE-2024-4295-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-42950.md b/2024/CVE-2024-42950.md index cb5dff1617..bf24de4ed6 100644 --- a/2024/CVE-2024-42950.md +++ b/2024/CVE-2024-42950.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromSafeClientFilter_Go.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42951.md b/2024/CVE-2024-42951.md index 0d041d0195..855e41f634 100644 --- a/2024/CVE-2024-42951.md +++ b/2024/CVE-2024-42951.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromWizardHandle_mit_pptpusrpw.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42952.md b/2024/CVE-2024-42952.md index 8b10120653..28f01970e2 100644 --- a/2024/CVE-2024-42952.md +++ b/2024/CVE-2024-42952.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromqossetting_page.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42953.md b/2024/CVE-2024-42953.md index 33d131c2a1..f3189a3d2b 100644 --- a/2024/CVE-2024-42953.md +++ b/2024/CVE-2024-42953.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromWizardHandle_PPW.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42954.md b/2024/CVE-2024-42954.md index d7a660081c..6cdfef0437 100644 --- a/2024/CVE-2024-42954.md +++ b/2024/CVE-2024-42954.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromwebExcptypemanFilter.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42955.md b/2024/CVE-2024-42955.md index 477af6b878..d39352b048 100644 --- a/2024/CVE-2024-42955.md +++ b/2024/CVE-2024-42955.md @@ -13,5 +13,5 @@ Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1201/fromSafeClientFilter_page.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42966.md b/2024/CVE-2024-42966.md index 0b3319c32c..f1bca62dd0 100644 --- a/2024/CVE-2024-42966.md +++ b/2024/CVE-2024-42966.md @@ -13,5 +13,5 @@ Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attack - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/N350R/ExportSettings.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42967.md b/2024/CVE-2024-42967.md index 26769f19b0..c19b60a4fb 100644 --- a/2024/CVE-2024-42967.md +++ b/2024/CVE-2024-42967.md @@ -13,5 +13,5 @@ Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attacke - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/LR350/ExportSettings.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42968.md b/2024/CVE-2024-42968.md index 728c0b3938..1eb62d43d6 100644 --- a/2024/CVE-2024-42968.md +++ b/2024/CVE-2024-42968.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeMacFilter_Go.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42969.md b/2024/CVE-2024-42969.md index e5bb39bcfd..f55fa046f1 100644 --- a/2024/CVE-2024-42969.md +++ b/2024/CVE-2024-42969.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeMacFilter%20_page.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42973.md b/2024/CVE-2024-42973.md index 6874250140..11c6ffa855 100644 --- a/2024/CVE-2024-42973.md +++ b/2024/CVE-2024-42973.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSetIpBind.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42974.md b/2024/CVE-2024-42974.md index 0daa3278ca..c9058ed2bb 100644 --- a/2024/CVE-2024-42974.md +++ b/2024/CVE-2024-42974.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromwebExcptypemanFilter.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42976.md b/2024/CVE-2024-42976.md index c6d6b67033..cffc8f3b08 100644 --- a/2024/CVE-2024-42976.md +++ b/2024/CVE-2024-42976.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromSafeClientFilter_page.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42977.md b/2024/CVE-2024-42977.md index 378c3be31b..68b2c955bc 100644 --- a/2024/CVE-2024-42977.md +++ b/2024/CVE-2024-42977.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromqossetting_qos.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42978.md b/2024/CVE-2024-42978.md index 2fd38fb2e1..2ed6e70c4c 100644 --- a/2024/CVE-2024-42978.md +++ b/2024/CVE-2024-42978.md @@ -13,5 +13,5 @@ An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/telnet.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42979.md b/2024/CVE-2024-42979.md index d2efaaba41..d9497f142f 100644 --- a/2024/CVE-2024-42979.md +++ b/2024/CVE-2024-42979.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/frmL7ProtForm.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42980.md b/2024/CVE-2024-42980.md index f268a8c1f8..430f13ab15 100644 --- a/2024/CVE-2024-42980.md +++ b/2024/CVE-2024-42980.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/frmL7ImForm.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42981.md b/2024/CVE-2024-42981.md index e6ecbc4a24..d7b08264ef 100644 --- a/2024/CVE-2024-42981.md +++ b/2024/CVE-2024-42981.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the del - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromPptpUserSetting.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42982.md b/2024/CVE-2024-42982.md index 8e68af10bf..98daacc4a5 100644 --- a/2024/CVE-2024-42982.md +++ b/2024/CVE-2024-42982.md @@ -13,5 +13,6 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromVirtualSer.md #### Github +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42983.md b/2024/CVE-2024-42983.md index d541aae652..30cbd8896b 100644 --- a/2024/CVE-2024-42983.md +++ b/2024/CVE-2024-42983.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the ppt - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromAdvSetWan_pptpPPW.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42984.md b/2024/CVE-2024-42984.md index ac17319e35..4e2af42a52 100644 --- a/2024/CVE-2024-42984.md +++ b/2024/CVE-2024-42984.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromP2pListFilter.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42985.md b/2024/CVE-2024-42985.md index ba899076e0..24cc35d0b1 100644 --- a/2024/CVE-2024-42985.md +++ b/2024/CVE-2024-42985.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pag - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromNatlimit.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42986.md b/2024/CVE-2024-42986.md index e95a3eee09..d67f09f630 100644 --- a/2024/CVE-2024-42986.md +++ b/2024/CVE-2024-42986.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPP - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromAdvSetWan_PPPOEPassword.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42987.md b/2024/CVE-2024-42987.md index 7cb0fbf57b..f8a7153305 100644 --- a/2024/CVE-2024-42987.md +++ b/2024/CVE-2024-42987.md @@ -13,5 +13,5 @@ Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the mod - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromPptpUserAdd.md #### Github -No PoCs found on GitHub currently. +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable diff --git a/2024/CVE-2024-42992.md b/2024/CVE-2024-42992.md index 1407e00f94..0411a93472 100644 --- a/2024/CVE-2024-42992.md +++ b/2024/CVE-2024-42992.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/thanhh23/CVE-2024-42992 diff --git a/2024/CVE-2024-43024.md b/2024/CVE-2024-43024.md new file mode 100644 index 0000000000..d4a1bd02ab --- /dev/null +++ b/2024/CVE-2024-43024.md @@ -0,0 +1,17 @@ +### [CVE-2024-43024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43024) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sharpe-nl/CVEs + diff --git a/2024/CVE-2024-43025.md b/2024/CVE-2024-43025.md new file mode 100644 index 0000000000..cd421989d0 --- /dev/null +++ b/2024/CVE-2024-43025.md @@ -0,0 +1,17 @@ +### [CVE-2024-43025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43025) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sharpe-nl/CVEs + diff --git a/2024/CVE-2024-43033.md b/2024/CVE-2024-43033.md new file mode 100644 index 0000000000..f0d813d976 --- /dev/null +++ b/2024/CVE-2024-43033.md @@ -0,0 +1,17 @@ +### [CVE-2024-43033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43033) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lazy-forever/CVE-Reference + diff --git a/2024/CVE-2024-43040.md b/2024/CVE-2024-43040.md new file mode 100644 index 0000000000..f9c498e4b0 --- /dev/null +++ b/2024/CVE-2024-43040.md @@ -0,0 +1,17 @@ +### [CVE-2024-43040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43040) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/X1lyS/CVE_Archive + diff --git a/2024/CVE-2024-43044.md b/2024/CVE-2024-43044.md index 37210a6257..e29330aa40 100644 --- a/2024/CVE-2024-43044.md +++ b/2024/CVE-2024-43044.md @@ -13,9 +13,32 @@ Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to rea No PoCs from references. #### Github +- https://github.com/12442RF/POC +- https://github.com/DACC4/CVE-2024-43044-jenkins-creds +- https://github.com/DMW11525708/wiki +- https://github.com/HwMex0/CVE-2024-43044 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV +- https://github.com/Threekiii/CVE +- https://github.com/WhosGa/MyWiki +- https://github.com/admin772/POC +- https://github.com/adysec/POC +- https://github.com/bright-angel/sec-repos +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/cleverg0d/CVEs +- https://github.com/convisolabs/CVE-2024-43044-jenkins +- https://github.com/eeeeeeeeee-code/POC - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/jenkinsci-cert/SECURITY-3430 +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability +- https://github.com/onewinner/VulToolsKit +- https://github.com/plbplbp/loudong001 - https://github.com/tanjiti/sec_profile +- https://github.com/v9d0g/CVE-2024-43044-POC diff --git a/2024/CVE-2024-43047.md b/2024/CVE-2024-43047.md new file mode 100644 index 0000000000..baf066add7 --- /dev/null +++ b/2024/CVE-2024-43047.md @@ -0,0 +1,17 @@ +### [CVE-2024-43047](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43047) +![](https://img.shields.io/static/v1?label=Product&message=Snapdragon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20FastConnect%206700%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Memory corruption while maintaining memory maps of HLOS memory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-43080.md b/2024/CVE-2024-43080.md new file mode 100644 index 0000000000..187a41405e --- /dev/null +++ b/2024/CVE-2024-43080.md @@ -0,0 +1,17 @@ +### [CVE-2024-43080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43080) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/canyie/canyie + diff --git a/2024/CVE-2024-43081.md b/2024/CVE-2024-43081.md new file mode 100644 index 0000000000..88a1df3a91 --- /dev/null +++ b/2024/CVE-2024-43081.md @@ -0,0 +1,17 @@ +### [CVE-2024-43081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43081) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/canyie/canyie + diff --git a/2024/CVE-2024-43087.md b/2024/CVE-2024-43087.md new file mode 100644 index 0000000000..5bd29a6ac3 --- /dev/null +++ b/2024/CVE-2024-43087.md @@ -0,0 +1,17 @@ +### [CVE-2024-43087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43087) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. + +### POC + +#### Reference +- https://android.googlesource.com/platform/packages/apps/Settings/+/6253b87704bb097ad9963941bdddf3b86906a73e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43088.md b/2024/CVE-2024-43088.md new file mode 100644 index 0000000000..479cb95e63 --- /dev/null +++ b/2024/CVE-2024-43088.md @@ -0,0 +1,18 @@ +### [CVE-2024-43088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43088) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/canyie/canyie +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-43090.md b/2024/CVE-2024-43090.md new file mode 100644 index 0000000000..cf335e6e3d --- /dev/null +++ b/2024/CVE-2024-43090.md @@ -0,0 +1,18 @@ +### [CVE-2024-43090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43090) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20disclosure&color=brighgreen) + +### Description + +In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/canyie/canyie +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-43093.md b/2024/CVE-2024-43093.md new file mode 100644 index 0000000000..225ae78199 --- /dev/null +++ b/2024/CVE-2024-43093.md @@ -0,0 +1,17 @@ +### [CVE-2024-43093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43093) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-43097.md b/2024/CVE-2024-43097.md new file mode 100644 index 0000000000..642a2a5c94 --- /dev/null +++ b/2024/CVE-2024-43097.md @@ -0,0 +1,17 @@ +### [CVE-2024-43097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43097) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-43102.md b/2024/CVE-2024-43102.md new file mode 100644 index 0000000000..a267e7cbe4 --- /dev/null +++ b/2024/CVE-2024-43102.md @@ -0,0 +1,18 @@ +### [CVE-2024-43102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43102) +![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=14.1-RELEASE%3C%20p4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-911%20Improper%20Update%20of%20Reference%20Count&color=brighgreen) + +### Description + +Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early.A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/PS5Dev/PS5-UMTX-Jailbreak + diff --git a/2024/CVE-2024-43112.md b/2024/CVE-2024-43112.md new file mode 100644 index 0000000000..9e04e9dfbc --- /dev/null +++ b/2024/CVE-2024-43112.md @@ -0,0 +1,17 @@ +### [CVE-2024-43112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43112) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20129%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=iOS%20Firefox%20Download%20UXSS&color=brighgreen) + +### Description + +Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1874910 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43113.md b/2024/CVE-2024-43113.md new file mode 100644 index 0000000000..3d9d9a90e3 --- /dev/null +++ b/2024/CVE-2024-43113.md @@ -0,0 +1,17 @@ +### [CVE-2024-43113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43113) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20129%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20Context%20Menu%20for%20iOS%20Firefox%20can%20over%20ride%20on%20any%20origin%20allowing%20UXSS%20everywhere%20with%20bug%20id%201874910&color=brighgreen) + +### Description + +The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1874964 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43114.md b/2024/CVE-2024-43114.md new file mode 100644 index 0000000000..d206c5d1e1 --- /dev/null +++ b/2024/CVE-2024-43114.md @@ -0,0 +1,17 @@ +### [CVE-2024-43114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43114) +![](https://img.shields.io/static/v1?label=Product&message=TeamCity&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.07.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276&color=brighgreen) + +### Description + +In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crisprss/CVEs + diff --git a/2024/CVE-2024-43118.md b/2024/CVE-2024-43118.md new file mode 100644 index 0000000000..725a41b69c --- /dev/null +++ b/2024/CVE-2024-43118.md @@ -0,0 +1,17 @@ +### [CVE-2024-43118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43118) +![](https://img.shields.io/static/v1?label=Product&message=Hummingbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43119.md b/2024/CVE-2024-43119.md new file mode 100644 index 0000000000..9a22130f97 --- /dev/null +++ b/2024/CVE-2024-43119.md @@ -0,0 +1,17 @@ +### [CVE-2024-43119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43119) +![](https://img.shields.io/static/v1?label=Product&message=Aruba%20HiSpeed%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43120.md b/2024/CVE-2024-43120.md new file mode 100644 index 0000000000..14cf7bc947 --- /dev/null +++ b/2024/CVE-2024-43120.md @@ -0,0 +1,17 @@ +### [CVE-2024-43120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43120) +![](https://img.shields.io/static/v1?label=Product&message=TypeSquare%20Webfonts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43122.md b/2024/CVE-2024-43122.md new file mode 100644 index 0000000000..1582b5f54d --- /dev/null +++ b/2024/CVE-2024-43122.md @@ -0,0 +1,17 @@ +### [CVE-2024-43122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43122) +![](https://img.shields.io/static/v1?label=Product&message=Robin%20image%20optimizer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43134.md b/2024/CVE-2024-43134.md new file mode 100644 index 0000000000..a15b90e7ab --- /dev/null +++ b/2024/CVE-2024-43134.md @@ -0,0 +1,17 @@ +### [CVE-2024-43134](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43134) +![](https://img.shields.io/static/v1?label=Product&message=Waitlist%20Woocommerce%20(%20Back%20in%20stock%20notifier%20)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43136.md b/2024/CVE-2024-43136.md new file mode 100644 index 0000000000..89e35df0e9 --- /dev/null +++ b/2024/CVE-2024-43136.md @@ -0,0 +1,17 @@ +### [CVE-2024-43136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43136) +![](https://img.shields.io/static/v1?label=Product&message=Sunshine%20Photo%20Cart&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43142.md b/2024/CVE-2024-43142.md new file mode 100644 index 0000000000..a14338f500 --- /dev/null +++ b/2024/CVE-2024-43142.md @@ -0,0 +1,17 @@ +### [CVE-2024-43142](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43142) +![](https://img.shields.io/static/v1?label=Product&message=Tutor%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43143.md b/2024/CVE-2024-43143.md new file mode 100644 index 0000000000..e15dd98999 --- /dev/null +++ b/2024/CVE-2024-43143.md @@ -0,0 +1,17 @@ +### [CVE-2024-43143](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43143) +![](https://img.shields.io/static/v1?label=Product&message=Registrations%20for%20the%20Events%20Calendar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43146.md b/2024/CVE-2024-43146.md new file mode 100644 index 0000000000..fe52215601 --- /dev/null +++ b/2024/CVE-2024-43146.md @@ -0,0 +1,17 @@ +### [CVE-2024-43146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43146) +![](https://img.shields.io/static/v1?label=Product&message=AMP%20for%20WP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43154.md b/2024/CVE-2024-43154.md new file mode 100644 index 0000000000..cfc82aea8a --- /dev/null +++ b/2024/CVE-2024-43154.md @@ -0,0 +1,17 @@ +### [CVE-2024-43154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43154) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Cron%20Manager%20%E2%80%93%20debug%20%26%20control&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43157.md b/2024/CVE-2024-43157.md new file mode 100644 index 0000000000..4e7e0f0187 --- /dev/null +++ b/2024/CVE-2024-43157.md @@ -0,0 +1,17 @@ +### [CVE-2024-43157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43157) +![](https://img.shields.io/static/v1?label=Product&message=FormCraft&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43158.md b/2024/CVE-2024-43158.md new file mode 100644 index 0000000000..f245ac3459 --- /dev/null +++ b/2024/CVE-2024-43158.md @@ -0,0 +1,17 @@ +### [CVE-2024-43158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43158) +![](https://img.shields.io/static/v1?label=Product&message=Masteriyo%20-%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43159.md b/2024/CVE-2024-43159.md new file mode 100644 index 0000000000..fede399c01 --- /dev/null +++ b/2024/CVE-2024-43159.md @@ -0,0 +1,17 @@ +### [CVE-2024-43159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43159) +![](https://img.shields.io/static/v1?label=Product&message=Masteriyo%20-%20LMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masteriyo - LMS: from n/a through 1.11.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43160.md b/2024/CVE-2024-43160.md index 6f93fb8f61..2b3f64c612 100644 --- a/2024/CVE-2024-43160.md +++ b/2024/CVE-2024-43160.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/KTN1990/CVE-2024-43160 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43162.md b/2024/CVE-2024-43162.md new file mode 100644 index 0000000000..420fdf7372 --- /dev/null +++ b/2024/CVE-2024-43162.md @@ -0,0 +1,17 @@ +### [CVE-2024-43162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43162) +![](https://img.shields.io/static/v1?label=Product&message=Easy%20Digital%20Downloads&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43167.md b/2024/CVE-2024-43167.md index 625793a788..29a229670a 100644 --- a/2024/CVE-2024-43167.md +++ b/2024/CVE-2024-43167.md @@ -12,7 +12,7 @@ ### Description -A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. +DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. ### POC diff --git a/2024/CVE-2024-43168.md b/2024/CVE-2024-43168.md index 2368e60b92..76d64d394e 100644 --- a/2024/CVE-2024-43168.md +++ b/2024/CVE-2024-43168.md @@ -12,7 +12,7 @@ ### Description -A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. +DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. ### POC diff --git a/2024/CVE-2024-4317.md b/2024/CVE-2024-4317.md index 22291e296f..e831da54ae 100644 --- a/2024/CVE-2024-4317.md +++ b/2024/CVE-2024-4317.md @@ -13,5 +13,9 @@ Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext No PoCs from references. #### Github +- https://github.com/Oluwaseun-Joseph/Credentialed-Vulnerability-Assessment-Lab +- https://github.com/ardhiatno/ubimicro-fluentbit +- https://github.com/lekctut/sdb-hw-13-01 +- https://github.com/pedr0alencar/vlab-metasploitable2 - https://github.com/wiltondb/wiltondb diff --git a/2024/CVE-2024-4320.md b/2024/CVE-2024-4320.md index 0065101299..33e95e4d9e 100644 --- a/2024/CVE-2024-4320.md +++ b/2024/CVE-2024-4320.md @@ -13,5 +13,6 @@ A remote code execution (RCE) vulnerability exists in the '/install_extension' e No PoCs from references. #### Github +- https://github.com/bolkv/CVE-2024-4320 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-43201.md b/2024/CVE-2024-43201.md new file mode 100644 index 0000000000..396b3e6886 --- /dev/null +++ b/2024/CVE-2024-43201.md @@ -0,0 +1,17 @@ +### [CVE-2024-43201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43201) +![](https://img.shields.io/static/v1?label=Product&message=Planet%20Fitness%20Workouts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-295%20Improper%20Certificate%20Validation&color=brighgreen) + +### Description + +The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12 (released on 2024-07-25) and more recently in version 9.9.13 (released on 2025-02-11). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/aapooksman/certmitm + diff --git a/2024/CVE-2024-43208.md b/2024/CVE-2024-43208.md new file mode 100644 index 0000000000..e201581111 --- /dev/null +++ b/2024/CVE-2024-43208.md @@ -0,0 +1,17 @@ +### [CVE-2024-43208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43208) +![](https://img.shields.io/static/v1?label=Product&message=Send%20Emails%20with%20Mandrill&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Miller Media ( Matt Miller ) Send Emails with Mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through 1.4.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43209.md b/2024/CVE-2024-43209.md new file mode 100644 index 0000000000..a9e76a4b73 --- /dev/null +++ b/2024/CVE-2024-43209.md @@ -0,0 +1,17 @@ +### [CVE-2024-43209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43209) +![](https://img.shields.io/static/v1?label=Product&message=Bitly&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43211.md b/2024/CVE-2024-43211.md new file mode 100644 index 0000000000..41f5fc0af3 --- /dev/null +++ b/2024/CVE-2024-43211.md @@ -0,0 +1,17 @@ +### [CVE-2024-43211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43211) +![](https://img.shields.io/static/v1?label=Product&message=MailChimp%20Subscribe%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.0.9.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through 4.0.9.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43212.md b/2024/CVE-2024-43212.md new file mode 100644 index 0000000000..491ca1dbe3 --- /dev/null +++ b/2024/CVE-2024-43212.md @@ -0,0 +1,17 @@ +### [CVE-2024-43212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43212) +![](https://img.shields.io/static/v1?label=Product&message=WpTravelly&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43215.md b/2024/CVE-2024-43215.md new file mode 100644 index 0000000000..a8c3892841 --- /dev/null +++ b/2024/CVE-2024-43215.md @@ -0,0 +1,17 @@ +### [CVE-2024-43215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43215) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Slider%20Feed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43219.md b/2024/CVE-2024-43219.md new file mode 100644 index 0000000000..3fc7db11aa --- /dev/null +++ b/2024/CVE-2024-43219.md @@ -0,0 +1,17 @@ +### [CVE-2024-43219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43219) +![](https://img.shields.io/static/v1?label=Product&message=Persian%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-4322.md b/2024/CVE-2024-4322.md new file mode 100644 index 0000000000..cdd807afbc --- /dev/null +++ b/2024/CVE-2024-4322.md @@ -0,0 +1,17 @@ +### [CVE-2024-4322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4322) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-29%20Path%20Traversal%3A%20'%5C..%5Cfilename'&color=brighgreen) + +### Description + +A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improper handling of user-supplied input in the `list_personalities` function, where the `category` parameter can be controlled to specify arbitrary directories for listing. Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nhienit2010/nhienit2010 + diff --git a/2024/CVE-2024-43223.md b/2024/CVE-2024-43223.md new file mode 100644 index 0000000000..99afd2fa97 --- /dev/null +++ b/2024/CVE-2024-43223.md @@ -0,0 +1,17 @@ +### [CVE-2024-43223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43223) +![](https://img.shields.io/static/v1?label=Product&message=EventPrime&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43229.md b/2024/CVE-2024-43229.md new file mode 100644 index 0000000000..25af28a08c --- /dev/null +++ b/2024/CVE-2024-43229.md @@ -0,0 +1,17 @@ +### [CVE-2024-43229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43229) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Search%20Analytics&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Search Analytics: from n/a through 1.4.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-4323.md b/2024/CVE-2024-4323.md index 0c3c9aca7d..2626d4e822 100644 --- a/2024/CVE-2024-4323.md +++ b/2024/CVE-2024-4323.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/d0rb/CVE-2024-4323 +- https://github.com/felixsta/Using_CVSS - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/skilfoy/CVE-2024-4323-Exploit-POC - https://github.com/yuansec/CVE-2024-4323-dos_poc diff --git a/2024/CVE-2024-43235.md b/2024/CVE-2024-43235.md new file mode 100644 index 0000000000..41b964b9ec --- /dev/null +++ b/2024/CVE-2024-43235.md @@ -0,0 +1,17 @@ +### [CVE-2024-43235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43235) +![](https://img.shields.io/static/v1?label=Product&message=Meta%20Box%20%E2%80%93%20WordPress%20Custom%20Fields%20Framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43253.md b/2024/CVE-2024-43253.md new file mode 100644 index 0000000000..8cb3581a2b --- /dev/null +++ b/2024/CVE-2024-43253.md @@ -0,0 +1,17 @@ +### [CVE-2024-43253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43253) +![](https://img.shields.io/static/v1?label=Product&message=Smart%20Online%20Order%20for%20Clover&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a through 1.5.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43254.md b/2024/CVE-2024-43254.md new file mode 100644 index 0000000000..1daa16dbfa --- /dev/null +++ b/2024/CVE-2024-43254.md @@ -0,0 +1,17 @@ +### [CVE-2024-43254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43254) +![](https://img.shields.io/static/v1?label=Product&message=Smart%20Online%20Order%20for%20Clover&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Online Order for Clover: from n/a through 1.5.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43260.md b/2024/CVE-2024-43260.md new file mode 100644 index 0000000000..4406178605 --- /dev/null +++ b/2024/CVE-2024-43260.md @@ -0,0 +1,17 @@ +### [CVE-2024-43260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43260) +![](https://img.shields.io/static/v1?label=Product&message=Clearfy%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43268.md b/2024/CVE-2024-43268.md new file mode 100644 index 0000000000..4f8713dd83 --- /dev/null +++ b/2024/CVE-2024-43268.md @@ -0,0 +1,17 @@ +### [CVE-2024-43268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43268) +![](https://img.shields.io/static/v1?label=Product&message=Backup%20and%20Restore%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.50%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows .This issue affects Backup and Restore WordPress: from n/a through 1.50. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43270.md b/2024/CVE-2024-43270.md new file mode 100644 index 0000000000..0298fbe9cb --- /dev/null +++ b/2024/CVE-2024-43270.md @@ -0,0 +1,17 @@ +### [CVE-2024-43270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43270) +![](https://img.shields.io/static/v1?label=Product&message=Backup%20and%20Restore%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.50%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43273.md b/2024/CVE-2024-43273.md new file mode 100644 index 0000000000..887caaa45f --- /dev/null +++ b/2024/CVE-2024-43273.md @@ -0,0 +1,17 @@ +### [CVE-2024-43273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43273) +![](https://img.shields.io/static/v1?label=Product&message=Icegram%20Collect&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43277.md b/2024/CVE-2024-43277.md new file mode 100644 index 0000000000..50f0b21bc9 --- /dev/null +++ b/2024/CVE-2024-43277.md @@ -0,0 +1,17 @@ +### [CVE-2024-43277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43277) +![](https://img.shields.io/static/v1?label=Product&message=UsersWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43285.md b/2024/CVE-2024-43285.md new file mode 100644 index 0000000000..e9c523e7e9 --- /dev/null +++ b/2024/CVE-2024-43285.md @@ -0,0 +1,17 @@ +### [CVE-2024-43285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43285) +![](https://img.shields.io/static/v1?label=Product&message=Presto%20Player&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43290.md b/2024/CVE-2024-43290.md new file mode 100644 index 0000000000..34440b848e --- /dev/null +++ b/2024/CVE-2024-43290.md @@ -0,0 +1,17 @@ +### [CVE-2024-43290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43290) +![](https://img.shields.io/static/v1?label=Product&message=Atarim&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43293.md b/2024/CVE-2024-43293.md new file mode 100644 index 0000000000..8619dfd643 --- /dev/null +++ b/2024/CVE-2024-43293.md @@ -0,0 +1,17 @@ +### [CVE-2024-43293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43293) +![](https://img.shields.io/static/v1?label=Product&message=Recipe%20Card%20Blocks%20for%20Gutenberg%20%26%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43296.md b/2024/CVE-2024-43296.md new file mode 100644 index 0000000000..b425f9c138 --- /dev/null +++ b/2024/CVE-2024-43296.md @@ -0,0 +1,17 @@ +### [CVE-2024-43296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43296) +![](https://img.shields.io/static/v1?label=Product&message=Flash%20%26%20HTML5%20Video&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43297.md b/2024/CVE-2024-43297.md new file mode 100644 index 0000000000..2fa9da871d --- /dev/null +++ b/2024/CVE-2024-43297.md @@ -0,0 +1,17 @@ +### [CVE-2024-43297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43297) +![](https://img.shields.io/static/v1?label=Product&message=Clone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43298.md b/2024/CVE-2024-43298.md new file mode 100644 index 0000000000..6f3c233286 --- /dev/null +++ b/2024/CVE-2024-43298.md @@ -0,0 +1,17 @@ +### [CVE-2024-43298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43298) +![](https://img.shields.io/static/v1?label=Product&message=Clone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43302.md b/2024/CVE-2024-43302.md new file mode 100644 index 0000000000..0cf7cdc042 --- /dev/null +++ b/2024/CVE-2024-43302.md @@ -0,0 +1,17 @@ +### [CVE-2024-43302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43302) +![](https://img.shields.io/static/v1?label=Product&message=Fonts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43310.md b/2024/CVE-2024-43310.md new file mode 100644 index 0000000000..777d033b9f --- /dev/null +++ b/2024/CVE-2024-43310.md @@ -0,0 +1,17 @@ +### [CVE-2024-43310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43310) +![](https://img.shields.io/static/v1?label=Product&message=Print%20Barcode%20Labels%20for%20your%20WooCommerce%20products%2Forders&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43312.md b/2024/CVE-2024-43312.md new file mode 100644 index 0000000000..2c1262514d --- /dev/null +++ b/2024/CVE-2024-43312.md @@ -0,0 +1,17 @@ +### [CVE-2024-43312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43312) +![](https://img.shields.io/static/v1?label=Product&message=WPC%20Frequently%20Bought%20Together%20for%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43314.md b/2024/CVE-2024-43314.md new file mode 100644 index 0000000000..74b8448389 --- /dev/null +++ b/2024/CVE-2024-43314.md @@ -0,0 +1,17 @@ +### [CVE-2024-43314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43314) +![](https://img.shields.io/static/v1?label=Product&message=Asset%20CleanUp%3A%20Page%20Speed%20Booster&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43323.md b/2024/CVE-2024-43323.md new file mode 100644 index 0000000000..2145e0c505 --- /dev/null +++ b/2024/CVE-2024-43323.md @@ -0,0 +1,17 @@ +### [CVE-2024-43323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43323) +![](https://img.shields.io/static/v1?label=Product&message=ReviewX&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43328.md b/2024/CVE-2024-43328.md index 8feb9f6050..8c98d54ed1 100644 --- a/2024/CVE-2024-43328.md +++ b/2024/CVE-2024-43328.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/DoTTak/Research-WordPress-CVE diff --git a/2024/CVE-2024-43332.md b/2024/CVE-2024-43332.md new file mode 100644 index 0000000000..a5a41f14f0 --- /dev/null +++ b/2024/CVE-2024-43332.md @@ -0,0 +1,17 @@ +### [CVE-2024-43332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43332) +![](https://img.shields.io/static/v1?label=Product&message=Photo%20Engine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43341.md b/2024/CVE-2024-43341.md new file mode 100644 index 0000000000..b024fa9b08 --- /dev/null +++ b/2024/CVE-2024-43341.md @@ -0,0 +1,17 @@ +### [CVE-2024-43341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43341) +![](https://img.shields.io/static/v1?label=Product&message=Hello%20Agency&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43343.md b/2024/CVE-2024-43343.md new file mode 100644 index 0000000000..2456615698 --- /dev/null +++ b/2024/CVE-2024-43343.md @@ -0,0 +1,17 @@ +### [CVE-2024-43343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43343) +![](https://img.shields.io/static/v1?label=Product&message=Order%20Tracking&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43347.md b/2024/CVE-2024-43347.md index 97314f54ff..4c70827151 100644 --- a/2024/CVE-2024-43347.md +++ b/2024/CVE-2024-43347.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/Cr0nu3/Cr0nu3 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43355.md b/2024/CVE-2024-43355.md new file mode 100644 index 0000000000..b5328db827 --- /dev/null +++ b/2024/CVE-2024-43355.md @@ -0,0 +1,17 @@ +### [CVE-2024-43355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43355) +![](https://img.shields.io/static/v1?label=Product&message=JoomSport&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-43357.md b/2024/CVE-2024-43357.md new file mode 100644 index 0000000000..a4b3d96191 --- /dev/null +++ b/2024/CVE-2024-43357.md @@ -0,0 +1,19 @@ +### [CVE-2024-43357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43357) +![](https://img.shields.io/static/v1?label=Product&message=ecma262&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202022%2C%20%3C%202025%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-248%3A%20Uncaught%20Exception&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-843%3A%20Access%20of%20Resource%20Using%20Incompatible%20Type%20('Type%20Confusion')&color=brighgreen) + +### Description + +ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference.The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants.The ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory's public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section.## References- https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727- https://bugzilla.mozilla.org/show_bug.cgi?id=1901411- https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq- https://bugs.webkit.org/show_bug.cgi?id=275407- https://issues.chromium.org/issues/346692561- https://www.cve.org/CVERecord?id=CVE-2024-7652 + +### POC + +#### Reference +- https://issues.chromium.org/issues/346692561 + +#### Github +- https://github.com/tc39/proposal-thenable-curtailment + diff --git a/2024/CVE-2024-43360.md b/2024/CVE-2024-43360.md index c921e29cf6..ffa5bf7a74 100644 --- a/2024/CVE-2024-43360.md +++ b/2024/CVE-2024-43360.md @@ -14,4 +14,5 @@ ZoneMinder is a free, open source closed-circuit television software application #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/zhanpengliu-tencent/medium-cve diff --git a/2024/CVE-2024-43363.md b/2024/CVE-2024-43363.md new file mode 100644 index 0000000000..1117721ffe --- /dev/null +++ b/2024/CVE-2024-43363.md @@ -0,0 +1,17 @@ +### [CVE-2024-43363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363) +![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.28%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/p33d/CVE-2024-43363 + diff --git a/2024/CVE-2024-43374.md b/2024/CVE-2024-43374.md index eac52c4c24..b0e7261ad5 100644 --- a/2024/CVE-2024-43374.md +++ b/2024/CVE-2024-43374.md @@ -13,5 +13,5 @@ The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argu - https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw #### Github -No PoCs found on GitHub currently. +- https://github.com/a85tract/Lancet diff --git a/2024/CVE-2024-43381.md b/2024/CVE-2024-43381.md index 36c35be377..d58767af15 100644 --- a/2024/CVE-2024-43381.md +++ b/2024/CVE-2024-43381.md @@ -15,4 +15,5 @@ reNgine is an automated reconnaissance framework for web applications. Versions #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/touhidshaikh/touhidshaikh diff --git a/2024/CVE-2024-43398.md b/2024/CVE-2024-43398.md index 67373bd011..c4f6755890 100644 --- a/2024/CVE-2024-43398.md +++ b/2024/CVE-2024-43398.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/lifeparticle/Ruby-Cheatsheet +- https://github.com/trevor0106/cheatsheet diff --git a/2024/CVE-2024-4340.md b/2024/CVE-2024-4340.md index fa8c4cb573..26f49dbd87 100644 --- a/2024/CVE-2024-4340.md +++ b/2024/CVE-2024-4340.md @@ -14,5 +14,7 @@ Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service d - https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/ #### Github +- https://github.com/ZipExplorer/submission - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase diff --git a/2024/CVE-2024-43402.md b/2024/CVE-2024-43402.md new file mode 100644 index 0000000000..6a10843d46 --- /dev/null +++ b/2024/CVE-2024-43402.md @@ -0,0 +1,18 @@ +### [CVE-2024-43402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43402) +![](https://img.shields.io/static/v1?label=Product&message=rust&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.81.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-88%3A%20Improper%20Neutralization%20of%20Argument%20Delimiters%20in%20a%20Command%20('Argument%20Injection')&color=brighgreen) + +### Description + +Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdeantoni/whatsnew + diff --git a/2024/CVE-2024-43415.md b/2024/CVE-2024-43415.md new file mode 100644 index 0000000000..d0ce609f14 --- /dev/null +++ b/2024/CVE-2024-43415.md @@ -0,0 +1,17 @@ +### [CVE-2024-43415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43415) +![](https://img.shields.io/static/v1?label=Product&message=decidim-module-decidim_awesome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.9.1%2C%20%3C%200.10.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands. + +### POC + +#### Reference +- https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43416.md b/2024/CVE-2024-43416.md new file mode 100644 index 0000000000..a6709300c5 --- /dev/null +++ b/2024/CVE-2024-43416.md @@ -0,0 +1,17 @@ +### [CVE-2024-43416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43416) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.80%2C%20%3C%2010.0.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xmupa/CVE-2024-43416-PoC + diff --git a/2024/CVE-2024-43418.md b/2024/CVE-2024-43418.md new file mode 100644 index 0000000000..56d03b850a --- /dev/null +++ b/2024/CVE-2024-43418.md @@ -0,0 +1,17 @@ +### [CVE-2024-43418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43418) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%200.65%2C%20%3C%2010.0.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xjzzzxx/Yama + diff --git a/2024/CVE-2024-43425.md b/2024/CVE-2024-43425.md new file mode 100644 index 0000000000..529574b8f6 --- /dev/null +++ b/2024/CVE-2024-43425.md @@ -0,0 +1,25 @@ +### [CVE-2024-43425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43425) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/LucianoHanna/rev_shell_detection +- https://github.com/RedTeamPentesting/moodle-rce-calculatedquestions +- https://github.com/Snizi/Moodle-CVE-2024-43425-Exploit +- https://github.com/aayush256-sys/Moodle-authenticated-RCE +- https://github.com/aninfosec/CVE-2024-43425-Poc +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-43426.md b/2024/CVE-2024-43426.md new file mode 100644 index 0000000000..a37ea7ffd6 --- /dev/null +++ b/2024/CVE-2024-43426.md @@ -0,0 +1,17 @@ +### [CVE-2024-43426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43426) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-4343.md b/2024/CVE-2024-4343.md new file mode 100644 index 0000000000..c24ef528f5 --- /dev/null +++ b/2024/CVE-2024-4343.md @@ -0,0 +1,17 @@ +### [CVE-2024-4343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4343) +![](https://img.shields.io/static/v1?label=Product&message=imartinez%2Fprivategpt&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command&color=brighgreen) + +### Description + +A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the `eval()` function to parse a string received from a remote AWS SageMaker LLM endpoint into a dictionary. This method of parsing is unsafe as it can execute arbitrary Python code contained within the response. An attacker can exploit this vulnerability by manipulating the response from the AWS SageMaker LLM endpoint to include malicious Python code, leading to potential execution of arbitrary commands on the system hosting the application. The issue is fixed in version 0.6.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CyberSecAI/cve_info_refs_crawler + diff --git a/2024/CVE-2024-43436.md b/2024/CVE-2024-43436.md new file mode 100644 index 0000000000..7ac1eaa9b7 --- /dev/null +++ b/2024/CVE-2024-43436.md @@ -0,0 +1,17 @@ +### [CVE-2024-43436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43436) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-43441.md b/2024/CVE-2024-43441.md new file mode 100644 index 0000000000..a29b674792 --- /dev/null +++ b/2024/CVE-2024-43441.md @@ -0,0 +1,20 @@ +### [CVE-2024-43441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43441) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HugeGraph-Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-302%20Authentication%20Bypass%20by%20Assumed-Immutable%20Data&color=brighgreen) + +### Description + +Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0.Users are recommended to upgrade to version 1.5.0, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks + diff --git a/2024/CVE-2024-43447.md b/2024/CVE-2024-43447.md new file mode 100644 index 0000000000..69a58becb1 --- /dev/null +++ b/2024/CVE-2024-43447.md @@ -0,0 +1,17 @@ +### [CVE-2024-43447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43447) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2849%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-415%3A%20Double%20Free&color=brighgreen) + +### Description + +Windows SMBv3 Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pawan-shivarkar/pawan-shivarkar + diff --git a/2024/CVE-2024-43451.md b/2024/CVE-2024-43451.md new file mode 100644 index 0000000000..322308ebd9 --- /dev/null +++ b/2024/CVE-2024-43451.md @@ -0,0 +1,55 @@ +### [CVE-2024-43451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43451) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20826%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7515%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6532%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.5131%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.5131%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2849%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4460%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4460%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1251%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.2314%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22966%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27415%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27415%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22267%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%3A%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) + +### Description + +NTLM Hash Disclosure Spoofing Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Castro-Ian/CVE-2024-4573-Mitigation-Script +- https://github.com/RonF98/CVE-2024-43451-POC +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-43468.md b/2024/CVE-2024-43468.md new file mode 100644 index 0000000000..48287e88fe --- /dev/null +++ b/2024/CVE-2024-43468.md @@ -0,0 +1,19 @@ +### [CVE-2024-43468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43468) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Configuration%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%205.00.9106%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Microsoft Configuration Manager Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nikallass/CVE-2024-43468_mTLS_go +- https://github.com/synacktiv/CVE-2024-43468 +- https://github.com/tadash10/Detailed-Analysis-and-Mitigation-Strategies-for-CVE-2024-38124-and-CVE-2024-43468 + diff --git a/2024/CVE-2024-43472.md b/2024/CVE-2024-43472.md new file mode 100644 index 0000000000..5489dd8511 --- /dev/null +++ b/2024/CVE-2024-43472.md @@ -0,0 +1,17 @@ +### [CVE-2024-43472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43472) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Edge%20(Chromium-based)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20127.0.2651.105%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/terryspeights/vulnerability-management-program + diff --git a/2024/CVE-2024-4348.md b/2024/CVE-2024-4348.md index 0797ded269..d284aad320 100644 --- a/2024/CVE-2024-4348.md +++ b/2024/CVE-2024-4348.md @@ -10,6 +10,7 @@ A vulnerability, which was classified as problematic, was found in osCommerce 4. ### POC #### Reference +- https://vuldb.com/?id.262488 - https://vuldb.com/?submit.320855 #### Github diff --git a/2024/CVE-2024-43483.md b/2024/CVE-2024-43483.md new file mode 100644 index 0000000000..8c71bd4812 --- /dev/null +++ b/2024/CVE-2024-43483.md @@ -0,0 +1,50 @@ +### [CVE-2024-43483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43483) +![](https://img.shields.io/static/v1?label=Product&message=.NET%206.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=.NET%208.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%202.0%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.0%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.7.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5%20AND%204.8.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%203.5.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6%2F4.6.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6.2%2F4.7%2F4.7.1%2F4.7.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.6.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20.NET%20Framework%204.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.11&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0.0%3C%2010.0.10240.20796%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.10%3C%2017.10.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.11%3C%2017.11.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=2.0.0%3C%203.0.30729.8974%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%203.0.30729.8974%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3.5.0%3C%203.5.1.30729.8974%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=3.5.0%3C%203.5.30729.8973%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.7.0%3C%204.7.04115.01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.8.0%3C%204.8.04762.01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=4.8.1%3C%204.8.1.9277.03%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.35%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%207.2.24%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%207.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8.0.0%3C%208.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-407%3A%20Inefficient%20Algorithmic%20Complexity&color=brighgreen) + +### Description + +.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/demolite-nuget/DemoliteDb + diff --git a/2024/CVE-2024-43485.md b/2024/CVE-2024-43485.md new file mode 100644 index 0000000000..458bed7fbf --- /dev/null +++ b/2024/CVE-2024-43485.md @@ -0,0 +1,31 @@ +### [CVE-2024-43485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43485) +![](https://img.shields.io/static/v1?label=Product&message=.NET%206.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=.NET%208.0&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.10&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.11&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.6&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Visual%20Studio%202022%20version%2017.8&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=PowerShell%207.4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=17.10%3C%2017.10.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.11%3C%2017.11.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.6.0%3C%2017.6.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=17.8.0%3C%2017.8.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.35%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.2.0%3C%207.2.24%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%207.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8.0.0%3C%208.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-407%3A%20Inefficient%20Algorithmic%20Complexity&color=brighgreen) + +### Description + +.NET and Visual Studio Denial of Service Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/octofelickz/dependabot-dotnet-sdk + diff --git a/2024/CVE-2024-43491.md b/2024/CVE-2024-43491.md new file mode 100644 index 0000000000..deeb7b35b9 --- /dev/null +++ b/2024/CVE-2024-43491.md @@ -0,0 +1,17 @@ +### [CVE-2024-43491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43491) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20766%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RaphaelEjike/Mitigating_CVEs + diff --git a/2024/CVE-2024-4351.md b/2024/CVE-2024-4351.md new file mode 100644 index 0000000000..3296005e4c --- /dev/null +++ b/2024/CVE-2024-4351.md @@ -0,0 +1,17 @@ +### [CVE-2024-4351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4351) +![](https://img.shields.io/static/v1?label=Product&message=Tutor%20LMS%20Pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ZSECURE/CVE-2024-4351 + diff --git a/2024/CVE-2024-4352.md b/2024/CVE-2024-4352.md index e51d140218..50bbd89350 100644 --- a/2024/CVE-2024-4352.md +++ b/2024/CVE-2024-4352.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/truonghuuphuc/CVE-2024-4352-Poc +- https://github.com/truonghuuphuc/Poc diff --git a/2024/CVE-2024-43535.md b/2024/CVE-2024-43535.md new file mode 100644 index 0000000000..b9f9ae1084 --- /dev/null +++ b/2024/CVE-2024-43535.md @@ -0,0 +1,57 @@ +### [CVE-2024-43535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43535) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20796%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6414%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348..2762%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3260%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.2033%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22918%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25118%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22221%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Windows Kernel-Mode Driver Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jayesther/KTM_POCS +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-43570.md b/2024/CVE-2024-43570.md new file mode 100644 index 0000000000..b15760beb7 --- /dev/null +++ b/2024/CVE-2024-43570.md @@ -0,0 +1,56 @@ +### [CVE-2024-43570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43570) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20796%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6414%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348..2762%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3260%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.2033%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22918%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25118%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22221%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Windows Kernel Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jayesther/KTM_POCS + diff --git a/2024/CVE-2024-43572.md b/2024/CVE-2024-43572.md new file mode 100644 index 0000000000..ce0fac7d03 --- /dev/null +++ b/2024/CVE-2024-43572.md @@ -0,0 +1,56 @@ +### [CVE-2024-43572](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43572) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20796%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6414%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348..2762%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3260%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.2033%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22918%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27366%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25118%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22221%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%3A%20Improper%20Neutralization&color=brighgreen) + +### Description + +Microsoft Management Console Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hackthebox/university-ctf-2024 + diff --git a/2024/CVE-2024-4358.md b/2024/CVE-2024-4358.md index f8ae6606be..0f8392773b 100644 --- a/2024/CVE-2024-4358.md +++ b/2024/CVE-2024-4358.md @@ -13,13 +13,32 @@ In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/ChalkingCode/ExploitedDucks +- https://github.com/DMW11525708/wiki - https://github.com/GhostTroops/TOP - https://github.com/Harydhk7/CVE-2024-4358 +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV - https://github.com/RevoltSecurities/CVE-2024-4358 - https://github.com/Sk1dr0wz/CVE-2024-4358_Mass_Exploit +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC - https://github.com/f0ur0four/Insecure-Deserialization +- https://github.com/gh-ost00/CVE-2024-4358 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/sinsinology/CVE-2024-4358 - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-43582.md b/2024/CVE-2024-43582.md new file mode 100644 index 0000000000..c3ae558078 --- /dev/null +++ b/2024/CVE-2024-43582.md @@ -0,0 +1,36 @@ +### [CVE-2024-43582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43582) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6414%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.5011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348..2762%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3260%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4317%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1189%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.2033%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Remote Desktop Protocol Server Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vijjada/internship-task-3-elevatelabs + diff --git a/2024/CVE-2024-43583.md b/2024/CVE-2024-43583.md new file mode 100644 index 0000000000..a47f53f017 --- /dev/null +++ b/2024/CVE-2024-43583.md @@ -0,0 +1,59 @@ +### [CVE-2024-43583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43583) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2%20Service%20Pack%201&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20Service%20Pack%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20857%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7606%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6659%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.5247%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.5247%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2966%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3260%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.4602%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1308%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.2605%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%206.1.7601.27467%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.23016%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27467%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27467%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.25222%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22318%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%3A%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen) + +### Description + +Winlogon Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Kvngtheta/CVE-2024-43583-PoC +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-43601.md b/2024/CVE-2024-43601.md new file mode 100644 index 0000000000..cb65be2b3e --- /dev/null +++ b/2024/CVE-2024-43601.md @@ -0,0 +1,18 @@ +### [CVE-2024-43601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43601) +![](https://img.shields.io/static/v1?label=Product&message=Visual%20Studio%20Code&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.94.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Visual Studio Code for Linux Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/LoveFancy/changelog-scraper +- https://github.com/LoveFancy/cursor-changelog-scraper + diff --git a/2024/CVE-2024-43609.md b/2024/CVE-2024-43609.md new file mode 100644 index 0000000000..aea326b2da --- /dev/null +++ b/2024/CVE-2024-43609.md @@ -0,0 +1,25 @@ +### [CVE-2024-43609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43609) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20365%20Apps%20for%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%20LTSC%202021&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Office%20LTSC%202024&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%20https%3A%2F%2Faka.ms%2FOfficeSecurityReleases%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.0%3C%2016.0.5469.1001%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=16.0.1%3C%20https%3A%2F%2Faka.ms%2FOfficeSecurityReleases%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=19.0.0%3C%20https%3A%2F%2Faka.ms%2FOfficeSecurityReleases%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Microsoft Office Spoofing Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GhostTroops/TOP +- https://github.com/passtheticket/CVE-2024-38200 + diff --git a/2024/CVE-2024-43630.md b/2024/CVE-2024-43630.md new file mode 100644 index 0000000000..a6697d062f --- /dev/null +++ b/2024/CVE-2024-43630.md @@ -0,0 +1,28 @@ +### [CVE-2024-43630](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43630) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.5131%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.5131%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2849%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1251%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.26100.2314%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Windows Kernel Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/QuasarBinary/CVE-2024-43630-POC +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-4367.md b/2024/CVE-2024-4367.md index 90ac611f24..79f6da606c 100644 --- a/2024/CVE-2024-4367.md +++ b/2024/CVE-2024-4367.md @@ -13,19 +13,47 @@ A type check was missing when handling fonts in PDF.js, which would allow arbitr ### POC #### Reference -No PoCs from references. +- https://bugzilla.mozilla.org/show_bug.cgi?id=1893645 #### Github +- https://github.com/0xr2r/CVE-2024-4367 +- https://github.com/1337rokudenashi/Odoo_PDFjs_CVE-2024-4367.pdf +- https://github.com/AazafRitha/bug-bounty-reports +- https://github.com/BektiHandoyo/cve-pdf-host +- https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerability - https://github.com/GhostTroops/TOP +- https://github.com/J1ezds/Vulnerability-Wiki-page - https://github.com/LOURC0D3/CVE-2024-4367-PoC +- https://github.com/Masamuneee/CVE-2024-4367-Analysis +- https://github.com/MihranGIT/POC_CVE-2024-4367 +- https://github.com/PenguinCabinet/CVE-2024-4367-hands-on +- https://github.com/Scivous/CVE-2024-4367-npm - https://github.com/Threekiii/Awesome-POC +- https://github.com/UnHackerEnCapital/PDFernetRemotelo +- https://github.com/VVeakee/CVE-2024-4367 +- https://github.com/XiaomingX/awesome-poc-for-red-team - https://github.com/Zombie-Kaiser/cve-2024-4367-PoC-fixed +- https://github.com/alecdhuse/Lantern-Shark - https://github.com/avalahEE/pdfjs_disable_eval - https://github.com/clarkio/pdfjs-vuln-demo +- https://github.com/elamani-drawing/CVE-2024-4367-POC-PDFJS +- https://github.com/exfil0/WEAPONIZING-CVE-2024-4367 - https://github.com/google/fishy-pdf +- https://github.com/hellomipl/mipl-pdf-viewer +- https://github.com/kabiri-labs/CVE-2024-4367-PoC +- https://github.com/klausnitzer/pentest-pdf-collection +- https://github.com/m0d0ri205/PDFJS - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/pS3ud0RAnD0m/cve-2024-4367-poc +- https://github.com/pedrochalegre7/CVE-2024-4367-pdf-sample +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/rjm521/hdfs-dashboard +- https://github.com/romanbelaire/notebook +- https://github.com/rzte/pdf-exploit - https://github.com/s4vvysec/CVE-2024-4367-POC +- https://github.com/snyk-labs/pdfjs-vuln-demo - https://github.com/spaceraccoon/detect-cve-2024-4367 - https://github.com/tanjiti/sec_profile - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-4369.md b/2024/CVE-2024-4369.md index 6975e52d81..4cb282e720 100644 --- a/2024/CVE-2024-4369.md +++ b/2024/CVE-2024-4369.md @@ -14,5 +14,6 @@ An information disclosure flaw was found in OpenShift's internal image registry No PoCs from references. #### Github +- https://github.com/alwin-7/g3tcve - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-43762.md b/2024/CVE-2024-43762.md new file mode 100644 index 0000000000..bc4741221b --- /dev/null +++ b/2024/CVE-2024-43762.md @@ -0,0 +1,18 @@ +### [CVE-2024-43762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43762) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +- https://android.googlesource.com/platform/frameworks/base/+/ae43ac7f3d3d5112b0f54b5315a15b08208acf9c + +#### Github +- https://github.com/canyie/canyie +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-43768.md b/2024/CVE-2024-43768.md new file mode 100644 index 0000000000..8ddfcca89f --- /dev/null +++ b/2024/CVE-2024-43768.md @@ -0,0 +1,17 @@ +### [CVE-2024-43768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43768) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-43770.md b/2024/CVE-2024-43770.md new file mode 100644 index 0000000000..629bb4af59 --- /dev/null +++ b/2024/CVE-2024-43770.md @@ -0,0 +1,17 @@ +### [CVE-2024-43770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43770) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution&color=brighgreen) + +### Description + +In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/netlas-io/netlas-dorks + diff --git a/2024/CVE-2024-43779.md b/2024/CVE-2024-43779.md new file mode 100644 index 0000000000..386f852c18 --- /dev/null +++ b/2024/CVE-2024-43779.md @@ -0,0 +1,17 @@ +### [CVE-2024-43779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43779) +![](https://img.shields.io/static/v1?label=Product&message=ClearML&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Enterprise%20Server%203.22.5-1533%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Information%20Exposure&color=brighgreen) + +### Description + +An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43788.md b/2024/CVE-2024-43788.md new file mode 100644 index 0000000000..468b4d2d49 --- /dev/null +++ b/2024/CVE-2024-43788.md @@ -0,0 +1,21 @@ +### [CVE-2024-43788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43788) +![](https://img.shields.io/static/v1?label=Product&message=webpack&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%205.0.0-alpha.0%2C%20%3C%205.94.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NUS-ISS-SECURE-TEAM-5/mall-admin-frontend +- https://github.com/batzionb/webpack-cve-2024-43788 +- https://github.com/jackfromeast/dom-clobbering-collection +- https://github.com/mathworks/MATLAB-language-server +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-43795.md b/2024/CVE-2024-43795.md new file mode 100644 index 0000000000..2c1ec308d0 --- /dev/null +++ b/2024/CVE-2024-43795.md @@ -0,0 +1,17 @@ +### [CVE-2024-43795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43795) +![](https://img.shields.io/static/v1?label=Product&message=cosmos&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.19.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-43796.md b/2024/CVE-2024-43796.md new file mode 100644 index 0000000000..a8fc576b97 --- /dev/null +++ b/2024/CVE-2024-43796.md @@ -0,0 +1,18 @@ +### [CVE-2024-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43796) +![](https://img.shields.io/static/v1?label=Product&message=express&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.20.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/andrewbearsley/lacework-sca-scan-example +- https://github.com/felipecruz91/biznagafest24 + diff --git a/2024/CVE-2024-43799.md b/2024/CVE-2024-43799.md new file mode 100644 index 0000000000..9f7a91f2bd --- /dev/null +++ b/2024/CVE-2024-43799.md @@ -0,0 +1,18 @@ +### [CVE-2024-43799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43799) +![](https://img.shields.io/static/v1?label=Product&message=send&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.19.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/andrewbearsley/lacework-sca-scan-example +- https://github.com/felipecruz91/biznagafest24 + diff --git a/2024/CVE-2024-43800.md b/2024/CVE-2024-43800.md new file mode 100644 index 0000000000..0849a88639 --- /dev/null +++ b/2024/CVE-2024-43800.md @@ -0,0 +1,18 @@ +### [CVE-2024-43800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43800) +![](https://img.shields.io/static/v1?label=Product&message=serve-static&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.16.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/andrewbearsley/lacework-sca-scan-example +- https://github.com/felipecruz91/biznagafest24 + diff --git a/2024/CVE-2024-43833.md b/2024/CVE-2024-43833.md new file mode 100644 index 0000000000..803dc15e18 --- /dev/null +++ b/2024/CVE-2024-43833.md @@ -0,0 +1,17 @@ +### [CVE-2024-43833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43833) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=aa4faf6eb271%3C%20fe0f92fd5320%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:media: v4l: async: Fix NULL pointer dereference in adding ancillary linksIn v4l2_async_create_ancillary_links(), ancillary links are created forlens and flash sub-devices. These are sub-device to sub-device links andif the async notifier is related to a V4L2 device, the source sub-deviceof the ancillary link is NULL, leading to a NULL pointer dereference.Check the notifier's sd field is non-NULL inv4l2_async_create_ancillary_links().[Sakari Ailus: Reword the subject and commit messages slightly.] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43836.md b/2024/CVE-2024-43836.md new file mode 100644 index 0000000000..4e4105425a --- /dev/null +++ b/2024/CVE-2024-43836.md @@ -0,0 +1,17 @@ +### [CVE-2024-43836](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43836) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4d18e3ddf427%3C%20e187690b125a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net: ethtool: pse-pd: Fix possible null-derefFix a possible null dereference when a PSE supports both c33 and PoDL, butonly one of the netlink attributes is specified. The c33 or PoDL PSEcapabilities are already validated in the ethnl_set_pse_validate() call. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43837.md b/2024/CVE-2024-43837.md new file mode 100644 index 0000000000..6fbda198f6 --- /dev/null +++ b/2024/CVE-2024-43837.md @@ -0,0 +1,17 @@ +### [CVE-2024-43837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43837) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4a9c7bbe2ed4%3C%20fcac5feb06f3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXTWhen loading a EXT program without specifying `attr->attach_prog_fd`,the `prog->aux->dst_prog` will be null. At this time, callingresolve_prog_type() anywhere will result in a null pointer dereference.Example stack trace:[ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004[ 8.108262] Mem abort info:[ 8.108384] ESR = 0x0000000096000004[ 8.108547] EC = 0x25: DABT (current EL), IL = 32 bits[ 8.108722] SET = 0, FnV = 0[ 8.108827] EA = 0, S1PTW = 0[ 8.108939] FSC = 0x04: level 0 translation fault[ 8.109102] Data abort info:[ 8.109203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000[ 8.109399] CM = 0, WnR = 0, TnD = 0, TagAccess = 0[ 8.109614] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0[ 8.109836] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101354000[ 8.110011] [0000000000000004] pgd=0000000000000000, p4d=0000000000000000[ 8.112624] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP[ 8.112783] Modules linked in:[ 8.113120] CPU: 0 PID: 99 Comm: may_access_dire Not tainted 6.10.0-rc3-next-20240613-dirty #1[ 8.113230] Hardware name: linux,dummy-virt (DT)[ 8.113390] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)[ 8.113429] pc : may_access_direct_pkt_data+0x24/0xa0[ 8.113746] lr : add_subprog_and_kfunc+0x634/0x8e8[ 8.113798] sp : ffff80008283b9f0[ 8.113813] x29: ffff80008283b9f0 x28: ffff800082795048 x27: 0000000000000001[ 8.113881] x26: ffff0000c0bb2600 x25: 0000000000000000 x24: 0000000000000000[ 8.113897] x23: ffff0000c1134000 x22: 000000000001864f x21: ffff0000c1138000[ 8.113912] x20: 0000000000000001 x19: ffff0000c12b8000 x18: ffffffffffffffff[ 8.113929] x17: 0000000000000000 x16: 0000000000000000 x15: 0720072007200720[ 8.113944] x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720[ 8.113958] x11: 0720072007200720 x10: 0000000000f9fca4 x9 : ffff80008021f4e4[ 8.113991] x8 : 0101010101010101 x7 : 746f72705f6d656d x6 : 000000001e0e0f5f[ 8.114006] x5 : 000000000001864f x4 : ffff0000c12b8000 x3 : 000000000000001c[ 8.114020] x2 : 0000000000000002 x1 : 0000000000000000 x0 : 0000000000000000[ 8.114126] Call trace:[ 8.114159] may_access_direct_pkt_data+0x24/0xa0[ 8.114202] bpf_check+0x3bc/0x28c0[ 8.114214] bpf_prog_load+0x658/0xa58[ 8.114227] __sys_bpf+0xc50/0x2250[ 8.114240] __arm64_sys_bpf+0x28/0x40[ 8.114254] invoke_syscall.constprop.0+0x54/0xf0[ 8.114273] do_el0_svc+0x4c/0xd8[ 8.114289] el0_svc+0x3c/0x140[ 8.114305] el0t_64_sync_handler+0x134/0x150[ 8.114331] el0t_64_sync+0x168/0x170[ 8.114477] Code: 7100707f 54000081 f9401c00 f9403800 (b9400403)[ 8.118672] ---[ end trace 0000000000000000 ]---One way to fix it is by forcing `attach_prog_fd` non-empty whenbpf_prog_load(). But this will lead to `libbpf_probe_bpf_prog_type`API broken which use verifier log to probe prog type and will lognothing if we reject invalid EXT prog before bpf_check().Another way is by adding null check in resolve_prog_type().The issue was introduced by commit 4a9c7bbe2ed4 ("bpf: Resolve toprog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT") which wantedto correct type resolution for BPF_PROG_TYPE_TRACING programs. Beforethat, the type resolution of BPF_PROG_TYPE_EXT prog actually followsthe logic below: prog->aux->dst_prog ? prog->aux->dst_prog->type : prog->type;It implies that when EXT program is not yet attached to `dst_prog`,the prog type should be EXT itself. This code worked fine in the past.So just keep using it.Fix this by returning `prog->type` for BPF_PROG_TYPE_EXT if `dst_prog`is not present in resolve_prog_type(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-43882.md b/2024/CVE-2024-43882.md new file mode 100644 index 0000000000..c26891c9b5 --- /dev/null +++ b/2024/CVE-2024-43882.md @@ -0,0 +1,17 @@ +### [CVE-2024-43882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43882) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20d5c3c7e26275%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:exec: Fix ToCToU between perm check and set-uid/gid usageWhen opening a file for exec via do_filp_open(), permission checking isdone against the file's metadata at that moment, and on success, a filepointer is passed back. Much later in the execve() code path, the filemetadata (specifically mode, uid, and gid) is used to determine if/howto set the uid and gid. However, those values may have changed since thepermissions check, meaning the execution may gain unintended privileges.For example, if a file could change permissions from executable and notset-id:---------x 1 root root 16048 Aug 7 13:16 targetto set-id and non-executable:---S------ 1 root root 16048 Aug 7 13:16 targetit is possible to gain root privileges when execution should have beendisallowed.While this race condition is rare in real-world scenarios, it has beenobserved (and proven exploitable) when package managers are updatingthe setuid bits of installed programs. Such files start with beingworld-executable but then are adjusted to be group-exec with a set-uidbit. For example, "chmod o-x,u+s target" makes "target" executable onlyby uid "root" and gid "cdrom", while also becoming setuid-root:-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 targetbecomes:-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 targetBut racing the chmod means users without group "cdrom" membership canget the permission to execute "target" just before the chmod, and whenthe chmod finishes, the exec reaches brpm_fill_uid(), and performs thesetuid to root, violating the expressed authorization of "only cdromgroup members can setuid to root".Re-check that we still have execute permissions in case the metadatahas changed. It would be better to keep a copy from the perm-check time,but until we can do that refactoring, the least-bad option is to do afull inode_permission() call (under inode lock). It is understood thatthis is safe against dead-locks, but hardly optimal. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-43884.md b/2024/CVE-2024-43884.md index 45ccef50aa..e68f73dd12 100644 --- a/2024/CVE-2024-43884.md +++ b/2024/CVE-2024-43884.md @@ -1,6 +1,6 @@ ### [CVE-2024-43884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43884) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=5157b8a503fa%3C%205da288429232%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=5157b8a503fa%3C%2011b4b0e63f26%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2024/CVE-2024-43917.md b/2024/CVE-2024-43917.md index f7a9f8828d..fcaf2bb103 100644 --- a/2024/CVE-2024-43917.md +++ b/2024/CVE-2024-43917.md @@ -14,4 +14,8 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/p33d/CVE-2024-43917 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/sug4r-wr41th/CVE-2024-43917 +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-43918.md b/2024/CVE-2024-43918.md index d78d69a448..dada65d0b7 100644 --- a/2024/CVE-2024-43918.md +++ b/2024/CVE-2024-43918.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/KTN1990/CVE-2024-43918 diff --git a/2024/CVE-2024-43919.md b/2024/CVE-2024-43919.md new file mode 100644 index 0000000000..1b1f1f7b31 --- /dev/null +++ b/2024/CVE-2024-43919.md @@ -0,0 +1,19 @@ +### [CVE-2024-43919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43919) +![](https://img.shields.io/static/v1?label=Product&message=YARPP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%205.30.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Access Control vulnerability in YARPP YARPP allows .This issue affects YARPP: from n/a through 5.30.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/RandomRobbieBF/CVE-2024-43919 +- https://github.com/gh-ost00/CVE-2024-Collection + diff --git a/2024/CVE-2024-43965.md b/2024/CVE-2024-43965.md new file mode 100644 index 0000000000..e6c48e7788 --- /dev/null +++ b/2024/CVE-2024-43965.md @@ -0,0 +1,17 @@ +### [CVE-2024-43965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43965) +![](https://img.shields.io/static/v1?label=Product&message=SendGrid%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-43965 + diff --git a/2024/CVE-2024-43974.md b/2024/CVE-2024-43974.md new file mode 100644 index 0000000000..e4f23f61f7 --- /dev/null +++ b/2024/CVE-2024-43974.md @@ -0,0 +1,17 @@ +### [CVE-2024-43974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43974) +![](https://img.shields.io/static/v1?label=Product&message=ReviveNews&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RandomRobbieBF/CVE-2024-43998 + diff --git a/2024/CVE-2024-43998.md b/2024/CVE-2024-43998.md new file mode 100644 index 0000000000..1eeb9fd23b --- /dev/null +++ b/2024/CVE-2024-43998.md @@ -0,0 +1,18 @@ +### [CVE-2024-43998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43998) +![](https://img.shields.io/static/v1?label=Product&message=Blogpoet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Nxploited/CVE-2024-43998 +- https://github.com/RandomRobbieBF/CVE-2024-43998 + diff --git a/2024/CVE-2024-44000.md b/2024/CVE-2024-44000.md new file mode 100644 index 0000000000..6a74117cd0 --- /dev/null +++ b/2024/CVE-2024-44000.md @@ -0,0 +1,21 @@ +### [CVE-2024-44000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44000) +![](https://img.shields.io/static/v1?label=Product&message=LiteSpeed%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%20Insufficiently%20Protected%20Credentials&color=brighgreen) + +### Description + +Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/PwnGeo/found_security_advise +- https://github.com/absholi7ly/CVE-2024-44000-LiteSpeed-Cache +- https://github.com/gbrsh/CVE-2024-44000 +- https://github.com/geniuszly/CVE-2024-44000 +- https://github.com/ifqygazhar/CVE-2024-44000-LiteSpeed-Cache + diff --git a/2024/CVE-2024-4406.md b/2024/CVE-2024-4406.md index 2cc933cef0..2f9acd36a8 100644 --- a/2024/CVE-2024-4406.md +++ b/2024/CVE-2024-4406.md @@ -13,5 +13,6 @@ Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Exec No PoCs from references. #### Github +- https://github.com/Yogehi/cve-2024-4406-xiaomi13pro-exploit-files - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44068.md b/2024/CVE-2024-44068.md new file mode 100644 index 0000000000..3904861846 --- /dev/null +++ b/2024/CVE-2024-44068.md @@ -0,0 +1,18 @@ +### [CVE-2024-44068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44068) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ladyg00se/CVE-2023-45866_WIP +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-44073.md b/2024/CVE-2024-44073.md index 16196743cd..385195f800 100644 --- a/2024/CVE-2024-44073.md +++ b/2024/CVE-2024-44073.md @@ -13,5 +13,6 @@ The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack No PoCs from references. #### Github +- https://github.com/bitcoinfuzz/bitcoinfuzz - https://github.com/brunoerg/bitcoinfuzz diff --git a/2024/CVE-2024-44083.md b/2024/CVE-2024-44083.md index 22b913e10d..59f270a701 100644 --- a/2024/CVE-2024-44083.md +++ b/2024/CVE-2024-44083.md @@ -13,6 +13,8 @@ ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that h - https://github.com/Azvanzed/IdaMeme #### Github +- https://github.com/Azvanzed/CVE-2024-44083 - https://github.com/Azvanzed/IdaMeme +- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-44085.md b/2024/CVE-2024-44085.md new file mode 100644 index 0000000000..709643196e --- /dev/null +++ b/2024/CVE-2024-44085.md @@ -0,0 +1,17 @@ +### [CVE-2024-44085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44085) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-027.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-44133.md b/2024/CVE-2024-44133.md new file mode 100644 index 0000000000..208c52a240 --- /dev/null +++ b/2024/CVE-2024-44133.md @@ -0,0 +1,20 @@ +### [CVE-2024-44133](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44133) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=On%20MDM%20managed%20devices%2C%20an%20app%20may%20be%20able%20to%20bypass%20certain%20Privacy%20preferences&color=brighgreen) + +### Description + +This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ununp3ntium115/prevent_cve_2024_44133 +- https://github.com/inverzeio/media +- https://github.com/nikholt1/nikholt1 +- https://github.com/yo-yo-yo-jbo/hm-surf + diff --git a/2024/CVE-2024-44170.md b/2024/CVE-2024-44170.md new file mode 100644 index 0000000000..9c09cc208e --- /dev/null +++ b/2024/CVE-2024-44170.md @@ -0,0 +1,21 @@ +### [CVE-2024-44170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44170) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20access%20user-sensitive%20data&color=brighgreen) + +### Description + +A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/iCMDdev/iCMDdev + diff --git a/2024/CVE-2024-44187.md b/2024/CVE-2024-44187.md new file mode 100644 index 0000000000..6245bbf1c8 --- /dev/null +++ b/2024/CVE-2024-44187.md @@ -0,0 +1,25 @@ +### [CVE-2024-44187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44187) +![](https://img.shields.io/static/v1?label=Product&message=Safari&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20malicious%20website%20may%20exfiltrate%20data%20cross-origin&color=brighgreen) + +### Description + +A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/apono-io/backstage-plugin-apono + diff --git a/2024/CVE-2024-44193.md b/2024/CVE-2024-44193.md new file mode 100644 index 0000000000..dc8c96e901 --- /dev/null +++ b/2024/CVE-2024-44193.md @@ -0,0 +1,19 @@ +### [CVE-2024-44193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44193) +![](https://img.shields.io/static/v1?label=Product&message=iTunes%20for%20Windows&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2012.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20local%20attacker%20may%20be%20able%20to%20elevate%20%20their%20privileges&color=brighgreen) + +### Description + +A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/crisprss/CVEs +- https://github.com/mbog14/CVE-2024-44193 +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-44197.md b/2024/CVE-2024-44197.md new file mode 100644 index 0000000000..90d6cb8e59 --- /dev/null +++ b/2024/CVE-2024-44197.md @@ -0,0 +1,17 @@ +### [CVE-2024-44197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44197) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20malicious%20app%20may%20be%20able%20to%20cause%20a%20denial-of-service&color=brighgreen) + +### Description + +The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to cause a denial-of-service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/didi/kemon + diff --git a/2024/CVE-2024-44198.md b/2024/CVE-2024-44198.md new file mode 100644 index 0000000000..4e6d552a29 --- /dev/null +++ b/2024/CVE-2024-44198.md @@ -0,0 +1,24 @@ +### [CVE-2024-44198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44198) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2011%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20maliciously%20crafted%20web%20content%20may%20lead%20to%20an%20unexpected%20process%20crash&color=brighgreen) + +### Description + +An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/rajeshwarideoraj/Vulnerability_Data_Extraction_and_Analysis + diff --git a/2024/CVE-2024-44199.md b/2024/CVE-2024-44199.md new file mode 100644 index 0000000000..5908f41336 --- /dev/null +++ b/2024/CVE-2024-44199.md @@ -0,0 +1,17 @@ +### [CVE-2024-44199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44199) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20cause%20unexpected%20system%20termination%20or%20read%20kernel%20memory&color=brighgreen) + +### Description + +An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/didi/kemon + diff --git a/2024/CVE-2024-44200.md b/2024/CVE-2024-44200.md new file mode 100644 index 0000000000..423b669b47 --- /dev/null +++ b/2024/CVE-2024-44200.md @@ -0,0 +1,17 @@ +### [CVE-2024-44200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44200) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20read%20sensitive%20location%20information&color=brighgreen) + +### Description + +This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/iCMDdev/iCMDdev + diff --git a/2024/CVE-2024-44201.md b/2024/CVE-2024-44201.md new file mode 100644 index 0000000000..7e08dde0e3 --- /dev/null +++ b/2024/CVE-2024-44201.md @@ -0,0 +1,21 @@ +### [CVE-2024-44201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44201) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2013.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20a%20malicious%20crafted%20file%20may%20lead%20to%20a%20denial-of-service&color=brighgreen) + +### Description + +The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sohonetlabs/test_json_fs + diff --git a/2024/CVE-2024-44235.md b/2024/CVE-2024-44235.md new file mode 100644 index 0000000000..27045d84c4 --- /dev/null +++ b/2024/CVE-2024-44235.md @@ -0,0 +1,17 @@ +### [CVE-2024-44235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44235) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20attacker%20may%20be%20able%20to%20view%20restricted%20content%20from%20the%20lock%20screen&color=brighgreen) + +### Description + +The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/richeeta/DEFCON33-Siriously-Leaky + diff --git a/2024/CVE-2024-44252.md b/2024/CVE-2024-44252.md new file mode 100644 index 0000000000..f60e3b46bd --- /dev/null +++ b/2024/CVE-2024-44252.md @@ -0,0 +1,23 @@ +### [CVE-2024-44252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44252) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Restoring%20a%20maliciously%20crafted%20backup%20file%20may%20lead%20to%20modification%20of%20protected%20system%20files&color=brighgreen) + +### Description + +A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JJTech0130/TrollRestore +- https://github.com/Lrdsnow/PureKFD +- https://github.com/ineedaspo1/troll + diff --git a/2024/CVE-2024-44258.md b/2024/CVE-2024-44258.md new file mode 100644 index 0000000000..92f199f1c4 --- /dev/null +++ b/2024/CVE-2024-44258.md @@ -0,0 +1,23 @@ +### [CVE-2024-44258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44258) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Restoring%20a%20maliciously%20crafted%20backup%20file%20may%20lead%20to%20modification%20of%20protected%20system%20files&color=brighgreen) + +### Description + +This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ifpdz/CVE-2024-44258 +- https://github.com/missaels235/POC-CVE-2024-44258-Py +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-44285.md b/2024/CVE-2024-44285.md new file mode 100644 index 0000000000..a92309f2a5 --- /dev/null +++ b/2024/CVE-2024-44285.md @@ -0,0 +1,23 @@ +### [CVE-2024-44285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44285) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2011.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20cause%20unexpected%20system%20termination%20or%20corrupt%20kernel%20memory&color=brighgreen) + +### Description + +A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/slds1/explt +- https://github.com/tomitokics/IOSurface_poc18 + diff --git a/2024/CVE-2024-44308.md b/2024/CVE-2024-44308.md new file mode 100644 index 0000000000..5873a8755f --- /dev/null +++ b/2024/CVE-2024-44308.md @@ -0,0 +1,25 @@ +### [CVE-2024-44308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44308) +![](https://img.shields.io/static/v1?label=Product&message=Safari&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20maliciously%20crafted%20web%20content%20may%20lead%20to%20arbitrary%20code%20execution.%20Apple%20is%20aware%20of%20a%20report%20that%20this%20issue%20may%20have%20been%20actively%20exploited%20on%20Intel-based%20Mac%20systems.&color=brighgreen) + +### Description + +The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lgturatti/techdrops +- https://github.com/migopp/cve-2024-44308 +- https://github.com/packetinside/CISA_BOT +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-44309.md b/2024/CVE-2024-44309.md new file mode 100644 index 0000000000..a61c2559e9 --- /dev/null +++ b/2024/CVE-2024-44309.md @@ -0,0 +1,23 @@ +### [CVE-2024-44309](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44309) +![](https://img.shields.io/static/v1?label=Product&message=Safari&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2015.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2018.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%202.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20maliciously%20crafted%20web%20content%20may%20lead%20to%20a%20cross%20site%20scripting%20attack.%20Apple%20is%20aware%20of%20a%20report%20that%20this%20issue%20may%20have%20been%20actively%20exploited%20on%20Intel-based%20Mac%20systems.&color=brighgreen) + +### Description + +A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lgturatti/techdrops +- https://github.com/packetinside/CISA_BOT + diff --git a/2024/CVE-2024-44313.md b/2024/CVE-2024-44313.md new file mode 100644 index 0000000000..87242be930 --- /dev/null +++ b/2024/CVE-2024-44313.md @@ -0,0 +1,18 @@ +### [CVE-2024-44313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44313) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/cnetsec/CVE-2024-44313 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-4433.md b/2024/CVE-2024-4433.md index bb85dfdfdd..e45384800f 100644 --- a/2024/CVE-2024-4433.md +++ b/2024/CVE-2024-4433.md @@ -13,5 +13,6 @@ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti No PoCs from references. #### Github +- https://github.com/Cr0nu3/Cr0nu3 - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44337.md b/2024/CVE-2024-44337.md new file mode 100644 index 0000000000..b2d57dddb3 --- /dev/null +++ b/2024/CVE-2024-44337.md @@ -0,0 +1,17 @@ +### [CVE-2024-44337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44337) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Brinmon/CVE-2024-44337 + diff --git a/2024/CVE-2024-44349.md b/2024/CVE-2024-44349.md new file mode 100644 index 0000000000..f3f84b8be6 --- /dev/null +++ b/2024/CVE-2024-44349.md @@ -0,0 +1,17 @@ +### [CVE-2024-44349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44349) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. + +### POC + +#### Reference +- https://blog.cybergon.com/posts/cve-2024-44349/ + +#### Github +- https://github.com/AndreaF17/PoC-CVE-2024-44349 + diff --git a/2024/CVE-2024-4439.md b/2024/CVE-2024-4439.md index c4bc5460ab..c83534abfd 100644 --- a/2024/CVE-2024-4439.md +++ b/2024/CVE-2024-4439.md @@ -13,10 +13,13 @@ WordPress Core is vulnerable to Stored Cross-Site Scripting via user display nam No PoCs from references. #### Github +- https://github.com/DoTTak/Research-WordPress-CVE - https://github.com/MielPopsssssss/CVE-2024-4439 - https://github.com/N0boy-0/vulenv - https://github.com/Ostorlab/KEV - https://github.com/d0rb/CVE-2024-4439 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/soltanali0/CVE-2024-4439 +- https://github.com/w0r1i0g1ht/CVE-2024-4439 - https://github.com/xssor-dz/-CVE-2024-4439 diff --git a/2024/CVE-2024-4443.md b/2024/CVE-2024-4443.md index 73d3487013..c40a773682 100644 --- a/2024/CVE-2024-4443.md +++ b/2024/CVE-2024-4443.md @@ -13,8 +13,26 @@ The Business Directory Plugin – Easy Listing Directories for WordPress plugin No PoCs from references. #### Github +- https://github.com/0day404/HV-2024-POC +- https://github.com/12442RF/POC +- https://github.com/AboSteam/POPC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/WhosGa/MyWiki +- https://github.com/Yuan08o/pocs +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/truonghuuphuc/CVE-2024-4443-Poc +- https://github.com/truonghuuphuc/Poc - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki diff --git a/2024/CVE-2024-4444.md b/2024/CVE-2024-4444.md index d1f3efb78d..463bf8374c 100644 --- a/2024/CVE-2024-4444.md +++ b/2024/CVE-2024-4444.md @@ -13,6 +13,7 @@ The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to by No PoCs from references. #### Github +- https://github.com/Indrani-19/vulnerability-scanner - https://github.com/JohnnyBradvo/CVE-2024-4444 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-44450.md b/2024/CVE-2024-44450.md new file mode 100644 index 0000000000..e89c81f253 --- /dev/null +++ b/2024/CVE-2024-44450.md @@ -0,0 +1,17 @@ +### [CVE-2024-44450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44450) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/NaunetEU/CVE-2024-44450 + diff --git a/2024/CVE-2024-44541.md b/2024/CVE-2024-44541.md new file mode 100644 index 0000000000..cde2f3348c --- /dev/null +++ b/2024/CVE-2024-44541.md @@ -0,0 +1,17 @@ +### [CVE-2024-44541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44541) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/pointedsec/CVE-2024-44541 + diff --git a/2024/CVE-2024-44542.md b/2024/CVE-2024-44542.md new file mode 100644 index 0000000000..f85b617b02 --- /dev/null +++ b/2024/CVE-2024-44542.md @@ -0,0 +1,17 @@ +### [CVE-2024-44542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44542) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sshipanoo/CVE-2024-44542 + diff --git a/2024/CVE-2024-44610.md b/2024/CVE-2024-44610.md new file mode 100644 index 0000000000..8f357da7bb --- /dev/null +++ b/2024/CVE-2024-44610.md @@ -0,0 +1,17 @@ +### [CVE-2024-44610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44610) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. + +### POC + +#### Reference +- https://cve.mahi.be/peak_pcan_dr/ + +#### Github +- https://github.com/BertoldVdb/PcanExploit + diff --git a/2024/CVE-2024-44623.md b/2024/CVE-2024-44623.md new file mode 100644 index 0000000000..de3da70ab5 --- /dev/null +++ b/2024/CVE-2024-44623.md @@ -0,0 +1,17 @@ +### [CVE-2024-44623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44623) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/merbinr/CVE-2024-44623 + diff --git a/2024/CVE-2024-44625.md b/2024/CVE-2024-44625.md new file mode 100644 index 0000000000..8b8acafcfe --- /dev/null +++ b/2024/CVE-2024-44625.md @@ -0,0 +1,17 @@ +### [CVE-2024-44625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44625) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go. + +### POC + +#### Reference +- https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/ + +#### Github +- https://github.com/Fysac/CVE-2024-44625 + diff --git a/2024/CVE-2024-4464.md b/2024/CVE-2024-4464.md new file mode 100644 index 0000000000..7050faf1d4 --- /dev/null +++ b/2024/CVE-2024-4464.md @@ -0,0 +1,17 @@ +### [CVE-2024-4464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4464) +![](https://img.shields.io/static/v1?label=Product&message=Media%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/neko-hat/neko-hat + diff --git a/2024/CVE-2024-44667.md b/2024/CVE-2024-44667.md new file mode 100644 index 0000000000..3c47324b2f --- /dev/null +++ b/2024/CVE-2024-44667.md @@ -0,0 +1,18 @@ +### [CVE-2024-44667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44667) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. + +### POC + +#### Reference +- https://medium.com/%40sengkyaut/unauthenticated-factory-mode-reset-and-at-command-injection-in-jboneos-or-jbonecloud-firmware-1dec156b7ddd +- https://medium.com/@sengkyaut/unauthenticated-factory-mode-reset-and-at-command-injection-in-jboneos-or-jbonecloud-firmware-1dec156b7ddd + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-44727.md b/2024/CVE-2024-44727.md new file mode 100644 index 0000000000..562af43639 --- /dev/null +++ b/2024/CVE-2024-44727.md @@ -0,0 +1,17 @@ +### [CVE-2024-44727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44727) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AslamMahi/AslamMahi + diff --git a/2024/CVE-2024-44728.md b/2024/CVE-2024-44728.md new file mode 100644 index 0000000000..7d353167e4 --- /dev/null +++ b/2024/CVE-2024-44728.md @@ -0,0 +1,17 @@ +### [CVE-2024-44728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44728) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AslamMahi/AslamMahi + diff --git a/2024/CVE-2024-44756.md b/2024/CVE-2024-44756.md new file mode 100644 index 0000000000..b599466034 --- /dev/null +++ b/2024/CVE-2024-44756.md @@ -0,0 +1,18 @@ +### [CVE-2024-44756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44756) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul + diff --git a/2024/CVE-2024-44757.md b/2024/CVE-2024-44757.md new file mode 100644 index 0000000000..ffd378d31d --- /dev/null +++ b/2024/CVE-2024-44757.md @@ -0,0 +1,18 @@ +### [CVE-2024-44757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44757) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul + diff --git a/2024/CVE-2024-44758.md b/2024/CVE-2024-44758.md new file mode 100644 index 0000000000..cccdc9af61 --- /dev/null +++ b/2024/CVE-2024-44758.md @@ -0,0 +1,18 @@ +### [CVE-2024-44758](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44758) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul + diff --git a/2024/CVE-2024-44759.md b/2024/CVE-2024-44759.md new file mode 100644 index 0000000000..d83be24a7b --- /dev/null +++ b/2024/CVE-2024-44759.md @@ -0,0 +1,18 @@ +### [CVE-2024-44759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44759) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul + diff --git a/2024/CVE-2024-44760.md b/2024/CVE-2024-44760.md index 55a24a329a..13fde51772 100644 --- a/2024/CVE-2024-44760.md +++ b/2024/CVE-2024-44760.md @@ -13,5 +13,7 @@ Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44761.md b/2024/CVE-2024-44761.md index 93ef7074b5..d1db97b2cc 100644 --- a/2024/CVE-2024-44761.md +++ b/2024/CVE-2024-44761.md @@ -13,5 +13,7 @@ An issue in EQ Enterprise Management System before v2.0.0 allows attackers to ex No PoCs from references. #### Github +- https://github.com/WarmBrew/WarmBrew +- https://github.com/WarmBrew/web_vul - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44765.md b/2024/CVE-2024-44765.md new file mode 100644 index 0000000000..894267de2b --- /dev/null +++ b/2024/CVE-2024-44765.md @@ -0,0 +1,17 @@ +### [CVE-2024-44765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44765) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/josephgodwinkimani/cloudpanel-2.4.2-CVE-2024-44765-recovery + diff --git a/2024/CVE-2024-44771.md b/2024/CVE-2024-44771.md new file mode 100644 index 0000000000..fcee008a2d --- /dev/null +++ b/2024/CVE-2024-44771.md @@ -0,0 +1,17 @@ +### [CVE-2024-44771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44771) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function. + +### POC + +#### Reference +- https://www.appgate.com/blog/cross-site-scripting-xss-in-bigid-privacy-portal + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-44793.md b/2024/CVE-2024-44793.md index 44b3614d0f..f2908e1620 100644 --- a/2024/CVE-2024-44793.md +++ b/2024/CVE-2024-44793.md @@ -13,5 +13,5 @@ A cross-site scripting (XSS) vulnerability in the component /managers/multiple_f - https://github.com/WhatCD/Gazelle/issues/131 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-44794.md b/2024/CVE-2024-44794.md index 679746d7fc..d5a8eb861c 100644 --- a/2024/CVE-2024-44794.md +++ b/2024/CVE-2024-44794.md @@ -13,5 +13,5 @@ A cross-site scripting (XSS) vulnerability in the component /master/auth/Onedriv - https://github.com/xiebruce/PicUploader/issues/91 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-44795.md b/2024/CVE-2024-44795.md index 422e69804c..2f372b3777 100644 --- a/2024/CVE-2024-44795.md +++ b/2024/CVE-2024-44795.md @@ -13,5 +13,5 @@ A cross-site scripting (XSS) vulnerability in the component /login/disabled.php - https://github.com/WhatCD/Gazelle/issues/129 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-44796.md b/2024/CVE-2024-44796.md index 9d97b62dcc..f2481526c4 100644 --- a/2024/CVE-2024-44796.md +++ b/2024/CVE-2024-44796.md @@ -13,5 +13,5 @@ A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect. - https://github.com/xiebruce/PicUploader/issues/90 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-44797.md b/2024/CVE-2024-44797.md index 541df1c890..30fb515d2f 100644 --- a/2024/CVE-2024-44797.md +++ b/2024/CVE-2024-44797.md @@ -13,5 +13,5 @@ A cross-site scripting (XSS) vulnerability in the component /managers/enable_req - https://github.com/WhatCD/Gazelle/issues/130 #### Github -No PoCs found on GitHub currently. +- https://github.com/xjzzzxx/Yama diff --git a/2024/CVE-2024-44808.md b/2024/CVE-2024-44808.md new file mode 100644 index 0000000000..697188476f --- /dev/null +++ b/2024/CVE-2024-44808.md @@ -0,0 +1,17 @@ +### [CVE-2024-44808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44808) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. + +### POC + +#### Reference +- https://jacobmasse.medium.com/cve-2024-44808-remote-command-execution-in-vypor-ddos-attack-api-1ed073725595 + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-44809.md b/2024/CVE-2024-44809.md new file mode 100644 index 0000000000..46646d4f69 --- /dev/null +++ b/2024/CVE-2024-44809.md @@ -0,0 +1,17 @@ +### [CVE-2024-44809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44809) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks. + +### POC + +#### Reference +- https://jacobmasse.medium.com/cve-2024-44809-remote-code-execution-in-raspberry-pi-camera-project-4b8e3486a628 + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-44812.md b/2024/CVE-2024-44812.md new file mode 100644 index 0000000000..1070a97599 --- /dev/null +++ b/2024/CVE-2024-44812.md @@ -0,0 +1,17 @@ +### [CVE-2024-44812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44812) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/b1u3st0rm/CVE-2024-44812-PoC + diff --git a/2024/CVE-2024-44815.md b/2024/CVE-2024-44815.md new file mode 100644 index 0000000000..eca62ee691 --- /dev/null +++ b/2024/CVE-2024-44815.md @@ -0,0 +1,17 @@ +### [CVE-2024-44815](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44815) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815- + diff --git a/2024/CVE-2024-44825.md b/2024/CVE-2024-44825.md new file mode 100644 index 0000000000..dffce88707 --- /dev/null +++ b/2024/CVE-2024-44825.md @@ -0,0 +1,17 @@ +### [CVE-2024-44825](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44825) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/partywavesec/invesalius3_vulnerabilities + diff --git a/2024/CVE-2024-44849.md b/2024/CVE-2024-44849.md new file mode 100644 index 0000000000..98cf77d90e --- /dev/null +++ b/2024/CVE-2024-44849.md @@ -0,0 +1,17 @@ +### [CVE-2024-44849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44849) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/extencil/CVE-2024-44849 + diff --git a/2024/CVE-2024-44852.md b/2024/CVE-2024-44852.md new file mode 100644 index 0000000000..287b67e583 --- /dev/null +++ b/2024/CVE-2024-44852.md @@ -0,0 +1,17 @@ +### [CVE-2024-44852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44852) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-44853.md b/2024/CVE-2024-44853.md new file mode 100644 index 0000000000..1b77110cda --- /dev/null +++ b/2024/CVE-2024-44853.md @@ -0,0 +1,17 @@ +### [CVE-2024-44853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44853) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-44854.md b/2024/CVE-2024-44854.md new file mode 100644 index 0000000000..f4b2aae13f --- /dev/null +++ b/2024/CVE-2024-44854.md @@ -0,0 +1,17 @@ +### [CVE-2024-44854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44854) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-44855.md b/2024/CVE-2024-44855.md new file mode 100644 index 0000000000..edab6c388e --- /dev/null +++ b/2024/CVE-2024-44855.md @@ -0,0 +1,17 @@ +### [CVE-2024-44855](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44855) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-44856.md b/2024/CVE-2024-44856.md new file mode 100644 index 0000000000..09799c811b --- /dev/null +++ b/2024/CVE-2024-44856.md @@ -0,0 +1,17 @@ +### [CVE-2024-44856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44856) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GoesM/ROCF + diff --git a/2024/CVE-2024-44866.md b/2024/CVE-2024-44866.md new file mode 100644 index 0000000000..936a94298b --- /dev/null +++ b/2024/CVE-2024-44866.md @@ -0,0 +1,17 @@ +### [CVE-2024-44866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44866) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A buffer overflow in the GuitarPro1::read function of MuseScore Studio v4.3.2 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via opening a crafted GuitarPro file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/moonadon9/CVE_2024 + diff --git a/2024/CVE-2024-44867.md b/2024/CVE-2024-44867.md new file mode 100644 index 0000000000..5200895e5e --- /dev/null +++ b/2024/CVE-2024-44867.md @@ -0,0 +1,17 @@ +### [CVE-2024-44867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44867) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ChengZyin/CVE-2024-44867 + diff --git a/2024/CVE-2024-44871.md b/2024/CVE-2024-44871.md new file mode 100644 index 0000000000..151b97899c --- /dev/null +++ b/2024/CVE-2024-44871.md @@ -0,0 +1,18 @@ +### [CVE-2024-44871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44871) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/vances25/CVE-2024-44871 + diff --git a/2024/CVE-2024-44902.md b/2024/CVE-2024-44902.md new file mode 100644 index 0000000000..e1737032be --- /dev/null +++ b/2024/CVE-2024-44902.md @@ -0,0 +1,31 @@ +### [CVE-2024-44902](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44902) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/PumpkinBridge/ThinkPHPv6.1.3-v8.0.4-POC +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/fru1ts/CVE-2024-44902 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 + diff --git a/2024/CVE-2024-44903.md b/2024/CVE-2024-44903.md new file mode 100644 index 0000000000..676818bac8 --- /dev/null +++ b/2024/CVE-2024-44903.md @@ -0,0 +1,17 @@ +### [CVE-2024-44903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44903) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable. + +### POC + +#### Reference +- https://www.artresilia.com/cve-2024-44903-sql-injection-vulnerability-in-horizon-information-portal/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4491.md b/2024/CVE-2024-4491.md index bdc1c167fc..d820e8f876 100644 --- a/2024/CVE-2024-4491.md +++ b/2024/CVE-2024-4491.md @@ -14,4 +14,5 @@ A vulnerability classified as critical was found in Tenda i21 1.0.0.14(4656). Th #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-44910.md b/2024/CVE-2024-44910.md new file mode 100644 index 0000000000..ffe4f5840d --- /dev/null +++ b/2024/CVE-2024-44910.md @@ -0,0 +1,17 @@ +### [CVE-2024-44910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44910) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-44911.md b/2024/CVE-2024-44911.md new file mode 100644 index 0000000000..73a159fef9 --- /dev/null +++ b/2024/CVE-2024-44911.md @@ -0,0 +1,17 @@ +### [CVE-2024-44911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44911) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-44912.md b/2024/CVE-2024-44912.md new file mode 100644 index 0000000000..04039d547f --- /dev/null +++ b/2024/CVE-2024-44912.md @@ -0,0 +1,17 @@ +### [CVE-2024-44912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44912) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ANG13T/aerospace-cve-list + diff --git a/2024/CVE-2024-44913.md b/2024/CVE-2024-44913.md index cd5f2fcb07..93a914ea49 100644 --- a/2024/CVE-2024-44913.md +++ b/2024/CVE-2024-44913.md @@ -13,5 +13,6 @@ An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows atta No PoCs from references. #### Github +- https://github.com/GAP-dev/GAP-dev - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44914.md b/2024/CVE-2024-44914.md index e86b49d468..c9e2c35e30 100644 --- a/2024/CVE-2024-44914.md +++ b/2024/CVE-2024-44914.md @@ -13,5 +13,6 @@ An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows atta No PoCs from references. #### Github +- https://github.com/GAP-dev/GAP-dev - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44915.md b/2024/CVE-2024-44915.md index 6158bf63f6..97f29b569f 100644 --- a/2024/CVE-2024-44915.md +++ b/2024/CVE-2024-44915.md @@ -13,5 +13,6 @@ An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows atta No PoCs from references. #### Github +- https://github.com/GAP-dev/GAP-dev - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-4492.md b/2024/CVE-2024-4492.md index b60fdc82d7..46c6e5bfb0 100644 --- a/2024/CVE-2024-4492.md +++ b/2024/CVE-2024-4492.md @@ -14,4 +14,5 @@ A vulnerability, which was classified as critical, has been found in Tenda i21 1 #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4493.md b/2024/CVE-2024-4493.md index 813853af8d..e59569a3c2 100644 --- a/2024/CVE-2024-4493.md +++ b/2024/CVE-2024-4493.md @@ -15,4 +15,5 @@ A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0. #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4494.md b/2024/CVE-2024-4494.md index 18cb2fa429..0530721bae 100644 --- a/2024/CVE-2024-4494.md +++ b/2024/CVE-2024-4494.md @@ -15,4 +15,5 @@ A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as cri #### Github - https://github.com/LaPhilosophie/IoT-vulnerable - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-44941.md b/2024/CVE-2024-44941.md new file mode 100644 index 0000000000..dbeaeb445a --- /dev/null +++ b/2024/CVE-2024-44941.md @@ -0,0 +1,17 @@ +### [CVE-2024-44941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44941) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20263df78166d3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to cover read extent cache access with locksyzbot reports a f2fs bug as below:BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46Read of size 4 at addr ffff8880739ab220 by task syz-executor200/5097CPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46 do_read_inode fs/f2fs/inode.c:509 [inline] f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560 f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237 generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413 exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444 exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584 do_handle_to_path fs/fhandle.c:155 [inline] handle_to_path fs/fhandle.c:210 [inline] do_handle_open+0x495/0x650 fs/fhandle.c:226 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7fWe missed to cover sanity_check_extent_cache() w/ extent cache lock,so, below race case may happen, result in use after free issue.- f2fs_iget - do_read_inode - f2fs_init_read_extent_tree : add largest extent entry in to cache - shrink - f2fs_shrink_read_extent_tree - __shrink_extent_tree - __detach_extent_node : drop largest extent entry - sanity_check_extent_cache : access et->largest w/o locklet's refactor sanity_check_extent_cache() to avoid extent cache accessand call it before f2fs_init_read_extent_tree() to fix this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-44942.md b/2024/CVE-2024-44942.md new file mode 100644 index 0000000000..3e88435da1 --- /dev/null +++ b/2024/CVE-2024-44942.md @@ -0,0 +1,18 @@ +### [CVE-2024-44942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44942) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20ae00e6536a2d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GCsyzbot reports a f2fs bug as below:------------[ cut here ]------------kernel BUG at fs/f2fs/inline.c:258!CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258Call Trace: f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834 f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315 do_writepages+0x35b/0x870 mm/page-writeback.c:2612 __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650 writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941 wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117 wb_do_writeback fs/fs-writeback.c:2264 [inline] wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f2/0x390 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244The root cause is: inline_data inode can be fuzzed, so that there maybe valid blkaddr in its direct node, once f2fs triggers background GCto migrate the block, it will hit f2fs_bug_on() during dirty pagewriteback.Let's add sanity check on F2FS_INLINE_DATA flag in inode during GC,so that, it can forbid migrating inline_data inode's data block forfixing. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-44946.md b/2024/CVE-2024-44946.md new file mode 100644 index 0000000000..62f9259def --- /dev/null +++ b/2024/CVE-2024-44946.md @@ -0,0 +1,18 @@ +### [CVE-2024-44946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44946) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=ab7ac4eb9832%3C%208c9cdbf60014%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:kcm: Serialise kcm_sendmsg() for the same socket.syzkaller reported UAF in kcm_release(). [0]The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Thread A resumes building skb from kcm->seq_skb but is blocked by sk_stream_wait_memory() 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb and puts the skb to the write queue 4. Thread A faces an error and finally frees skb that is already in the write queue 5. kcm_release() does double-free the skb in the write queueWhen a thread is building a MSG_MORE skb, another thread must not touch it.Let's add a per-sk mutex and serialise kcm_sendmsg().[0]:BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncated--- + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Abdurahmon3236/CVE-2024-44946 +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-44947.md b/2024/CVE-2024-44947.md new file mode 100644 index 0000000000..8cebb8564b --- /dev/null +++ b/2024/CVE-2024-44947.md @@ -0,0 +1,17 @@ +### [CVE-2024-44947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44947) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=a1d75f258230%3C%2049934861514d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:fuse: Initialize beyond-EOF page contents before setting uptodatefuse_notify_store(), unlike fuse_do_readpage(), does not enable pagezeroing (because it can be used to change partial page contents).So fuse_notify_store() must be more careful to fully initialize pagecontents (including parts of the page that are beyond end-of-file)before marking the page uptodate.The current code can leave beyond-EOF page contents uninitialized, whichmakes these uninitialized page contents visible to userspace via mmap().This is an information leak, but only affects systems which do notenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or thecorresponding kernel command line parameter). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Abdurahmon3236/CVE-2024-44947 + diff --git a/2024/CVE-2024-4495.md b/2024/CVE-2024-4495.md index 74745ce1bc..95743a2b06 100644 --- a/2024/CVE-2024-4495.md +++ b/2024/CVE-2024-4495.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-44951.md b/2024/CVE-2024-44951.md new file mode 100644 index 0000000000..cff7d0d108 --- /dev/null +++ b/2024/CVE-2024-44951.md @@ -0,0 +1,17 @@ +### [CVE-2024-44951](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44951) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4409df5866b7%3C%2009cfe05e9907%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:serial: sc16is7xx: fix TX fifo corruptionSometimes, when a packet is received on channel A at almost the same timeas a packet is about to be transmitted on channel B, we observe with alogic analyzer that the received packet on channel A is transmitted onchannel B. In other words, the Tx buffer data on channel B is corruptedwith data from channel A.The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: changeEFR lock to operate on each channels"), which changed the EFR locking tooperate on each channel instead of chip-wise.This commit has introduced a regression, because the EFR lock is used notonly to protect the EFR registers access, but also, in a very obscure andundocumented way, to protect access to the data buffer, which is shared bythe Tx and Rx handlers, but also by each channel of the IC.Fix this regression first by switching to kfifo_out_linear_ptr() insc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.Secondly, replace the chip-wise Rx buffer with a separate Rx buffer foreach channel. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-4496.md b/2024/CVE-2024-4496.md index 2fbc58092b..f1a9638640 100644 --- a/2024/CVE-2024-4496.md +++ b/2024/CVE-2024-4496.md @@ -14,4 +14,5 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4497.md b/2024/CVE-2024-4497.md index 208bd2b04f..8649cae3fa 100644 --- a/2024/CVE-2024-4497.md +++ b/2024/CVE-2024-4497.md @@ -15,4 +15,5 @@ A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as c #### Github - https://github.com/LaPhilosophie/IoT-vulnerable +- https://github.com/gh-ost00/IOT-Vulnerable_POC diff --git a/2024/CVE-2024-4501.md b/2024/CVE-2024-4501.md index cb8842f765..cdafd28cc7 100644 --- a/2024/CVE-2024-4501.md +++ b/2024/CVE-2024-4501.md @@ -13,5 +13,6 @@ A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as No PoCs from references. #### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-4502.md b/2024/CVE-2024-4502.md new file mode 100644 index 0000000000..f79d3ebc5a --- /dev/null +++ b/2024/CVE-2024-4502.md @@ -0,0 +1,17 @@ +### [CVE-2024-4502](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4502) +![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of the argument ifName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263106 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-4503.md b/2024/CVE-2024-4503.md new file mode 100644 index 0000000000..87834be751 --- /dev/null +++ b/2024/CVE-2024-4503.md @@ -0,0 +1,17 @@ +### [CVE-2024-4503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4503) +![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240428. Affected by this vulnerability is an unknown functionality of the file /view/dhcp/dhcpConfig/dhcp_relay_commit.php. The manipulation of the argument interface_from leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263107. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-45034.md b/2024/CVE-2024-45034.md new file mode 100644 index 0000000000..944e080401 --- /dev/null +++ b/2024/CVE-2024-45034.md @@ -0,0 +1,17 @@ +### [CVE-2024-45034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45034) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Airflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.10.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%3A%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen) + +### Description + +Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ch4n3-yoon/ch4n3-yoon + diff --git a/2024/CVE-2024-45040.md b/2024/CVE-2024-45040.md new file mode 100644 index 0000000000..00661729ac --- /dev/null +++ b/2024/CVE-2024-45040.md @@ -0,0 +1,17 @@ +### [CVE-2024-45040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45040) +![](https://img.shields.io/static/v1?label=Product&message=gnark&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.11.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to deduce the actual value. If the possible choices for the variables to be committed is large or there are many values committed, then it would be computationally infeasible to enumerate all valid choices. It doesn't affect the completeness/soundness of the proofs. The vulnerability has been fixed in version 0.11.0. The patch to fix the issue is to add additional randomized value to the list of committed value at proving time to mask the rest of the values which were committed. As a workaround, the user can manually commit to a randomized value. + +### POC + +#### Reference +- https://github.com/Consensys/gnark/security/advisories/GHSA-9xcg-3q8v-7fq6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45046.md b/2024/CVE-2024-45046.md new file mode 100644 index 0000000000..5b3c3c0d2a --- /dev/null +++ b/2024/CVE-2024-45046.md @@ -0,0 +1,17 @@ +### [CVE-2024-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45046) +![](https://img.shields.io/static/v1?label=Product&message=PhpSpreadsheet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker may used a crafted spreadsheet to fully takeover a session of a user viewing spreadsheet files as HTML. This issue has been addressed in release version 2.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-wgmf-q9vr-vww6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4505.md b/2024/CVE-2024-4505.md new file mode 100644 index 0000000000..318517b8dc --- /dev/null +++ b/2024/CVE-2024-4505.md @@ -0,0 +1,17 @@ +### [CVE-2024-4505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4505) +![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240428. This affects an unknown part of the file /view/IPV6/ipv6Addr/ip_addr_add_commit.php. The manipulation of the argument prelen/ethname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263109 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-45052.md b/2024/CVE-2024-45052.md new file mode 100644 index 0000000000..fbfe0ee318 --- /dev/null +++ b/2024/CVE-2024-45052.md @@ -0,0 +1,17 @@ +### [CVE-2024-45052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45052) +![](https://img.shields.io/static/v1?label=Product&message=fides&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.44.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-208%3A%20Observable%20Timing%20Discrepancy&color=brighgreen) + +### Description + +Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it takes for the server to respond to login requests. The discrepancy in response times between valid and invalid usernames can be leveraged to enumerate users on the system. This vulnerability enables a timing-based username enumeration attack. An attacker can systematically guess and verify which usernames are valid by measuring the server's response time to authentication requests. This information can be used to conduct further attacks on authentication such as password brute-forcing and credential stuffing. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds. + +### POC + +#### Reference +- https://github.com/ethyca/fides/security/advisories/GHSA-2h46-8gf5-fmxv + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45057.md b/2024/CVE-2024-45057.md new file mode 100644 index 0000000000..e30d3d470a --- /dev/null +++ b/2024/CVE-2024-45057.md @@ -0,0 +1,17 @@ +### [CVE-2024-45057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45057) +![](https://img.shields.io/static/v1?label=Product&message=i-educar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at `ieducar/intranet/include/clsCampos.inc.php` does not properly validate or sanitize user-controlled input, leading to the vulnerability. Any page that uses this implementation is vulnerable, such as `intranet/educar_curso_lst.php?nm_curso=`, `intranet/atendidos_lst.php?nm_pessoa=`, `intranet/educar_abandono_tipo_lst?nome=`. Commit f2d768534aabc09b2a1fc8a5cc5f9c93925cb273 contains a patch for the issue. + +### POC + +#### Reference +- https://github.com/portabilis/i-educar/security/advisories/GHSA-fqwh-c3c8-7gwj + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45058.md b/2024/CVE-2024-45058.md new file mode 100644 index 0000000000..3692daf354 --- /dev/null +++ b/2024/CVE-2024-45058.md @@ -0,0 +1,18 @@ +### [CVE-2024-45058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45058) +![](https://img.shields.io/static/v1?label=Product&message=i-educar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue. + +### POC + +#### Reference +- https://github.com/portabilis/i-educar/security/advisories/GHSA-53vj-fq8x-2mvg + +#### Github +- https://github.com/0xbhsu/CVE-2024-45058 + diff --git a/2024/CVE-2024-4506.md b/2024/CVE-2024-4506.md new file mode 100644 index 0000000000..885af4bc77 --- /dev/null +++ b/2024/CVE-2024-4506.md @@ -0,0 +1,17 @@ +### [CVE-2024-4506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4506) +![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in Ruijie RG-UAC up to 20240428 and classified as critical. This vulnerability affects unknown code of the file /view/IPV6/ipv6Addr/ip_addr_edit_commit.php. The manipulation of the argument text_ip_addr/orgprelen/orgname leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263110 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-4507.md b/2024/CVE-2024-4507.md new file mode 100644 index 0000000000..9ca78b99ec --- /dev/null +++ b/2024/CVE-2024-4507.md @@ -0,0 +1,17 @@ +### [CVE-2024-4507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4507) +![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-4508.md b/2024/CVE-2024-4508.md new file mode 100644 index 0000000000..7a17f04bff --- /dev/null +++ b/2024/CVE-2024-4508.md @@ -0,0 +1,17 @@ +### [CVE-2024-4508](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4508) +![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-4510.md b/2024/CVE-2024-4510.md new file mode 100644 index 0000000000..bf10ae276a --- /dev/null +++ b/2024/CVE-2024-4510.md @@ -0,0 +1,17 @@ +### [CVE-2024-4510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4510) +![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240428%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h0e4a0r1t/h0e4a0r1t + diff --git a/2024/CVE-2024-4511.md b/2024/CVE-2024-4511.md new file mode 100644 index 0000000000..b4e0a26153 --- /dev/null +++ b/2024/CVE-2024-4511.md @@ -0,0 +1,17 @@ +### [CVE-2024-4511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4511) +![](https://img.shields.io/static/v1?label=Product&message=BACnet%20Server%20HMI1002-ARM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://vuldb.com/?id.263115 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45170.md b/2024/CVE-2024-45170.md new file mode 100644 index 0000000000..f67f4e6006 --- /dev/null +++ b/2024/CVE-2024-45170.md @@ -0,0 +1,17 @@ +### [CVE-2024-45170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45170) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-024.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45171.md b/2024/CVE-2024-45171.md new file mode 100644 index 0000000000..63cba581cf --- /dev/null +++ b/2024/CVE-2024-45171.md @@ -0,0 +1,17 @@ +### [CVE-2024-45171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45171) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory "/srv/www/backups" on the C-MOR system, and can thus be accessed via the URL https:///backup/upload_. Due to broken access control, low-privileged authenticated users can also use this file upload functionality. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-026.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45172.md b/2024/CVE-2024-45172.md new file mode 100644 index 0000000000..fee5bcd084 --- /dev/null +++ b/2024/CVE-2024-45172.md @@ -0,0 +1,17 @@ +### [CVE-2024-45172](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45172) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-022.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45173.md b/2024/CVE-2024-45173.md new file mode 100644 index 0000000000..02256e64a7 --- /dev/null +++ b/2024/CVE-2024-45173.md @@ -0,0 +1,17 @@ +### [CVE-2024-45173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45173) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-027.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45174.md b/2024/CVE-2024-45174.md new file mode 100644 index 0000000000..5829814bfb --- /dev/null +++ b/2024/CVE-2024-45174.md @@ -0,0 +1,17 @@ +### [CVE-2024-45174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45174) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrary SQL commands in the context of the corresponding MySQL database. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-023.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45175.md b/2024/CVE-2024-45175.md new file mode 100644 index 0000000000..de816a467a --- /dev/null +++ b/2024/CVE-2024-45175.md @@ -0,0 +1,17 @@ +### [CVE-2024-45175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45175) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-028.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45176.md b/2024/CVE-2024-45176.md new file mode 100644 index 0000000000..9f387a7654 --- /dev/null +++ b/2024/CVE-2024-45176.md @@ -0,0 +1,17 @@ +### [CVE-2024-45176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45176) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-020.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45177.md b/2024/CVE-2024-45177.md new file mode 100644 index 0000000000..506353aa6d --- /dev/null +++ b/2024/CVE-2024-45177.md @@ -0,0 +1,17 @@ +### [CVE-2024-45177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45177) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It was found out that the camera configuration is vulnerable to a persistent cross-site scripting attack due to insufficient user input validation. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-021.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45178.md b/2024/CVE-2024-45178.md new file mode 100644 index 0000000000..113e0b5cd5 --- /dev/null +++ b/2024/CVE-2024-45178.md @@ -0,0 +1,17 @@ +### [CVE-2024-45178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45178) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, due to insufficient user input validation. For instance, the download functionality for backups provided by the script download-bkf.pml is vulnerable to a path traversal attack via the parameter bkf. This enables an authenticated user to download arbitrary files as Linux user www-data from the C-MOR system. Another path traversal attack is in the script show-movies.pml, which can be exploited via the parameter cam. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-025.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45179.md b/2024/CVE-2024-45179.md new file mode 100644 index 0000000000..1a37de0225 --- /dev/null +++ b/2024/CVE-2024-45179.md @@ -0,0 +1,17 @@ +### [CVE-2024-45179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45179) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges. + +### POC + +#### Reference +- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-030.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45181.md b/2024/CVE-2024-45181.md new file mode 100644 index 0000000000..2e289e4416 --- /dev/null +++ b/2024/CVE-2024-45181.md @@ -0,0 +1,17 @@ +### [CVE-2024-45181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45181) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption. + +### POC + +#### Reference +- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-94453.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45182.md b/2024/CVE-2024-45182.md new file mode 100644 index 0000000000..48602f407d --- /dev/null +++ b/2024/CVE-2024-45182.md @@ -0,0 +1,17 @@ +### [CVE-2024-45182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45182) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service. + +### POC + +#### Reference +- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-94453.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45186.md b/2024/CVE-2024-45186.md new file mode 100644 index 0000000000..a525c551ed --- /dev/null +++ b/2024/CVE-2024-45186.md @@ -0,0 +1,17 @@ +### [CVE-2024-45186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45186) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-45187.md b/2024/CVE-2024-45187.md index e2168c1a21..c1baa49d5a 100644 --- a/2024/CVE-2024-45187.md +++ b/2024/CVE-2024-45187.md @@ -1,7 +1,7 @@ ### [CVE-2024-45187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45187) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-613%20Insufficient%20Session%20Expiration&color=brighgreen) ### Description diff --git a/2024/CVE-2024-45188.md b/2024/CVE-2024-45188.md index 2e4e5424e6..cf366f30fe 100644 --- a/2024/CVE-2024-45188.md +++ b/2024/CVE-2024-45188.md @@ -1,7 +1,7 @@ ### [CVE-2024-45188](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45188) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-45189.md b/2024/CVE-2024-45189.md index 3a5385841c..133246a3e1 100644 --- a/2024/CVE-2024-45189.md +++ b/2024/CVE-2024-45189.md @@ -1,7 +1,7 @@ ### [CVE-2024-45189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45189) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) ### Description diff --git a/2024/CVE-2024-45190.md b/2024/CVE-2024-45190.md index e667a65847..6d26572745 100644 --- a/2024/CVE-2024-45190.md +++ b/2024/CVE-2024-45190.md @@ -1,7 +1,7 @@ ### [CVE-2024-45190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45190) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-35%20Path%20Traversal%3A%20'...%2F...%2F%2F'&color=brighgreen) ### Description diff --git a/2024/CVE-2024-45195.md b/2024/CVE-2024-45195.md new file mode 100644 index 0000000000..ff50acce1e --- /dev/null +++ b/2024/CVE-2024-45195.md @@ -0,0 +1,42 @@ +### [CVE-2024-45195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45195) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20OFBiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2018.12.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-425%20Direct%20Request%20('Forced%20Browsing')&color=brighgreen) + +### Description + +Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.16.Users are recommended to upgrade to version 18.12.16, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/CP04042K/CVE +- https://github.com/DMW11525708/wiki +- https://github.com/DoTTak/Apache-OFBiz-1-Day-Analysis +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Ostorlab/KEV +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/WhosGa/MyWiki +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/admin772/POC +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hsvhora/research_blogs +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/packetinside/CISA_BOT +- https://github.com/plbplbp/loudong001 +- https://github.com/wyyazjjl/CVE-2024-45195 + diff --git a/2024/CVE-2024-45200.md b/2024/CVE-2024-45200.md new file mode 100644 index 0000000000..87c142978a --- /dev/null +++ b/2024/CVE-2024-45200.md @@ -0,0 +1,17 @@ +### [CVE-2024-45200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45200) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, + +### POC + +#### Reference +- https://github.com/latte-soft/kartlanpwn + +#### Github +- https://github.com/chadhyatt/kartlanpwn + diff --git a/2024/CVE-2024-45216.md b/2024/CVE-2024-45216.md new file mode 100644 index 0000000000..0c45e4b35b --- /dev/null +++ b/2024/CVE-2024-45216.md @@ -0,0 +1,36 @@ +### [CVE-2024-45216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45216) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Solr&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.3.0%3C%208.11.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +Improper Authentication vulnerability in Apache Solr.Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/XiaomingX/weekly +- https://github.com/a1batr0ssG/VulhubExpand +- https://github.com/adysec/POC +- https://github.com/congdong007/CVE-2024-45216-Poc +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/killswitchp/testie +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 +- https://github.com/xiangmou123/SolrScan + diff --git a/2024/CVE-2024-45231.md b/2024/CVE-2024-45231.md new file mode 100644 index 0000000000..8eb3902e53 --- /dev/null +++ b/2024/CVE-2024-45231.md @@ -0,0 +1,17 @@ +### [CVE-2024-45231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45231) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/graydonhope/VulnerabilityScanner + diff --git a/2024/CVE-2024-45234.md b/2024/CVE-2024-45234.md new file mode 100644 index 0000000000..c85dc848c6 --- /dev/null +++ b/2024/CVE-2024-45234.md @@ -0,0 +1,17 @@ +### [CVE-2024-45234](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45234) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0x0806/JWT-Security-Assessment + diff --git a/2024/CVE-2024-45241.md b/2024/CVE-2024-45241.md index 42b8f5f9b7..c235f2b2dc 100644 --- a/2024/CVE-2024-45241.md +++ b/2024/CVE-2024-45241.md @@ -14,5 +14,7 @@ No PoCs from references. #### Github - https://github.com/20142995/nuclei-templates +- https://github.com/d4lyw/CVE-2024-45241 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/verylazytech/CVE-2024-45241 diff --git a/2024/CVE-2024-45242.md b/2024/CVE-2024-45242.md new file mode 100644 index 0000000000..790f0e390e --- /dev/null +++ b/2024/CVE-2024-45242.md @@ -0,0 +1,17 @@ +### [CVE-2024-45242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45242) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-45244.md b/2024/CVE-2024-45244.md index 20f2cfec90..1a3b702d49 100644 --- a/2024/CVE-2024-45244.md +++ b/2024/CVE-2024-45244.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/shanker-sec/HLF_TxTime_spoofing +- https://github.com/shanker-sec/hlf-time-oracle diff --git a/2024/CVE-2024-45260.md b/2024/CVE-2024-45260.md new file mode 100644 index 0000000000..031e7603da --- /dev/null +++ b/2024/CVE-2024-45260.md @@ -0,0 +1,17 @@ +### [CVE-2024-45260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45260) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/aggressor0/GL.iNet-Exploits + diff --git a/2024/CVE-2024-45261.md b/2024/CVE-2024-45261.md new file mode 100644 index 0000000000..3f7e73fbdc --- /dev/null +++ b/2024/CVE-2024-45261.md @@ -0,0 +1,17 @@ +### [CVE-2024-45261](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45261) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/aggressor0/GL.iNet-Exploits + diff --git a/2024/CVE-2024-45264.md b/2024/CVE-2024-45264.md index 2fb669115c..5379485343 100644 --- a/2024/CVE-2024-45264.md +++ b/2024/CVE-2024-45264.md @@ -13,6 +13,7 @@ A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySyste No PoCs from references. #### Github +- https://github.com/TheHermione/CVE-2024-45264 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-45265.md b/2024/CVE-2024-45265.md index eb06c764d8..b1e9173f2f 100644 --- a/2024/CVE-2024-45265.md +++ b/2024/CVE-2024-45265.md @@ -13,5 +13,7 @@ A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before No PoCs from references. #### Github +- https://github.com/TheHermione/CVE-2024-45265 +- https://github.com/fahimalshihab/DataSecurity - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-45296.md b/2024/CVE-2024-45296.md new file mode 100644 index 0000000000..5ede718c3f --- /dev/null +++ b/2024/CVE-2024-45296.md @@ -0,0 +1,21 @@ +### [CVE-2024-45296](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45296) +![](https://img.shields.io/static/v1?label=Product&message=path-to-regexp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.1.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1333%3A%20Inefficient%20Regular%20Expression%20Complexity&color=brighgreen) + +### Description + +path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Floydian-dk/plex-hue-control +- https://github.com/Icare741/TPTrivy +- https://github.com/KatenKyoukotsu/devsecops +- https://github.com/andrewbearsley/lacework-sca-scan-example +- https://github.com/felipecruz91/biznagafest24 + diff --git a/2024/CVE-2024-45302.md b/2024/CVE-2024-45302.md new file mode 100644 index 0000000000..e1a92622f7 --- /dev/null +++ b/2024/CVE-2024-45302.md @@ -0,0 +1,17 @@ +### [CVE-2024-45302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45302) +![](https://img.shields.io/static/v1?label=Product&message=RestSharp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%20107%2C%20%3C%20112.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-93%3A%20Improper%20Neutralization%20of%20CRLF%20Sequences%20('CRLF%20Injection')&color=brighgreen) + +### Description + +RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdateHeader` and `RestClient.AddDefaultHeader`. The way HTTP headers are added to a request is via the `HttpHeaders.TryAddWithoutValidation` method which does not check for CRLF characters in the header value. This means that any headers from a `RestSharp.RequestHeaders` object are added to the request in such a way that they are vulnerable to CRLF-injection. In general, CRLF-injection into a HTTP header (when using HTTP/1.1) means that one can inject additional HTTP headers or smuggle whole HTTP requests. If an application using the RestSharp library passes a user-controllable value through to a header, then that application becomes vulnerable to CRLF-injection. This is not necessarily a security issue for a command line application like the one above, but if such code were present in a web application then it becomes vulnerable to request splitting (as shown in the PoC) and thus Server Side Request Forgery. Strictly speaking this is a potential vulnerability in applications using RestSharp, not in RestSharp itself, but I would argue that at the very least there needs to be a warning about this behaviour in the RestSharp documentation. RestSharp has addressed this issue in version 112.0.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/restsharp/RestSharp/security/advisories/GHSA-4rr6-2v9v-wcpc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45310.md b/2024/CVE-2024-45310.md new file mode 100644 index 0000000000..c00d9d616b --- /dev/null +++ b/2024/CVE-2024-45310.md @@ -0,0 +1,18 @@ +### [CVE-2024-45310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45310) +![](https://img.shields.io/static/v1?label=Product&message=runc&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.1.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-363%3A%20Race%20Condition%20Enabling%20Link%20Following&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-61%3A%20UNIX%20Symbolic%20Link%20(Symlink)%20Following&color=brighgreen) + +### Description + +runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actualuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cve-scores + diff --git a/2024/CVE-2024-45320.md b/2024/CVE-2024-45320.md new file mode 100644 index 0000000000..c616c63158 --- /dev/null +++ b/2024/CVE-2024-45320.md @@ -0,0 +1,21 @@ +### [CVE-2024-45320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45320) +![](https://img.shields.io/static/v1?label=Product&message=DocuPrint%20CM225fw&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DocuPrint%20CM228fw&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DocuPrint%20CP225w&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DocuPrint%20CP228w&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2001.10.01%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2001.22.01%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20write&color=brighgreen) + +### Description + +Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/s0uthwood/netpuzz + diff --git a/2024/CVE-2024-45326.md b/2024/CVE-2024-45326.md new file mode 100644 index 0000000000..9288beadca --- /dev/null +++ b/2024/CVE-2024-45326.md @@ -0,0 +1,17 @@ +### [CVE-2024-45326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45326) +![](https://img.shields.io/static/v1?label=Product&message=FortiDeceptor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control&color=brighgreen) + +### Description + +An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tsautier/tsautier + diff --git a/2024/CVE-2024-45328.md b/2024/CVE-2024-45328.md new file mode 100644 index 0000000000..1f6651d2f1 --- /dev/null +++ b/2024/CVE-2024-45328.md @@ -0,0 +1,17 @@ +### [CVE-2024-45328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45328) +![](https://img.shields.io/static/v1?label=Product&message=FortiSandbox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=4.4.0%3C%3D%204.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Escalation%20of%20privilege&color=brighgreen) + +### Description + +An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tsautier/tsautier + diff --git a/2024/CVE-2024-45336.md b/2024/CVE-2024-45336.md new file mode 100644 index 0000000000..5d89f728ea --- /dev/null +++ b/2024/CVE-2024-45336.md @@ -0,0 +1,18 @@ +### [CVE-2024-45336](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336) +![](https://img.shields.io/static/v1?label=Product&message=net%2Fhttp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.22.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%3A%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/kaisensan/desafio-girus-pick + diff --git a/2024/CVE-2024-45337.md b/2024/CVE-2024-45337.md new file mode 100644 index 0000000000..23dd746455 --- /dev/null +++ b/2024/CVE-2024-45337.md @@ -0,0 +1,24 @@ +### [CVE-2024-45337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337) +![](https://img.shields.io/static/v1?label=Product&message=golang.org%2Fx%2Fcrypto%2Fssh&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.31.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1108%3A%20Excessive%20Reliance%20on%20Global%20Variables&color=brighgreen) + +### Description + +Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/11notes/docker-ente +- https://github.com/NHAS/CVE-2024-45337-POC +- https://github.com/NHAS/VULNERABLE-CVE-2024-45337 +- https://github.com/NHAS/cvessh +- https://github.com/ghadeer-elsalhawy/antrea-Renovate-lfx +- https://github.com/ghostbyt3/patch-tuesday +- https://github.com/kaisensan/desafio-girus-pick +- https://github.com/peace-maker/CVE-2024-45337 + diff --git a/2024/CVE-2024-45338.md b/2024/CVE-2024-45338.md new file mode 100644 index 0000000000..28e7cd1452 --- /dev/null +++ b/2024/CVE-2024-45338.md @@ -0,0 +1,21 @@ +### [CVE-2024-45338](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45338) +![](https://img.shields.io/static/v1?label=Product&message=golang.org%2Fx%2Fnet%2Fhtml&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.33.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-405%3A%20Asymmetric%20Resource%20Consumption%20(Amplification)&color=brighgreen) + +### Description + +An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/11notes/docker-ente +- https://github.com/imjasonh/govulncheck-action +- https://github.com/k37y/gvs +- https://github.com/kaisensan/desafio-girus-pick +- https://github.com/ytono/gcp-arcade + diff --git a/2024/CVE-2024-45339.md b/2024/CVE-2024-45339.md new file mode 100644 index 0000000000..6bf2b8a1c4 --- /dev/null +++ b/2024/CVE-2024-45339.md @@ -0,0 +1,17 @@ +### [CVE-2024-45339](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45339) +![](https://img.shields.io/static/v1?label=Product&message=github.com%2Fgolang%2Fglog&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-61%3A%20UNIX%20Symbolic%20Link%20(Symlink)%20Following&color=brighgreen) + +### Description + +When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/k37y/gvs + diff --git a/2024/CVE-2024-45341.md b/2024/CVE-2024-45341.md new file mode 100644 index 0000000000..4757baa8b4 --- /dev/null +++ b/2024/CVE-2024-45341.md @@ -0,0 +1,18 @@ +### [CVE-2024-45341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341) +![](https://img.shields.io/static/v1?label=Product&message=crypto%2Fx509&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.22.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-295%3A%20Improper%20Certificate%20Validation&color=brighgreen) + +### Description + +A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/kaisensan/desafio-girus-pick + diff --git a/2024/CVE-2024-45352.md b/2024/CVE-2024-45352.md new file mode 100644 index 0000000000..59bd896338 --- /dev/null +++ b/2024/CVE-2024-45352.md @@ -0,0 +1,19 @@ +### [CVE-2024-45352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45352) +![](https://img.shields.io/static/v1?label=Product&message=Xiaomi%20smarthome%20application&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Xiaomi%20smarthome%20application%2010.0.623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-346%20Origin%20Validation%20Error&color=brighgreen) + +### Description + +An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Edwins907/-CVE-2024-45352 +- https://github.com/Edwins907/CVE-2024-45352 +- https://github.com/Edwins907/xiaomi-cve-2024-45352 + diff --git a/2024/CVE-2024-45383.md b/2024/CVE-2024-45383.md new file mode 100644 index 0000000000..daf5ce0afa --- /dev/null +++ b/2024/CVE-2024-45383.md @@ -0,0 +1,17 @@ +### [CVE-2024-45383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45383) +![](https://img.shields.io/static/v1?label=Product&message=HDAudBus.sys&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.0.19041.3636%20(WinBuild.160101.0800)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-664%3A%20Improper%20Control%20of%20a%20Resource%20Through%20its%20Lifetime&color=brighgreen) + +### Description + +A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/SpiralBL0CK/CVE-2024-45383 + diff --git a/2024/CVE-2024-45387.md b/2024/CVE-2024-45387.md new file mode 100644 index 0000000000..56ddcde7b5 --- /dev/null +++ b/2024/CVE-2024-45387.md @@ -0,0 +1,18 @@ +### [CVE-2024-45387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45387) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Traffic%20Control&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%3A%20Improper%20Authorization&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/FRBMorais/sql_injection_sample + diff --git a/2024/CVE-2024-45388.md b/2024/CVE-2024-45388.md new file mode 100644 index 0000000000..82982ed17e --- /dev/null +++ b/2024/CVE-2024-45388.md @@ -0,0 +1,29 @@ +### [CVE-2024-45388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45388) +![](https://img.shields.io/static/v1?label=Product&message=hoverfly&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.10.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files. This issue was found using the Uncontrolled data used in path expression CodeQL query for python. Users are advised to make sure the final path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)`) is contained within the expected base path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, "/")`). This issue is also tracked as GHSL-2023-274. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 +- https://github.com/tequilasunsh1ne/Hoverfly_simulation_fileread + diff --git a/2024/CVE-2024-45389.md b/2024/CVE-2024-45389.md new file mode 100644 index 0000000000..eafdcbc681 --- /dev/null +++ b/2024/CVE-2024-45389.md @@ -0,0 +1,17 @@ +### [CVE-2024-45389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45389) +![](https://img.shields.io/static/v1?label=Product&message=pagefind&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of `document.currentScript.src`. Prior to Pagefind version 1.1.1, it is possible to "clobber" this lookup with otherwise benign HTML on the page. This will cause `document.currentScript.src` to resolve as an external domain, which will then be used by Pagefind to load dependencies. This exploit would only work in the case that an attacker could inject HTML to a live, hosted, website. In these cases, this would act as a way to escalate the privilege available to an attacker. This assumes they have the ability to add some elements to the page (for example, `img` tags with a `name` attribute), but not others, as adding a `script` to the page would itself be the cross-site scripting vector. Pagefind has tightened this resolution in version 1.1.1 by ensuring the source is loaded from a valid script element. There are no reports of this being exploited in the wild via Pagefind. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jackfromeast/dom-clobbering-collection + diff --git a/2024/CVE-2024-45397.md b/2024/CVE-2024-45397.md new file mode 100644 index 0000000000..14cd1fae5f --- /dev/null +++ b/2024/CVE-2024-45397.md @@ -0,0 +1,17 @@ +### [CVE-2024-45397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45397) +![](https://img.shields.io/static/v1?label=Product&message=h2o&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2015ed15a2efb83a77bb4baaa5a119e639c2f6898a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MWedl/http3-ip-spoofing + diff --git a/2024/CVE-2024-4540.md b/2024/CVE-2024-4540.md new file mode 100644 index 0000000000..f78d43c875 --- /dev/null +++ b/2024/CVE-2024-4540.md @@ -0,0 +1,24 @@ +### [CVE-2024-4540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4540) +![](https://img.shields.io/static/v1?label=Product&message=RHEL-8%20based%20Middleware%20Containers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2024&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/leoambrus/artefactswithoutCVEonGitHubAdvisoryDatabase + diff --git a/2024/CVE-2024-45402.md b/2024/CVE-2024-45402.md new file mode 100644 index 0000000000..6b9729fff4 --- /dev/null +++ b/2024/CVE-2024-45402.md @@ -0,0 +1,17 @@ +### [CVE-2024-45402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45402) +![](https://img.shields.io/static/v1?label=Product&message=picotls&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%209b88159ce763d680e4a13b6e8f3171ae923a535d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-415%3A%20Double%20Free&color=brighgreen) + +### Description + +Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/IES-Rafael-Alberti/Proyecto1_CybersecurityConsulting + diff --git a/2024/CVE-2024-45409.md b/2024/CVE-2024-45409.md new file mode 100644 index 0000000000..cb2952a2d8 --- /dev/null +++ b/2024/CVE-2024-45409.md @@ -0,0 +1,20 @@ +### [CVE-2024-45409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45409) +![](https://img.shields.io/static/v1?label=Product&message=ruby-saml&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.12.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-347%3A%20Improper%20Verification%20of%20Cryptographic%20Signature&color=brighgreen) + +### Description + +The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/Threekiii/CVE +- https://github.com/jefferya/saml_response_validator +- https://github.com/synacktiv/CVE-2024-45409 + diff --git a/2024/CVE-2024-45410.md b/2024/CVE-2024-45410.md new file mode 100644 index 0000000000..1a991f7257 --- /dev/null +++ b/2024/CVE-2024-45410.md @@ -0,0 +1,19 @@ +### [CVE-2024-45410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45410) +![](https://img.shields.io/static/v1?label=Product&message=traefik&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.11.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%3A%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-348%3A%20Use%20of%20Less%20Trusted%20Source&color=brighgreen) + +### Description + +Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hackthebox/business-ctf-2025 +- https://github.com/jphetphoumy/traefik-CVE-2024-45410-poc + diff --git a/2024/CVE-2024-45411.md b/2024/CVE-2024-45411.md new file mode 100644 index 0000000000..364ba92bc8 --- /dev/null +++ b/2024/CVE-2024-45411.md @@ -0,0 +1,17 @@ +### [CVE-2024-45411](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45411) +![](https://img.shields.io/static/v1?label=Product&message=Twig&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%201.0.0%2C%20%3C%201.44.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-693%3A%20Protection%20Mechanism%20Failure&color=brighgreen) + +### Description + +Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KatenKyoukotsu/devsecops + diff --git a/2024/CVE-2024-45412.md b/2024/CVE-2024-45412.md new file mode 100644 index 0000000000..8e80cd0e1c --- /dev/null +++ b/2024/CVE-2024-45412.md @@ -0,0 +1,17 @@ +### [CVE-2024-45412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45412) +![](https://img.shields.io/static/v1?label=Product&message=yeti&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.1.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial of service with attacks such as One Million Unicode payload. This can get worse with the use of special Unicode characters like U+2100 (℀), or U+2105 (℅) which could lead the payload size to be tripled. Versions prior to 2.1.11 are affected by this vulnerability. The patch is included in 2.1.11. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Sim4n6/Sim4n6 + diff --git a/2024/CVE-2024-45415.md b/2024/CVE-2024-45415.md new file mode 100644 index 0000000000..c733b125e4 --- /dev/null +++ b/2024/CVE-2024-45415.md @@ -0,0 +1,17 @@ +### [CVE-2024-45415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45415) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TasosY2K/zte-router-0day-rce + diff --git a/2024/CVE-2024-45416.md b/2024/CVE-2024-45416.md new file mode 100644 index 0000000000..599da899fc --- /dev/null +++ b/2024/CVE-2024-45416.md @@ -0,0 +1,17 @@ +### [CVE-2024-45416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45416) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TasosY2K/zte-router-0day-rce + diff --git a/2024/CVE-2024-45436.md b/2024/CVE-2024-45436.md index 2383350393..72cdba2d10 100644 --- a/2024/CVE-2024-45436.md +++ b/2024/CVE-2024-45436.md @@ -13,5 +13,13 @@ extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a No PoCs from references. #### Github +- https://github.com/XiaomingX/cve-2024-45436-exp +- https://github.com/XiaomingX/weekly +- https://github.com/badboy0/Ollama_Exploit_Tool +- https://github.com/dansarmiento/ollama_sql_runner - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/pankass/CVE-2024-37032_CVE-2024-45436 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/srcx404/CVE-2024-45436 +- https://github.com/wowtalon/LLM-Security diff --git a/2024/CVE-2024-45440.md b/2024/CVE-2024-45440.md new file mode 100644 index 0000000000..3170520356 --- /dev/null +++ b/2024/CVE-2024-45440.md @@ -0,0 +1,17 @@ +### [CVE-2024-45440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45440) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/w0r1i0g1ht/CVE-2024-45440 + diff --git a/2024/CVE-2024-45463.md b/2024/CVE-2024-45463.md new file mode 100644 index 0000000000..cdcc527ec4 --- /dev/null +++ b/2024/CVE-2024-45463.md @@ -0,0 +1,25 @@ +### [CVE-2024-45463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45463) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V2312&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Tecnomatix%20Plant%20Simulation%20V2302&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Tecnomatix%20Plant%20Simulation%20V2404&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.2.0.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.3.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2302.0016%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2312.0008%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2404.0005%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-45476.md b/2024/CVE-2024-45476.md new file mode 100644 index 0000000000..d18e865ebe --- /dev/null +++ b/2024/CVE-2024-45476.md @@ -0,0 +1,25 @@ +### [CVE-2024-45476](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45476) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V14.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Teamcenter%20Visualization%20V2312&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Tecnomatix%20Plant%20Simulation%20V2302&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Tecnomatix%20Plant%20Simulation%20V2404&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.2.0.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V14.3.0.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2302.0016%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2312.0008%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2404.0005%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) + +### Description + +A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/JsHuang/CVE-Assigned + diff --git a/2024/CVE-2024-45489.md b/2024/CVE-2024-45489.md new file mode 100644 index 0000000000..abbe51fce0 --- /dev/null +++ b/2024/CVE-2024-45489.md @@ -0,0 +1,18 @@ +### [CVE-2024-45489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45489) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. NOTE: this is a no-action cloud vulnerability with zero affected users. + +### POC + +#### Reference +- https://kibty.town/blog/arc/ +- https://news.ycombinator.com/item?id=41597250 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45490.md b/2024/CVE-2024-45490.md new file mode 100644 index 0000000000..d0a236ab73 --- /dev/null +++ b/2024/CVE-2024-45490.md @@ -0,0 +1,20 @@ +### [CVE-2024-45490](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Hubert2718/ImageWebhookScaner +- https://github.com/TaiYou-TW/TaiYou-TW +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/robertsirc/sle-bci-demo + diff --git a/2024/CVE-2024-45491.md b/2024/CVE-2024-45491.md index 910e275ae3..d243ed6e46 100644 --- a/2024/CVE-2024-45491.md +++ b/2024/CVE-2024-45491.md @@ -13,5 +13,14 @@ An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have No PoCs from references. #### Github +- https://github.com/Bchkh/gitops-project +- https://github.com/Dgporte/ExerciciosDockerPB2025 +- https://github.com/Hubert2718/ImageWebhookScaner +- https://github.com/Lennoxgonz/Docker-Container-Security-Hardening +- https://github.com/TaiYou-TW/TaiYou-TW +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/ere6u5/-containerization-security-assessment- - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ghostbyt3/patch-tuesday +- https://github.com/robertsirc/sle-bci-demo diff --git a/2024/CVE-2024-45492.md b/2024/CVE-2024-45492.md index e1c8577828..9adc6610f8 100644 --- a/2024/CVE-2024-45492.md +++ b/2024/CVE-2024-45492.md @@ -13,5 +13,11 @@ An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c No PoCs from references. #### Github +- https://github.com/Hubert2718/ImageWebhookScaner +- https://github.com/TaiYou-TW/TaiYou-TW +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/ere6u5/-containerization-security-assessment- - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ghostbyt3/patch-tuesday +- https://github.com/robertsirc/sle-bci-demo diff --git a/2024/CVE-2024-45498.md b/2024/CVE-2024-45498.md new file mode 100644 index 0000000000..3133935f57 --- /dev/null +++ b/2024/CVE-2024-45498.md @@ -0,0 +1,17 @@ +### [CVE-2024-45498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45498) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Airflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.10.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nhienit2010/nhienit2010 + diff --git a/2024/CVE-2024-45505.md b/2024/CVE-2024-45505.md new file mode 100644 index 0000000000..ac04b37ff3 --- /dev/null +++ b/2024/CVE-2024-45505.md @@ -0,0 +1,17 @@ +### [CVE-2024-45505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45505) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HertzBeat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).This vulnerability can only be exploited by authorized attackers.This issue affects Apache HertzBeat (incubating): before 1.6.1.Users are recommended to upgrade to version 1.6.1, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/yulate/yulate + diff --git a/2024/CVE-2024-45506.md b/2024/CVE-2024-45506.md new file mode 100644 index 0000000000..6f08b16c30 --- /dev/null +++ b/2024/CVE-2024-45506.md @@ -0,0 +1,17 @@ +### [CVE-2024-45506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45506) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024 + diff --git a/2024/CVE-2024-45507.md b/2024/CVE-2024-45507.md new file mode 100644 index 0000000000..bb8f1e02a9 --- /dev/null +++ b/2024/CVE-2024-45507.md @@ -0,0 +1,26 @@ +### [CVE-2024-45507](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45507) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20OFBiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2018.12.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.16.Users are recommended to upgrade to version 18.12.16, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Avento/CVE-2024-45507_Behinder_Webshell +- https://github.com/DoTTak/Apache-OFBiz-1-Day-Analysis +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Ostorlab/KEV +- https://github.com/Threekiii/Awesome-POC +- https://github.com/Threekiii/CVE +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/youan-dev/apache-ofbiz-scan + diff --git a/2024/CVE-2024-45519.md b/2024/CVE-2024-45519.md new file mode 100644 index 0000000000..cd633429ed --- /dev/null +++ b/2024/CVE-2024-45519.md @@ -0,0 +1,40 @@ +### [CVE-2024-45519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45519) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/Chocapikk/CVE-2024-45519 +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Michael-Meade/Links-Repository +- https://github.com/NCSC-NL/zimbra-webshell-scan +- https://github.com/Ostorlab/KEV +- https://github.com/XiaomingX/cve-2024-45519-poc +- https://github.com/adysec/POC +- https://github.com/brito101/lab-vuln +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/cleverg0d/CVEs +- https://github.com/defHawk-tech/CVEs +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/p33d/CVE-2024-45519 +- https://github.com/plbplbp/loudong001 +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/sec13b/CVE-2024-45519 +- https://github.com/tylzars/awesome-vrre-writeups + diff --git a/2024/CVE-2024-45589.md b/2024/CVE-2024-45589.md new file mode 100644 index 0000000000..0bd2db9a21 --- /dev/null +++ b/2024/CVE-2024-45589.md @@ -0,0 +1,17 @@ +### [CVE-2024-45589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45589) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. + +### POC + +#### Reference +- https://benrogozinski.github.io/CVE-2024-45589/ + +#### Github +- https://github.com/BenRogozinski/CVE-2024-45589 + diff --git a/2024/CVE-2024-45590.md b/2024/CVE-2024-45590.md new file mode 100644 index 0000000000..a8df4c208c --- /dev/null +++ b/2024/CVE-2024-45590.md @@ -0,0 +1,21 @@ +### [CVE-2024-45590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45590) +![](https://img.shields.io/static/v1?label=Product&message=body-parser&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.20.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-405%3A%20Asymmetric%20Resource%20Consumption%20(Amplification)&color=brighgreen) + +### Description + +body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Icare741/TPTrivy +- https://github.com/KatenKyoukotsu/devsecops +- https://github.com/andrewbearsley/lacework-sca-scan-example +- https://github.com/dhruvik-git/CVE-2024-45590 +- https://github.com/felipecruz91/biznagafest24 + diff --git a/2024/CVE-2024-45608.md b/2024/CVE-2024-45608.md new file mode 100644 index 0000000000..d606e0a8b0 --- /dev/null +++ b/2024/CVE-2024-45608.md @@ -0,0 +1,17 @@ +### [CVE-2024-45608](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45608) +![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%209.5.0%2C%20%3C%2010.0.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bkatapi/Advisories + diff --git a/2024/CVE-2024-45614.md b/2024/CVE-2024-45614.md new file mode 100644 index 0000000000..ce252cd0e0 --- /dev/null +++ b/2024/CVE-2024-45614.md @@ -0,0 +1,17 @@ +### [CVE-2024-45614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45614) +![](https://img.shields.io/static/v1?label=Product&message=puma&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%206.0.0%2C%20%3C%206.4.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now discards any headers using underscores if the non-underscore version also exists. Effectively, allowing the proxy defined headers to always win. Users are advised to upgrade. Nginx has a underscores_in_headers configuration variable to discard these headers at the proxy level as a mitigation. Any users that are implicitly trusting the proxy defined headers for security should immediately cease doing so until upgraded to the fixed versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ooooooo-q/puma_header_normalization-CVE-2024-45614 + diff --git a/2024/CVE-2024-45622.md b/2024/CVE-2024-45622.md new file mode 100644 index 0000000000..9c43820ac0 --- /dev/null +++ b/2024/CVE-2024-45622.md @@ -0,0 +1,17 @@ +### [CVE-2024-45622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45622) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-45623.md b/2024/CVE-2024-45623.md new file mode 100644 index 0000000000..1648edaa2e --- /dev/null +++ b/2024/CVE-2024-45623.md @@ -0,0 +1,17 @@ +### [CVE-2024-45623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45623) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + +### POC + +#### Reference +- https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10406 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45678.md b/2024/CVE-2024-45678.md new file mode 100644 index 0000000000..69ea600770 --- /dev/null +++ b/2024/CVE-2024-45678.md @@ -0,0 +1,18 @@ +### [CVE-2024-45678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45678) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected. + +### POC + +#### Reference +- https://news.ycombinator.com/item?id=41434500 +- https://support.yubico.com/hc/en-us/articles/15705749884444 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45691.md b/2024/CVE-2024-45691.md new file mode 100644 index 0000000000..7cd6d46313 --- /dev/null +++ b/2024/CVE-2024-45691.md @@ -0,0 +1,17 @@ +### [CVE-2024-45691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45691) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-45699.md b/2024/CVE-2024-45699.md new file mode 100644 index 0000000000..9b9c04b40a --- /dev/null +++ b/2024/CVE-2024-45699.md @@ -0,0 +1,17 @@ +### [CVE-2024-45699](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45699) +![](https://img.shields.io/static/v1?label=Product&message=Zabbix&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/milo2012/CVE-PoCs + diff --git a/2024/CVE-2024-45712.md b/2024/CVE-2024-45712.md new file mode 100644 index 0000000000..46a4992423 --- /dev/null +++ b/2024/CVE-2024-45712.md @@ -0,0 +1,17 @@ +### [CVE-2024-45712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45712) +![](https://img.shields.io/static/v1?label=Product&message=Serv-U&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Serv-U%2015.5%20and%20previous%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Teexo/woocommerce_scanner + diff --git a/2024/CVE-2024-45752.md b/2024/CVE-2024-45752.md new file mode 100644 index 0000000000..b3331eb3ae --- /dev/null +++ b/2024/CVE-2024-45752.md @@ -0,0 +1,17 @@ +### [CVE-2024-45752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45752) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. + +### POC + +#### Reference +- https://bugzilla.suse.com/show_bug.cgi?id=1226598 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4577.md b/2024/CVE-2024-4577.md index 05799e2dd4..de740de5d8 100644 --- a/2024/CVE-2024-4577.md +++ b/2024/CVE-2024-4577.md @@ -13,61 +13,155 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w - https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - https://github.com/11whoami99/CVE-2024-4577 +- https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv - https://github.com/watchtowrlabs/CVE-2024-4577 - https://github.com/xcanwin/CVE-2024-4577-PHP-RCE - https://isc.sans.edu/diary/30994 - https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ #### Github +- https://github.com/0day404/HV-2024-POC - https://github.com/0x20c/CVE-2024-4577-nuclei - https://github.com/0xMarcio/cve - https://github.com/0xsyr0/OSCP - https://github.com/11whoami99/CVE-2024-4577 +- https://github.com/12442RF/POC +- https://github.com/AMatheusFeitosaM/OSCP-Cheat +- https://github.com/AboSteam/POPC +- https://github.com/AlperenY-cs/CVE-2024-4577 +- https://github.com/Andromeda254/cve +- https://github.com/Antix28/cybersecurity-labs-log +- https://github.com/BTtea/BTteaLFI +- https://github.com/BTtea/CVE-2024-4577-RCE-PoC +- https://github.com/ChalkingCode/ExploitedDucks - https://github.com/Chocapikk/CVE-2024-4577 +- https://github.com/Chw41/Profile +- https://github.com/CirqueiraDev/MassExploit-CVE-2024-4577 +- https://github.com/DMW11525708/wiki - https://github.com/DeePingXian/DPX_Discord_Bot +- https://github.com/Dejavu666/CVE-2024-4577 +- https://github.com/Didarul342/CVE-2024-4577 +- https://github.com/Entropt/CVE-2024-4577_Analysis +- https://github.com/Faizan-Khanx/OSCP - https://github.com/GhostTroops/TOP +- https://github.com/Gill-Singh-A/CVE-2024-4577-Exploit +- https://github.com/Ianthinus/CVE-2024-4577 +- https://github.com/InfoSec-DB/PHPCGIScanner +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Jcccccx/CVE-2024-4577 +- https://github.com/JeninSutradhar/CVE-2024-4577-checker - https://github.com/Junp0/CVE-2024-4577 - https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT - https://github.com/K3ysTr0K3R/K3ysTr0K3R +- https://github.com/Kazusa613732/Hitmap-ver.1 +- https://github.com/KimJuhyeong95/cve-2024-4577 +- https://github.com/Lab2RKSB/PraktikHack +- https://github.com/LeonardoE95/yt-en +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Night-have-dreams/php-cgi-Injector - https://github.com/Ostorlab/KEV +- https://github.com/PhinehasNarh/CVE-2024-4577-LetsDefend-walkthrough +- https://github.com/Ra1n-60W/CVE-2024-4577 +- https://github.com/ReflectedThanatos/OSCP-cheatsheet +- https://github.com/SantoriuHen/NotesHck +- https://github.com/SecurityReviewed/SecurityReviewed.github.io - https://github.com/Sh0ckFR/CVE-2024-4577 +- https://github.com/Skycritch/CVE-2024-4577 - https://github.com/Sysc4ll3r/CVE-2024-4577 - https://github.com/TAM-K592/CVE-2024-4577 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE +- https://github.com/TopekoX/belajar-ethical-hacking - https://github.com/TrojanAZhen/Self_Back +- https://github.com/VictorShem/CVE-2024-4577 +- https://github.com/VishuGahlyan/OSCP - https://github.com/WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP - https://github.com/Wh02m1/CVE-2024-4577 +- https://github.com/WhosGa/MyWiki - https://github.com/XiangDongCJC/CVE-2024-4577-PHP-CGI-RCE +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/Yuan08o/pocs - https://github.com/Yukiioz/CVE-2024-4577 - https://github.com/ZephrFish/CVE-2024-4577-PHP-RCE +- https://github.com/a-roshbaik/CVE-2024-4577-PHP-RCE +- https://github.com/a1ex-var1amov/ctf-cve-2024-4577 - https://github.com/aaddmin1122345/CVE-2024-4577-POC +- https://github.com/aaddmin1122345/cve-2024-4577 +- https://github.com/admin772/POC +- https://github.com/adminlove520/pocWiki +- https://github.com/adysec/POC +- https://github.com/ahmetramazank/CVE-2024-4577 +- https://github.com/bibo318/CVE-2024-4577-RCE-ATTACK +- https://github.com/bibo318/Cyberbugs-Tracker - https://github.com/bl4cksku11/CVE-2024-4577 +- https://github.com/bughuntar/CVE-2024-4577 +- https://github.com/byteReaper77/CVE-2024-4577 - https://github.com/charis3306/CVE-2024-4577 +- https://github.com/cihan-atas/cyberexam-rooms +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/d3ck4/Shodan-CVE-2024-4577 - https://github.com/dbyMelina/CVE-2024-4577 +- https://github.com/dcakaric/Homework_RL +- https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist +- https://github.com/eagerapps/CVE-2024-4577 +- https://github.com/eeeeeeeeee-code/POC - https://github.com/enomothem/PenTestNote +- https://github.com/eugene-lim/tisc-2024-writeup +- https://github.com/fazilbaig1/oscp - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/fliggyaa/fscanpoc +- https://github.com/ggfzx/CVE-2024-4577 +- https://github.com/gh-ost00/CVE-2024-4577-RCE +- https://github.com/gmh5225/CVE-2024-4577-PHP-RCE - https://github.com/gotr00t0day/CVE-2024-4577 +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/hexedbyte/cve-2024-4577 - https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template +- https://github.com/ibrahmsql/CVE-2024-4577 +- https://github.com/ibrahmsql/CyberSecurity101-Roadmap +- https://github.com/iemotion/POC +- https://github.com/ildefonso0/php-7.2.34-CVE-2024 - https://github.com/it-t4mpan/check_cve_2024_4577.sh +- https://github.com/jakabakos/CVE-2024-4577-PHP-CGI-argument-injection-RCE +- https://github.com/l0n3m4n/CVE-2024-4577-RCE +- https://github.com/laoa1573/wy876 +- https://github.com/longhoangth18/CVE-2024-4577 +- https://github.com/mananjain61/PHP-CGI-INTERNAL-RCE - https://github.com/manuelinfosec/CVE-2024-4577 +- https://github.com/nemu1k5ma/CVE-2024-4577 - https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oLy0/Vulnerability - https://github.com/ohhhh693/CVE-2024-4577 +- https://github.com/okostine-panw/pc_scripts +- https://github.com/olebris/CVE-2024-4577 - https://github.com/onewinner/POCS - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main +- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance +- https://github.com/phirojshah/CVE-2024-4577 +- https://github.com/plzheheplztrying/cve_monitor - https://github.com/princew88/CVE-2024-4577 +- https://github.com/r0otk3r/CVE-2024-4577 +- https://github.com/roomkangali/DursVulnNSE +- https://github.com/stupiddonut602/Hacktools +- https://github.com/sug4r-wr41th/CVE-2024-4577 - https://github.com/taida957789/CVE-2024-4577 - https://github.com/tanjiti/sec_profile - https://github.com/teamdArk5/Sword +- https://github.com/tk-1001/PHPexploit_pack +- https://github.com/tntrock/CVE-2024-4577_PowerShell +- https://github.com/tpdlshdmlrkfmcla/php-cgi-cve-2024-4577 - https://github.com/trganda/starrlist - https://github.com/vwilzz/PHP-RCE-4577 - https://github.com/watchtowrlabs/CVE-2024-4577 +- https://github.com/wilss0n/CVE-2024-4577 - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/wy876/wiki - https://github.com/xcanwin/CVE-2024-4577-PHP-RCE +- https://github.com/ywChen-NTUST/PHP-CGI-RCE-Scanner - https://github.com/zomasec/CVE-2024-4577 +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-45771.md b/2024/CVE-2024-45771.md new file mode 100644 index 0000000000..e1a4c4def5 --- /dev/null +++ b/2024/CVE-2024-45771.md @@ -0,0 +1,17 @@ +### [CVE-2024-45771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45771) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-45774.md b/2024/CVE-2024-45774.md new file mode 100644 index 0000000000..7e0c112fab --- /dev/null +++ b/2024/CVE-2024-45774.md @@ -0,0 +1,20 @@ +### [CVE-2024-45774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45774) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Write&color=brighgreen) + +### Description + +A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CyberSecAI/KeyPhraseExtraction + diff --git a/2024/CVE-2024-4579.md b/2024/CVE-2024-4579.md new file mode 100644 index 0000000000..9b40aff9bf --- /dev/null +++ b/2024/CVE-2024-4579.md @@ -0,0 +1,17 @@ +### [CVE-2024-4579](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4579) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4295. Reason: This candidate is a reservation duplicate of CVE-2024-4295. Notes: All CVE users should reference CVE-2024-4295 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/varunshinde/RedhatCVEChecker + diff --git a/2024/CVE-2024-45794.md b/2024/CVE-2024-45794.md new file mode 100644 index 0000000000..c42f83cc3f --- /dev/null +++ b/2024/CVE-2024-45794.md @@ -0,0 +1,17 @@ +### [CVE-2024-45794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45794) +![](https://img.shields.io/static/v1?label=Product&message=devtron&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45802.md b/2024/CVE-2024-45802.md new file mode 100644 index 0000000000..08179ea35b --- /dev/null +++ b/2024/CVE-2024-45802.md @@ -0,0 +1,17 @@ +### [CVE-2024-45802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45802) +![](https://img.shields.io/static/v1?label=Product&message=squid&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.0%2C%20%3C%206.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MegaManSec/Squid-Security-Audit + diff --git a/2024/CVE-2024-45803.md b/2024/CVE-2024-45803.md new file mode 100644 index 0000000000..5b5b57953b --- /dev/null +++ b/2024/CVE-2024-45803.md @@ -0,0 +1,17 @@ +### [CVE-2024-45803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45803) +![](https://img.shields.io/static/v1?label=Product&message=wireui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.19.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/button` endpoint, specifically through the `label` query parameter. Malicious actors could exploit this vulnerability by injecting JavaScript into the `label` parameter, leading to the execution of arbitrary code in the victim's browser. The `/wireui/button` endpoint dynamically renders button labels based on user-provided input via the `label` query parameter. Due to insufficient sanitization or escaping of this input, an attacker can inject malicious JavaScript. By crafting such a request, an attacker can inject arbitrary code that will be executed by the browser when the endpoint is accessed. If exploited, this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the affected website. This could lead to: **Session Hijacking**: Stealing session cookies, tokens, or other sensitive information. **User Impersonation**: Performing unauthorized actions on behalf of authenticated users. **Phishing**: Redirecting users to malicious websites. **Content Manipulation**: Altering the appearance or behavior of the affected page to mislead users or execute further attacks. The severity of this vulnerability depends on the context of where the affected component is used, but in all cases, it poses a significant risk to user security. This issue has been addressed in release versions 1.19.3 and 2.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/wireui/wireui/security/advisories/GHSA-rw5h-g8xq-6877 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45806.md b/2024/CVE-2024-45806.md new file mode 100644 index 0000000000..3023f20e8c --- /dev/null +++ b/2024/CVE-2024-45806.md @@ -0,0 +1,17 @@ +### [CVE-2024-45806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45806) +![](https://img.shields.io/static/v1?label=Product&message=envoy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.31.0%2C%20%3C%201.31.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45812.md b/2024/CVE-2024-45812.md new file mode 100644 index 0000000000..bbb6d0867e --- /dev/null +++ b/2024/CVE-2024-45812.md @@ -0,0 +1,17 @@ +### [CVE-2024-45812](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45812) +![](https://img.shields.io/static/v1?label=Product&message=vite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%205.4.0%2C%20%3C%205.4.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jackfromeast/dom-clobbering-collection + diff --git a/2024/CVE-2024-45827.md b/2024/CVE-2024-45827.md new file mode 100644 index 0000000000..0236ff102e --- /dev/null +++ b/2024/CVE-2024-45827.md @@ -0,0 +1,17 @@ +### [CVE-2024-45827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45827) +![](https://img.shields.io/static/v1?label=Product&message=Mesh%20Wi-Fi%20router%20RP562B&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20firmware%20version%20v1.0.2%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20neutralization%20of%20special%20elements%20used%20in%20an%20OS%20command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xNslabs/SoftBankMeshAPI + diff --git a/2024/CVE-2024-45848.md b/2024/CVE-2024-45848.md new file mode 100644 index 0000000000..258e3c999f --- /dev/null +++ b/2024/CVE-2024-45848.md @@ -0,0 +1,17 @@ +### [CVE-2024-45848](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45848) +![](https://img.shields.io/static/v1?label=Product&message=mindsdb&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=23.12.4.0%3C%2024.7.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-95%20Improper%20Neutralization%20of%20Directives%20in%20Dynamically%20Evaluated%20Code%20('Eval%20Injection')&color=brighgreen) + +### Description + +An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tejas-rkd/threat-inspector + diff --git a/2024/CVE-2024-45870.md b/2024/CVE-2024-45870.md new file mode 100644 index 0000000000..75ab39c5ee --- /dev/null +++ b/2024/CVE-2024-45870.md @@ -0,0 +1,20 @@ +### [CVE-2024-45870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45870) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GAP-dev/GAP-dev +- https://github.com/bshyuunn/bandiview-7.05-vuln-PoC +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-45871.md b/2024/CVE-2024-45871.md new file mode 100644 index 0000000000..85094864ca --- /dev/null +++ b/2024/CVE-2024-45871.md @@ -0,0 +1,20 @@ +### [CVE-2024-45871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45871) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GAP-dev/GAP-dev +- https://github.com/bshyuunn/bandiview-7.05-vuln-PoC +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-45872.md b/2024/CVE-2024-45872.md new file mode 100644 index 0000000000..6daf40fd10 --- /dev/null +++ b/2024/CVE-2024-45872.md @@ -0,0 +1,20 @@ +### [CVE-2024-45872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45872) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GAP-dev/GAP-dev +- https://github.com/bshyuunn/bandiview-7.05-vuln-PoC +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-45875.md b/2024/CVE-2024-45875.md new file mode 100644 index 0000000000..63b6ec4499 --- /dev/null +++ b/2024/CVE-2024-45875.md @@ -0,0 +1,17 @@ +### [CVE-2024-45875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45875) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixed in version1.35.291), in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries. + +### POC + +#### Reference +- https://cyber.wtf/2024/11/11/topqw-webportal-cves/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45876.md b/2024/CVE-2024-45876.md new file mode 100644 index 0000000000..21fad6f5d3 --- /dev/null +++ b/2024/CVE-2024-45876.md @@ -0,0 +1,17 @@ +### [CVE-2024-45876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45876) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries. + +### POC + +#### Reference +- https://cyber.wtf/2024/11/11/topqw-webportal-cves/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45877.md b/2024/CVE-2024-45877.md new file mode 100644 index 0000000000..38b3a0760d --- /dev/null +++ b/2024/CVE-2024-45877.md @@ -0,0 +1,17 @@ +### [CVE-2024-45877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45877) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data. + +### POC + +#### Reference +- https://cyber.wtf/2024/11/11/topqw-webportal-cves/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45878.md b/2024/CVE-2024-45878.md new file mode 100644 index 0000000000..ed7f16c973 --- /dev/null +++ b/2024/CVE-2024-45878.md @@ -0,0 +1,17 @@ +### [CVE-2024-45878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45878) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.291), in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting (XSS). + +### POC + +#### Reference +- https://cyber.wtf/2024/11/11/topqw-webportal-cves/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45879.md b/2024/CVE-2024-45879.md new file mode 100644 index 0000000000..7c100d1dc3 --- /dev/null +++ b/2024/CVE-2024-45879.md @@ -0,0 +1,17 @@ +### [CVE-2024-45879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45879) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerability, an attacker has to be authenticated to the application that uses the "TOPqw Webportal" as a software. When authenticated, the attacker can persistently place the malicious JavaScript code in the "QWKalkulation" menu.' + +### POC + +#### Reference +- https://cyber.wtf/2024/11/11/topqw-webportal-cves/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45880.md b/2024/CVE-2024-45880.md new file mode 100644 index 0000000000..7e7ae93388 --- /dev/null +++ b/2024/CVE-2024-45880.md @@ -0,0 +1,17 @@ +### [CVE-2024-45880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45880) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/N1nEmAn/N1nEmAn + diff --git a/2024/CVE-2024-4591.md b/2024/CVE-2024-4591.md index 8aefbe9871..0028c90430 100644 --- a/2024/CVE-2024-4591.md +++ b/2024/CVE-2024-4591.md @@ -11,6 +11,7 @@ A vulnerability classified as problematic has been found in DedeCMS 5.7. This af #### Reference - https://github.com/Hckwzh/cms/blob/main/22.md +- https://vuldb.com/?id.263313 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-45918.md b/2024/CVE-2024-45918.md new file mode 100644 index 0000000000..f69dbc7b79 --- /dev/null +++ b/2024/CVE-2024-45918.md @@ -0,0 +1,17 @@ +### [CVE-2024-45918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45918) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. + +### POC + +#### Reference +- https://www.kirisun.com/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45932.md b/2024/CVE-2024-45932.md new file mode 100644 index 0000000000..f7cc042898 --- /dev/null +++ b/2024/CVE-2024-45932.md @@ -0,0 +1,17 @@ +### [CVE-2024-45932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45932) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AslamMahi/AslamMahi + diff --git a/2024/CVE-2024-45933.md b/2024/CVE-2024-45933.md new file mode 100644 index 0000000000..708f93badb --- /dev/null +++ b/2024/CVE-2024-45933.md @@ -0,0 +1,17 @@ +### [CVE-2024-45933](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45933) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AslamMahi/AslamMahi + diff --git a/2024/CVE-2024-45944.md b/2024/CVE-2024-45944.md new file mode 100644 index 0000000000..a5c5586f7e --- /dev/null +++ b/2024/CVE-2024-45944.md @@ -0,0 +1,17 @@ +### [CVE-2024-45944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45944) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lazy-forever/CVE-Reference + diff --git a/2024/CVE-2024-45960.md b/2024/CVE-2024-45960.md new file mode 100644 index 0000000000..150f5a0739 --- /dev/null +++ b/2024/CVE-2024-45960.md @@ -0,0 +1,17 @@ +### [CVE-2024-45960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45960) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack. + +### POC + +#### Reference +- https://grimthereaperteam.medium.com/zenario-9-7-9-7-61188-malicious-file-upload-xss-in-pdf-eb11729fe059 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45962.md b/2024/CVE-2024-45962.md new file mode 100644 index 0000000000..0943080c8d --- /dev/null +++ b/2024/CVE-2024-45962.md @@ -0,0 +1,17 @@ +### [CVE-2024-45962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45962) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. + +### POC + +#### Reference +- https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45964.md b/2024/CVE-2024-45964.md new file mode 100644 index 0000000000..d1655ea4ff --- /dev/null +++ b/2024/CVE-2024-45964.md @@ -0,0 +1,17 @@ +### [CVE-2024-45964](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45964) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. + +### POC + +#### Reference +- https://grimthereaperteam.medium.com/zenario-9-7-61188-reflect-xss-bee4ab9187e7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-45999.md b/2024/CVE-2024-45999.md new file mode 100644 index 0000000000..c2ca3f0f0c --- /dev/null +++ b/2024/CVE-2024-45999.md @@ -0,0 +1,17 @@ +### [CVE-2024-45999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45999) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-4603.md b/2024/CVE-2024-4603.md index 309629ce51..f9ac9a64e3 100644 --- a/2024/CVE-2024-4603.md +++ b/2024/CVE-2024-4603.md @@ -1,7 +1,7 @@ ### [CVE-2024-4603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4603) ![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%203.0.14%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Excessive%20Iteration&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-606%20Unchecked%20Input%20for%20Loop%20Condition&color=brighgreen) ### Description @@ -13,7 +13,9 @@ Issue summary: Checking excessively long DSA keys or parameters may be veryslow. No PoCs from references. #### Github +- https://github.com/ardhiatno/ubimicro-fluentbit - https://github.com/bcgov/jag-cdds - https://github.com/chnzzh/OpenSSL-CVE-lib - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/jtgorny/cve-scanning diff --git a/2024/CVE-2024-46040.md b/2024/CVE-2024-46040.md new file mode 100644 index 0000000000..5a3601a449 --- /dev/null +++ b/2024/CVE-2024-46040.md @@ -0,0 +1,17 @@ +### [CVE-2024-46040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46040) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Anonymous120386/Anonymous + diff --git a/2024/CVE-2024-46041.md b/2024/CVE-2024-46041.md new file mode 100644 index 0000000000..49d5472c92 --- /dev/null +++ b/2024/CVE-2024-46041.md @@ -0,0 +1,17 @@ +### [CVE-2024-46041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46041) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Anonymous120386/Anonymous + diff --git a/2024/CVE-2024-46054.md b/2024/CVE-2024-46054.md new file mode 100644 index 0000000000..c32b5a8072 --- /dev/null +++ b/2024/CVE-2024-46054.md @@ -0,0 +1,17 @@ +### [CVE-2024-46054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46054) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/b1d0ws/CVEs + diff --git a/2024/CVE-2024-46055.md b/2024/CVE-2024-46055.md new file mode 100644 index 0000000000..d34377513f --- /dev/null +++ b/2024/CVE-2024-46055.md @@ -0,0 +1,17 @@ +### [CVE-2024-46055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46055) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/b1d0ws/CVEs + diff --git a/2024/CVE-2024-46079.md b/2024/CVE-2024-46079.md new file mode 100644 index 0000000000..1271f915ba --- /dev/null +++ b/2024/CVE-2024-46079.md @@ -0,0 +1,17 @@ +### [CVE-2024-46079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46079) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. + +### POC + +#### Reference +- https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-xss/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46081.md b/2024/CVE-2024-46081.md new file mode 100644 index 0000000000..8678aad3ec --- /dev/null +++ b/2024/CVE-2024-46081.md @@ -0,0 +1,17 @@ +### [CVE-2024-46081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46081) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform. + +### POC + +#### Reference +- https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-xss/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46082.md b/2024/CVE-2024-46082.md new file mode 100644 index 0000000000..ae9480c208 --- /dev/null +++ b/2024/CVE-2024-46082.md @@ -0,0 +1,17 @@ +### [CVE-2024-46082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46082) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. + +### POC + +#### Reference +- https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-xss/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46083.md b/2024/CVE-2024-46083.md new file mode 100644 index 0000000000..18a4a07e6b --- /dev/null +++ b/2024/CVE-2024-46083.md @@ -0,0 +1,17 @@ +### [CVE-2024-46083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46083) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users. + +### POC + +#### Reference +- https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-xss/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4610.md b/2024/CVE-2024-4610.md index 0d5c434d39..2fdf564994 100644 --- a/2024/CVE-2024-4610.md +++ b/2024/CVE-2024-4610.md @@ -14,5 +14,7 @@ Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valha No PoCs from references. #### Github +- https://github.com/ChalkingCode/ExploitedDucks +- https://github.com/CyberSecAI/cve_info - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-46103.md b/2024/CVE-2024-46103.md new file mode 100644 index 0000000000..d004290f78 --- /dev/null +++ b/2024/CVE-2024-46103.md @@ -0,0 +1,17 @@ +### [CVE-2024-46103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46103) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-46209.md b/2024/CVE-2024-46209.md new file mode 100644 index 0000000000..f1a0b39c74 --- /dev/null +++ b/2024/CVE-2024-46209.md @@ -0,0 +1,17 @@ +### [CVE-2024-46209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46209) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h4ckr4v3n/CVE-2024-46209 + diff --git a/2024/CVE-2024-46210.md b/2024/CVE-2024-46210.md new file mode 100644 index 0000000000..2ef3cb3c44 --- /dev/null +++ b/2024/CVE-2024-46210.md @@ -0,0 +1,17 @@ +### [CVE-2024-46210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46210) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h4ckr4v3n/CVE-2024-46209 + diff --git a/2024/CVE-2024-46226.md b/2024/CVE-2024-46226.md new file mode 100644 index 0000000000..6f8ca1d6b0 --- /dev/null +++ b/2024/CVE-2024-46226.md @@ -0,0 +1,17 @@ +### [CVE-2024-46226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46226) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket. + +### POC + +#### Reference +- https://www.exploit-db.com/exploits/52068 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46242.md b/2024/CVE-2024-46242.md new file mode 100644 index 0000000000..21223fa8e7 --- /dev/null +++ b/2024/CVE-2024-46242.md @@ -0,0 +1,17 @@ +### [CVE-2024-46242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46242) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/salvatore-abello/salvatore-abello + diff --git a/2024/CVE-2024-46256.md b/2024/CVE-2024-46256.md new file mode 100644 index 0000000000..c4d2c42238 --- /dev/null +++ b/2024/CVE-2024-46256.md @@ -0,0 +1,18 @@ +### [CVE-2024-46256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46256) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/barttran2k/POC_CVE-2024-46256 +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-46257.md b/2024/CVE-2024-46257.md new file mode 100644 index 0000000000..48b66df01b --- /dev/null +++ b/2024/CVE-2024-46257.md @@ -0,0 +1,18 @@ +### [CVE-2024-46257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46257) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/barttran2k/POC_CVE-2024-46256 +- https://github.com/zhanpengliu-tencent/medium-cve + diff --git a/2024/CVE-2024-46278.md b/2024/CVE-2024-46278.md new file mode 100644 index 0000000000..5f6513a3ab --- /dev/null +++ b/2024/CVE-2024-46278.md @@ -0,0 +1,17 @@ +### [CVE-2024-46278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46278) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ayato-shitomi/CVE-2024-46278-teedy_1.11_account-takeover + diff --git a/2024/CVE-2024-46280.md b/2024/CVE-2024-46280.md new file mode 100644 index 0000000000..6e0e204897 --- /dev/null +++ b/2024/CVE-2024-46280.md @@ -0,0 +1,17 @@ +### [CVE-2024-46280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46280) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them. + +### POC + +#### Reference +- https://0xmupa.github.io/pixlink-weak-telnet + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4629.md b/2024/CVE-2024-4629.md new file mode 100644 index 0000000000..2f246820b8 --- /dev/null +++ b/2024/CVE-2024-4629.md @@ -0,0 +1,24 @@ +### [CVE-2024-4629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4629) +![](https://img.shields.io/static/v1?label=Product&message=RHEL-8%20based%20Middleware%20Containers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Enforcement%20of%20a%20Single%2C%20Unique%20Action&color=brighgreen) + +### Description + +A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hnsecurity/vulns + diff --git a/2024/CVE-2024-46292.md b/2024/CVE-2024-46292.md new file mode 100644 index 0000000000..9c4b69917b --- /dev/null +++ b/2024/CVE-2024-46292.md @@ -0,0 +1,17 @@ +### [CVE-2024-46292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46292) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue). + +### POC + +#### Reference +- https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46300.md b/2024/CVE-2024-46300.md new file mode 100644 index 0000000000..fd33f25d7e --- /dev/null +++ b/2024/CVE-2024-46300.md @@ -0,0 +1,17 @@ +### [CVE-2024-46300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46300) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. + +### POC + +#### Reference +- https://portswigger.net/web-security/cross-site-scripting/stored + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46310.md b/2024/CVE-2024-46310.md new file mode 100644 index 0000000000..072cbbeb3b --- /dev/null +++ b/2024/CVE-2024-46310.md @@ -0,0 +1,17 @@ +### [CVE-2024-46310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46310) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/PRX5Y/CVE-2024-46310 + diff --git a/2024/CVE-2024-46313.md b/2024/CVE-2024-46313.md new file mode 100644 index 0000000000..e43b38b28d --- /dev/null +++ b/2024/CVE-2024-46313.md @@ -0,0 +1,17 @@ +### [CVE-2024-46313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46313) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gh-ost00/IOT-Vulnerable_POC + diff --git a/2024/CVE-2024-46325.md b/2024/CVE-2024-46325.md new file mode 100644 index 0000000000..c8d9e001f3 --- /dev/null +++ b/2024/CVE-2024-46325.md @@ -0,0 +1,17 @@ +### [CVE-2024-46325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46325) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gh-ost00/IOT-Vulnerable_POC + diff --git a/2024/CVE-2024-46326.md b/2024/CVE-2024-46326.md new file mode 100644 index 0000000000..d71b8221fd --- /dev/null +++ b/2024/CVE-2024-46326.md @@ -0,0 +1,17 @@ +### [CVE-2024-46326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46326) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. + +### POC + +#### Reference +- https://drive.google.com/file/d/1AVVw1aibDPBHakU8eTpCA6hna5Ecg2UJ/view + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46374.md b/2024/CVE-2024-46374.md new file mode 100644 index 0000000000..4674104ac7 --- /dev/null +++ b/2024/CVE-2024-46374.md @@ -0,0 +1,17 @@ +### [CVE-2024-46374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46374) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-46377.md b/2024/CVE-2024-46377.md new file mode 100644 index 0000000000..ea023f4d9c --- /dev/null +++ b/2024/CVE-2024-46377.md @@ -0,0 +1,17 @@ +### [CVE-2024-46377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46377) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vidura2/CVE-2024-46377 + diff --git a/2024/CVE-2024-46382.md b/2024/CVE-2024-46382.md new file mode 100644 index 0000000000..5b78cf1175 --- /dev/null +++ b/2024/CVE-2024-46382.md @@ -0,0 +1,17 @@ +### [CVE-2024-46382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46382) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-46383.md b/2024/CVE-2024-46383.md new file mode 100644 index 0000000000..6f6857f0dd --- /dev/null +++ b/2024/CVE-2024-46383.md @@ -0,0 +1,17 @@ +### [CVE-2024-46383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46383) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383 + diff --git a/2024/CVE-2024-46419.md b/2024/CVE-2024-46419.md new file mode 100644 index 0000000000..05c2f2f7c2 --- /dev/null +++ b/2024/CVE-2024-46419.md @@ -0,0 +1,17 @@ +### [CVE-2024-46419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46419) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable + diff --git a/2024/CVE-2024-46424.md b/2024/CVE-2024-46424.md new file mode 100644 index 0000000000..2645789fbb --- /dev/null +++ b/2024/CVE-2024-46424.md @@ -0,0 +1,17 @@ +### [CVE-2024-46424](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46424) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TTTJJJWWW/AHU-IoT-vulnerable + diff --git a/2024/CVE-2024-46429.md b/2024/CVE-2024-46429.md new file mode 100644 index 0000000000..38d2cce110 --- /dev/null +++ b/2024/CVE-2024-46429.md @@ -0,0 +1,17 @@ +### [CVE-2024-46429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46429) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46430.md b/2024/CVE-2024-46430.md new file mode 100644 index 0000000000..44473a8dc4 --- /dev/null +++ b/2024/CVE-2024-46430.md @@ -0,0 +1,17 @@ +### [CVE-2024-46430](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46430) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46431.md b/2024/CVE-2024-46431.md new file mode 100644 index 0000000000..97afaa8c6e --- /dev/null +++ b/2024/CVE-2024-46431.md @@ -0,0 +1,17 @@ +### [CVE-2024-46431](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46431) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46432.md b/2024/CVE-2024-46432.md new file mode 100644 index 0000000000..81e376199f --- /dev/null +++ b/2024/CVE-2024-46432.md @@ -0,0 +1,17 @@ +### [CVE-2024-46432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46432) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46433.md b/2024/CVE-2024-46433.md new file mode 100644 index 0000000000..9af6f5148b --- /dev/null +++ b/2024/CVE-2024-46433.md @@ -0,0 +1,17 @@ +### [CVE-2024-46433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46433) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46434.md b/2024/CVE-2024-46434.md new file mode 100644 index 0000000000..f856a866dc --- /dev/null +++ b/2024/CVE-2024-46434.md @@ -0,0 +1,17 @@ +### [CVE-2024-46434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46434) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46435.md b/2024/CVE-2024-46435.md new file mode 100644 index 0000000000..74713c9072 --- /dev/null +++ b/2024/CVE-2024-46435.md @@ -0,0 +1,17 @@ +### [CVE-2024-46435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46435) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46436.md b/2024/CVE-2024-46436.md new file mode 100644 index 0000000000..0d3fa49232 --- /dev/null +++ b/2024/CVE-2024-46436.md @@ -0,0 +1,17 @@ +### [CVE-2024-46436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46436) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46437.md b/2024/CVE-2024-46437.md new file mode 100644 index 0000000000..04a5c42f4d --- /dev/null +++ b/2024/CVE-2024-46437.md @@ -0,0 +1,17 @@ +### [CVE-2024-46437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46437) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks. + +### POC + +#### Reference +- https://reddassolutions.com/blog/tenda_w18e_security_research + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46442.md b/2024/CVE-2024-46442.md new file mode 100644 index 0000000000..169ceac74e --- /dev/null +++ b/2024/CVE-2024-46442.md @@ -0,0 +1,17 @@ +### [CVE-2024-46442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46442) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zgsnj123/BYD_headunit_vuls + diff --git a/2024/CVE-2024-46451.md b/2024/CVE-2024-46451.md new file mode 100644 index 0000000000..b2e05906d0 --- /dev/null +++ b/2024/CVE-2024-46451.md @@ -0,0 +1,18 @@ +### [CVE-2024-46451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46451) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/offshore0315/loT-vulnerable +- https://github.com/vidura2/CVE-2024-46451 + diff --git a/2024/CVE-2024-46453.md b/2024/CVE-2024-46453.md new file mode 100644 index 0000000000..56a1ce2328 --- /dev/null +++ b/2024/CVE-2024-46453.md @@ -0,0 +1,17 @@ +### [CVE-2024-46453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46453) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nosmo-gla/iq3xcite-XSS-2.31-3.05 + diff --git a/2024/CVE-2024-46455.md b/2024/CVE-2024-46455.md new file mode 100644 index 0000000000..a5e75eca41 --- /dev/null +++ b/2024/CVE-2024-46455.md @@ -0,0 +1,17 @@ +### [CVE-2024-46455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46455) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser. + +### POC + +#### Reference +- https://binarysouljour.me/cve-2024-46455 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46461.md b/2024/CVE-2024-46461.md new file mode 100644 index 0000000000..b5ac3b3c22 --- /dev/null +++ b/2024/CVE-2024-46461.md @@ -0,0 +1,17 @@ +### [CVE-2024-46461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46461) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/sjack8313/VULNAERABILITY_MANAGEMENT_AND_ALERTS + diff --git a/2024/CVE-2024-46472.md b/2024/CVE-2024-46472.md new file mode 100644 index 0000000000..82980fe112 --- /dev/null +++ b/2024/CVE-2024-46472.md @@ -0,0 +1,17 @@ +### [CVE-2024-46472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46472) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-46475.md b/2024/CVE-2024-46475.md new file mode 100644 index 0000000000..79061c7475 --- /dev/null +++ b/2024/CVE-2024-46475.md @@ -0,0 +1,17 @@ +### [CVE-2024-46475](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46475) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. + +### POC + +#### Reference +- https://blog.csdn.net/qq_45744104/article/details/141903463 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46479.md b/2024/CVE-2024-46479.md new file mode 100644 index 0000000000..16a3e7d23b --- /dev/null +++ b/2024/CVE-2024-46479.md @@ -0,0 +1,17 @@ +### [CVE-2024-46479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46479) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lorenzo-de-Sa/Vulnerability-Research + diff --git a/2024/CVE-2024-46480.md b/2024/CVE-2024-46480.md new file mode 100644 index 0000000000..1de394ffd0 --- /dev/null +++ b/2024/CVE-2024-46480.md @@ -0,0 +1,17 @@ +### [CVE-2024-46480](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46480) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lorenzo-de-Sa/Vulnerability-Research + diff --git a/2024/CVE-2024-46481.md b/2024/CVE-2024-46481.md new file mode 100644 index 0000000000..c7eca8a0f3 --- /dev/null +++ b/2024/CVE-2024-46481.md @@ -0,0 +1,17 @@ +### [CVE-2024-46481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46481) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lorenzo-de-Sa/Vulnerability-Research + diff --git a/2024/CVE-2024-46483.md b/2024/CVE-2024-46483.md new file mode 100644 index 0000000000..f8886428a1 --- /dev/null +++ b/2024/CVE-2024-46483.md @@ -0,0 +1,17 @@ +### [CVE-2024-46483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46483) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kn32/cve-2024-46483 + diff --git a/2024/CVE-2024-46486.md b/2024/CVE-2024-46486.md new file mode 100644 index 0000000000..ce63c23b8c --- /dev/null +++ b/2024/CVE-2024-46486.md @@ -0,0 +1,17 @@ +### [CVE-2024-46486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46486) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. + +### POC + +#### Reference +- https://yuhehe88.github.io/2024/09/04/TL-WDR5620-Gigabit-Edition-v2-3/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46488.md b/2024/CVE-2024-46488.md new file mode 100644 index 0000000000..c754966ef3 --- /dev/null +++ b/2024/CVE-2024-46488.md @@ -0,0 +1,17 @@ +### [CVE-2024-46488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46488) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/VulnSphere/LLMVulnSphere + diff --git a/2024/CVE-2024-46489.md b/2024/CVE-2024-46489.md new file mode 100644 index 0000000000..cc43b38931 --- /dev/null +++ b/2024/CVE-2024-46489.md @@ -0,0 +1,17 @@ +### [CVE-2024-46489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46489) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/VulnSphere/LLMVulnSphere + diff --git a/2024/CVE-2024-46494.md b/2024/CVE-2024-46494.md new file mode 100644 index 0000000000..d6de0dbd6b --- /dev/null +++ b/2024/CVE-2024-46494.md @@ -0,0 +1,17 @@ +### [CVE-2024-46494](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46494) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. + +### POC + +#### Reference +- https://h40vv3n.github.io/2024/09/05/typecho-xss/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46505.md b/2024/CVE-2024-46505.md new file mode 100644 index 0000000000..389814974f --- /dev/null +++ b/2024/CVE-2024-46505.md @@ -0,0 +1,17 @@ +### [CVE-2024-46505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46505) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. + +### POC + +#### Reference +- https://jayaramyalla.medium.com/bloxone-business-logic-flaw-due-to-thick-client-vulnerabilities-cve-2024-46505-04a4f1966f4b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46506.md b/2024/CVE-2024-46506.md new file mode 100644 index 0000000000..047c3da04b --- /dev/null +++ b/2024/CVE-2024-46506.md @@ -0,0 +1,17 @@ +### [CVE-2024-46506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46506) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. + +### POC + +#### Reference +- https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46510.md b/2024/CVE-2024-46510.md new file mode 100644 index 0000000000..60364f6e0a --- /dev/null +++ b/2024/CVE-2024-46510.md @@ -0,0 +1,17 @@ +### [CVE-2024-46510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46510) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-46528.md b/2024/CVE-2024-46528.md new file mode 100644 index 0000000000..d6b6890b4a --- /dev/null +++ b/2024/CVE-2024-46528.md @@ -0,0 +1,17 @@ +### [CVE-2024-46528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46528) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. + +### POC + +#### Reference +- https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46532.md b/2024/CVE-2024-46532.md new file mode 100644 index 0000000000..7169878ab8 --- /dev/null +++ b/2024/CVE-2024-46532.md @@ -0,0 +1,17 @@ +### [CVE-2024-46532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46532) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/KamenRiderDarker/CVE-2024-46532 + diff --git a/2024/CVE-2024-46538.md b/2024/CVE-2024-46538.md new file mode 100644 index 0000000000..438b6672ba --- /dev/null +++ b/2024/CVE-2024-46538.md @@ -0,0 +1,19 @@ +### [CVE-2024-46538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46538) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/EQSTLab/CVE-2024-46538 +- https://github.com/LauLeysen/CVE-2024-46538 +- https://github.com/defHawk-tech/CVEs + diff --git a/2024/CVE-2024-46539.md b/2024/CVE-2024-46539.md new file mode 100644 index 0000000000..5eefa28da1 --- /dev/null +++ b/2024/CVE-2024-46539.md @@ -0,0 +1,17 @@ +### [CVE-2024-46539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46539) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/harishmanam/-Fireboltt-Artillery-Smartwatch + diff --git a/2024/CVE-2024-46542.md b/2024/CVE-2024-46542.md new file mode 100644 index 0000000000..ef1697a8a6 --- /dev/null +++ b/2024/CVE-2024-46542.md @@ -0,0 +1,17 @@ +### [CVE-2024-46542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46542) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MarioTesoro/CVE-2024-46542 + diff --git a/2024/CVE-2024-46605.md b/2024/CVE-2024-46605.md new file mode 100644 index 0000000000..4f6992b3b0 --- /dev/null +++ b/2024/CVE-2024-46605.md @@ -0,0 +1,17 @@ +### [CVE-2024-46605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46605) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. + +### POC + +#### Reference +- https://drive.google.com/file/d/1-OiaEitTaY7tpEPZMZ8GYtyUH3QWVn22/view?usp=drive_link + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46607.md b/2024/CVE-2024-46607.md new file mode 100644 index 0000000000..02ffaa860b --- /dev/null +++ b/2024/CVE-2024-46607.md @@ -0,0 +1,17 @@ +### [CVE-2024-46607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46607) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lunax0/CVE_List + diff --git a/2024/CVE-2024-46609.md b/2024/CVE-2024-46609.md new file mode 100644 index 0000000000..a745bcb77a --- /dev/null +++ b/2024/CVE-2024-46609.md @@ -0,0 +1,17 @@ +### [CVE-2024-46609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46609) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lunax0/CVE_List + diff --git a/2024/CVE-2024-46610.md b/2024/CVE-2024-46610.md new file mode 100644 index 0000000000..bd58868009 --- /dev/null +++ b/2024/CVE-2024-46610.md @@ -0,0 +1,17 @@ +### [CVE-2024-46610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46610) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lunax0/CVE_List + diff --git a/2024/CVE-2024-46612.md b/2024/CVE-2024-46612.md new file mode 100644 index 0000000000..e7fc3b124b --- /dev/null +++ b/2024/CVE-2024-46612.md @@ -0,0 +1,17 @@ +### [CVE-2024-46612](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46612) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Lunax0/CVE_List + diff --git a/2024/CVE-2024-46626.md b/2024/CVE-2024-46626.md new file mode 100644 index 0000000000..9c74300e8a --- /dev/null +++ b/2024/CVE-2024-46626.md @@ -0,0 +1,17 @@ +### [CVE-2024-46626](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46626) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fahimalshihab/DataSecurity + diff --git a/2024/CVE-2024-46627.md b/2024/CVE-2024-46627.md new file mode 100644 index 0000000000..59c0950f97 --- /dev/null +++ b/2024/CVE-2024-46627.md @@ -0,0 +1,17 @@ +### [CVE-2024-46627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46627) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/d4lyw/CVE-2024-46627 + diff --git a/2024/CVE-2024-46635.md b/2024/CVE-2024-46635.md new file mode 100644 index 0000000000..74eefc28ac --- /dev/null +++ b/2024/CVE-2024-46635.md @@ -0,0 +1,17 @@ +### [CVE-2024-46635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46635) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/h1thub/CVE-2024-46635 + diff --git a/2024/CVE-2024-46644.md b/2024/CVE-2024-46644.md new file mode 100644 index 0000000000..f47a70a3a2 --- /dev/null +++ b/2024/CVE-2024-46644.md @@ -0,0 +1,17 @@ +### [CVE-2024-46644](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46644) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/skit-cyber-security/eNMS_vulnerabilities + diff --git a/2024/CVE-2024-46645.md b/2024/CVE-2024-46645.md new file mode 100644 index 0000000000..3813bf31e0 --- /dev/null +++ b/2024/CVE-2024-46645.md @@ -0,0 +1,17 @@ +### [CVE-2024-46645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46645) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/skit-cyber-security/eNMS_vulnerabilities + diff --git a/2024/CVE-2024-46646.md b/2024/CVE-2024-46646.md new file mode 100644 index 0000000000..a1d2f69f54 --- /dev/null +++ b/2024/CVE-2024-46646.md @@ -0,0 +1,17 @@ +### [CVE-2024-46646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46646) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/skit-cyber-security/eNMS_vulnerabilities + diff --git a/2024/CVE-2024-46647.md b/2024/CVE-2024-46647.md new file mode 100644 index 0000000000..1073851db6 --- /dev/null +++ b/2024/CVE-2024-46647.md @@ -0,0 +1,17 @@ +### [CVE-2024-46647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46647) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/skit-cyber-security/eNMS_vulnerabilities + diff --git a/2024/CVE-2024-46648.md b/2024/CVE-2024-46648.md new file mode 100644 index 0000000000..8ca32c3416 --- /dev/null +++ b/2024/CVE-2024-46648.md @@ -0,0 +1,17 @@ +### [CVE-2024-46648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46648) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/skit-cyber-security/eNMS_vulnerabilities + diff --git a/2024/CVE-2024-46649.md b/2024/CVE-2024-46649.md new file mode 100644 index 0000000000..bd19ffc6b3 --- /dev/null +++ b/2024/CVE-2024-46649.md @@ -0,0 +1,17 @@ +### [CVE-2024-46649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46649) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/skit-cyber-security/eNMS_vulnerabilities + diff --git a/2024/CVE-2024-4665.md b/2024/CVE-2024-4665.md new file mode 100644 index 0000000000..aed349fd09 --- /dev/null +++ b/2024/CVE-2024-4665.md @@ -0,0 +1,17 @@ +### [CVE-2024-4665](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4665) +![](https://img.shields.io/static/v1?label=Product&message=EventPrime&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.4.9%3C%203.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/50b78cac-cad1-4526-9655-ae0440739796/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46658.md b/2024/CVE-2024-46658.md new file mode 100644 index 0000000000..d3a35a0de8 --- /dev/null +++ b/2024/CVE-2024-46658.md @@ -0,0 +1,17 @@ +### [CVE-2024-46658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46658) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jackalkarlos/CVE-2024-46658 + diff --git a/2024/CVE-2024-46669.md b/2024/CVE-2024-46669.md new file mode 100644 index 0000000000..f45ddb2d37 --- /dev/null +++ b/2024/CVE-2024-46669.md @@ -0,0 +1,17 @@ +### [CVE-2024-46669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46669) +![](https://img.shields.io/static/v1?label=Product&message=FortiOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7.4.0%3C%3D%207.4.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20service&color=brighgreen) + +### Description + +An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/N3vv/N3vv + diff --git a/2024/CVE-2024-4671.md b/2024/CVE-2024-4671.md index 78ea419398..3fdeaa278c 100644 --- a/2024/CVE-2024-4671.md +++ b/2024/CVE-2024-4671.md @@ -14,5 +14,9 @@ No PoCs from references. #### Github - https://github.com/apiverve/news-API +- https://github.com/gmh5225/vulnjs +- https://github.com/pawan-shivarkar/List-of-CVE-s- +- https://github.com/pawan-shivarkar/pawan-shivarkar - https://github.com/tanjiti/sec_profile +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-46713.md b/2024/CVE-2024-46713.md new file mode 100644 index 0000000000..98dd4045f7 --- /dev/null +++ b/2024/CVE-2024-46713.md @@ -0,0 +1,18 @@ +### [CVE-2024-46713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46713) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=45bfb2e50471%3C%207882923f1cb8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:perf/aux: Fix AUX buffer serializationOle reported that event->mmap_mutex is strictly insufficient toserialize the AUX buffer, add a per RB mutex to fully serialize it.Note that in the lock order comment the perf_event::mmap_mutex orderwas already wrong, that is, it nesting under mmap_lock is not new withthis patch. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-46740.md b/2024/CVE-2024-46740.md new file mode 100644 index 0000000000..fd3e3dcad6 --- /dev/null +++ b/2024/CVE-2024-46740.md @@ -0,0 +1,17 @@ +### [CVE-2024-46740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46740) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=c056a6ba35e0%3C%205a32bfd23022%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:binder: fix UAF caused by offsets overwriteBinder objects are processed and copied individually into the targetbuffer during transactions. Any raw data in-between these objects iscopied as well. However, this raw data copy lacks an out-of-boundscheck. If the raw data exceeds the data section size then the copyoverwrites the offsets section. This eventually triggers an error thatattempts to unwind the processed objects. However, at this point theoffsets used to index these objects are now corrupted.Unwinding with corrupted offsets can result in decrements of arbitrarynodes and lead to their premature release. Other users of such nodes areleft with a dangling pointer triggering a use-after-free. This issue ismade evident by the following KASAN report (trimmed): ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff47fc91598f04 by task binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Allocated by task 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Freed by task 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ==================================================================To avoid this issue, let's check that the raw data copy is within theboundaries of the data section. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2024/CVE-2024-46774.md b/2024/CVE-2024-46774.md new file mode 100644 index 0000000000..c9deba9649 --- /dev/null +++ b/2024/CVE-2024-46774.md @@ -0,0 +1,17 @@ +### [CVE-2024-46774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46774) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%3C%20d2834ff1d9641a8695a09ea79cd901c7b6d4d05f%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap)The 'nargs' and 'nret' locals come directly from a user-suppliedbuffer and are used as indexes into a small stack-based array and asinputs to copy_to_user() after they are subject to bounds checks.Use array_index_nospec() after the bounds checks to clamp these valuesfor speculative execution. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-46786.md b/2024/CVE-2024-46786.md new file mode 100644 index 0000000000..9f16a89e5b --- /dev/null +++ b/2024/CVE-2024-46786.md @@ -0,0 +1,17 @@ +### [CVE-2024-46786](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46786) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=12bb21a29c19%3C%20e0d724932ad1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAFThe fscache_cookie_lru_timer is initialized when the fscache moduleis inserted, but is not deleted when the fscache module is removed.If timer_reduce() is called before removing the fscache module,the fscache_cookie_lru_timer will be added to the timer list ofthe current cpu. Afterwards, a use-after-free will be triggeredin the softIRQ after removing the fscache module, as follows:==================================================================BUG: unable to handle page fault for address: fffffbfff803c9e9 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present pagePGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTICPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855Tainted: [W]=WARNRIP: 0010:__run_timer_base.part.0+0x254/0x8a0Call Trace: tmigr_handle_remote_up+0x627/0x810 __walk_groups.isra.0+0x47/0x140 tmigr_handle_remote+0x1fa/0x2f0 handle_softirqs+0x180/0x590 irq_exit_rcu+0x84/0xb0 sysvec_apic_timer_interrupt+0x6e/0x90 asm_sysvec_apic_timer_interrupt+0x1a/0x20RIP: 0010:default_idle+0xf/0x20 default_idle_call+0x38/0x60 do_idle+0x2b5/0x300 cpu_startup_entry+0x54/0x60 start_secondary+0x20d/0x280 common_startup_64+0x13e/0x148 Modules linked in: [last unloaded: netfs]==================================================================Therefore delete fscache_cookie_lru_timer when removing the fscahe module. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-46811.md b/2024/CVE-2024-46811.md new file mode 100644 index 0000000000..36159a6944 --- /dev/null +++ b/2024/CVE-2024-46811.md @@ -0,0 +1,17 @@ +### [CVE-2024-46811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46811) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%204003bac78438%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box[Why]Coverity reports OVERRUN warning. soc.num_states couldbe 40. But array range of bw_params->clk_table.entries is 8.[How]Assert if soc.num_states greater than 8. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-46813.md b/2024/CVE-2024-46813.md new file mode 100644 index 0000000000..fa2545d855 --- /dev/null +++ b/2024/CVE-2024-46813.md @@ -0,0 +1,17 @@ +### [CVE-2024-46813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46813) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%3C%20032c5407a608ac3b2a98bf4fbda27d12c20c5887%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Check link_index before accessing dc->links[][WHY & HOW]dc->links[] has max size of MAX_LINKS and NULL is return when trying toaccess with out-of-bound index.This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-46833.md b/2024/CVE-2024-46833.md new file mode 100644 index 0000000000..53626899fd --- /dev/null +++ b/2024/CVE-2024-46833.md @@ -0,0 +1,17 @@ +### [CVE-2024-46833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46833) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20c33a9806dc80%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net: hns3: void array out of bound when loop tnl_numWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comesfrom hardware and the length of array is a fixed value. To void array outof bound, make sure the loop time is not greater than the length of array + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-46909.md b/2024/CVE-2024-46909.md new file mode 100644 index 0000000000..1a334f85a7 --- /dev/null +++ b/2024/CVE-2024-46909.md @@ -0,0 +1,19 @@ +### [CVE-2024-46909](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46909) +![](https://img.shields.io/static/v1?label=Product&message=WhatsUp%20Gold&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-16%20Configuration&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) + +### Description + +In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hsvhora/research_blogs + diff --git a/2024/CVE-2024-46938.md b/2024/CVE-2024-46938.md new file mode 100644 index 0000000000..b309eebb1f --- /dev/null +++ b/2024/CVE-2024-46938.md @@ -0,0 +1,27 @@ +### [CVE-2024-46938](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46938) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/Ostorlab/KEV +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability + diff --git a/2024/CVE-2024-46960.md b/2024/CVE-2024-46960.md new file mode 100644 index 0000000000..97142645bb --- /dev/null +++ b/2024/CVE-2024-46960.md @@ -0,0 +1,17 @@ +### [CVE-2024-46960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46960) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-46961.md b/2024/CVE-2024-46961.md new file mode 100644 index 0000000000..072b34a02b --- /dev/null +++ b/2024/CVE-2024-46961.md @@ -0,0 +1,17 @@ +### [CVE-2024-46961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46961) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-46962.md b/2024/CVE-2024-46962.md new file mode 100644 index 0000000000..76d179fd4f --- /dev/null +++ b/2024/CVE-2024-46962.md @@ -0,0 +1,17 @@ +### [CVE-2024-46962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46962) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-46963.md b/2024/CVE-2024-46963.md new file mode 100644 index 0000000000..8c44db7f85 --- /dev/null +++ b/2024/CVE-2024-46963.md @@ -0,0 +1,17 @@ +### [CVE-2024-46963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46963) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-46964.md b/2024/CVE-2024-46964.md new file mode 100644 index 0000000000..a411560988 --- /dev/null +++ b/2024/CVE-2024-46964.md @@ -0,0 +1,17 @@ +### [CVE-2024-46964](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46964) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-46965.md b/2024/CVE-2024-46965.md new file mode 100644 index 0000000000..dc1d1d84c2 --- /dev/null +++ b/2024/CVE-2024-46965.md @@ -0,0 +1,17 @@ +### [CVE-2024-46965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46965) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-46966.md b/2024/CVE-2024-46966.md new file mode 100644 index 0000000000..773f426f37 --- /dev/null +++ b/2024/CVE-2024-46966.md @@ -0,0 +1,17 @@ +### [CVE-2024-46966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46966) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/actuator/cve + diff --git a/2024/CVE-2024-46977.md b/2024/CVE-2024-46977.md new file mode 100644 index 0000000000..be72806416 --- /dev/null +++ b/2024/CVE-2024-46977.md @@ -0,0 +1,17 @@ +### [CVE-2024-46977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46977) +![](https://img.shields.io/static/v1?label=Product&message=cosmos&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.19.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46978.md b/2024/CVE-2024-46978.md new file mode 100644 index 0000000000..3638a62c9d --- /dev/null +++ b/2024/CVE-2024-46978.md @@ -0,0 +1,17 @@ +### [CVE-2024-46978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46978) +![](https://img.shields.io/static/v1?label=Product&message=xwiki-platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2013.2-rc-1%2C%20%3C%2014.10.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-648%3A%20Incorrect%20Use%20of%20Privileged%20APIs&color=brighgreen) + +### Description + +XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. + +### POC + +#### Reference +- https://jira.xwiki.org/browse/XWIKI-20337 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-46979.md b/2024/CVE-2024-46979.md new file mode 100644 index 0000000000..02aef0f9ba --- /dev/null +++ b/2024/CVE-2024-46979.md @@ -0,0 +1,18 @@ +### [CVE-2024-46979](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46979) +![](https://img.shields.io/static/v1?label=Product&message=xwiki-platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2013.2-rc-1%2C%20%3C%2014.10.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-359%3A%20Exposure%20of%20Private%20Personal%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582. + +### POC + +#### Reference +- https://jira.xwiki.org/browse/XWIKI-20336 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4698.md b/2024/CVE-2024-4698.md new file mode 100644 index 0000000000..483aabd3f1 --- /dev/null +++ b/2024/CVE-2024-4698.md @@ -0,0 +1,17 @@ +### [CVE-2024-4698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4698) +![](https://img.shields.io/static/v1?label=Product&message=Testimonial%20Carousel%20For%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%2010.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CodePontiff/next_js_poisoning + diff --git a/2024/CVE-2024-46981.md b/2024/CVE-2024-46981.md new file mode 100644 index 0000000000..ecdaaa4614 --- /dev/null +++ b/2024/CVE-2024-46981.md @@ -0,0 +1,20 @@ +### [CVE-2024-46981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46981) +![](https://img.shields.io/static/v1?label=Product&message=redis&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%207.4.0%2C%20%3C%207.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/plzheheplztrying/cve_monitor +- https://github.com/publicqi/CVE-2024-46981 +- https://github.com/rick2600/redis-stack-CVE-2024-55656 +- https://github.com/xsshk/CVE-2024-46981 + diff --git a/2024/CVE-2024-46982.md b/2024/CVE-2024-46982.md new file mode 100644 index 0000000000..d45c1e77f2 --- /dev/null +++ b/2024/CVE-2024-46982.md @@ -0,0 +1,21 @@ +### [CVE-2024-46982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46982) +![](https://img.shields.io/static/v1?label=Product&message=next.js&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2013.5.1%2C%20%3C%2013.5.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CodePontiff/next_js_poisoning +- https://github.com/Lercas/CVE-2024-46982 +- https://github.com/PuddinCat/GithubRepoSpider +- https://github.com/dev-pi2pie/next-v14_2-with-rehype-pretty-code-and-shiki-transformer +- https://github.com/melmathari/CVE-2024-46982-NUCLEI + diff --git a/2024/CVE-2024-46986.md b/2024/CVE-2024-46986.md new file mode 100644 index 0000000000..1c5423e597 --- /dev/null +++ b/2024/CVE-2024-46986.md @@ -0,0 +1,17 @@ +### [CVE-2024-46986](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46986) +![](https://img.shields.io/static/v1?label=Product&message=camaleon-cms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) + +### Description + +Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS + +#### Github +- https://github.com/vidura2/CVE-2024-46986 + diff --git a/2024/CVE-2024-46987.md b/2024/CVE-2024-46987.md new file mode 100644 index 0000000000..081a8d1914 --- /dev/null +++ b/2024/CVE-2024-46987.md @@ -0,0 +1,18 @@ +### [CVE-2024-46987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46987) +![](https://img.shields.io/static/v1?label=Product&message=camaleon-cms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47003.md b/2024/CVE-2024-47003.md new file mode 100644 index 0000000000..776d1cf032 --- /dev/null +++ b/2024/CVE-2024-47003.md @@ -0,0 +1,17 @@ +### [CVE-2024-47003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47003) +![](https://img.shields.io/static/v1?label=Product&message=Mattermost&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/c0rydoras/cves + diff --git a/2024/CVE-2024-4701.md b/2024/CVE-2024-4701.md index b2c7f029c3..64066e6476 100644 --- a/2024/CVE-2024-4701.md +++ b/2024/CVE-2024-4701.md @@ -13,6 +13,8 @@ A path traversal issue potentially leading to remote code execution in Genie for No PoCs from references. #### Github +- https://github.com/JinhyukKo/CVE-2024-4701-POC - https://github.com/JoeBeeton/CVE-2024-4701-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/zulloper/cve-poc diff --git a/2024/CVE-2024-4704.md b/2024/CVE-2024-4704.md index 0a98b91c3b..50bc4ef53f 100644 --- a/2024/CVE-2024-4704.md +++ b/2024/CVE-2024-4704.md @@ -13,5 +13,5 @@ The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allow - https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/ #### Github -No PoCs found on GitHub currently. +- https://github.com/BharatCyberForce/wp-hunter diff --git a/2024/CVE-2024-47051.md b/2024/CVE-2024-47051.md new file mode 100644 index 0000000000..1a86d9a957 --- /dev/null +++ b/2024/CVE-2024-47051.md @@ -0,0 +1,20 @@ +### [CVE-2024-47051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47051) +![](https://img.shields.io/static/v1?label=Product&message=mautic%2Fcore&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/hsvhora/research_blogs +- https://github.com/mallo-m/CVE-2024-47051 +- https://github.com/plzheheplztrying/cve_monitor + diff --git a/2024/CVE-2024-47060.md b/2024/CVE-2024-47060.md new file mode 100644 index 0000000000..6aaf01457d --- /dev/null +++ b/2024/CVE-2024-47060.md @@ -0,0 +1,17 @@ +### [CVE-2024-47060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47060) +![](https://img.shields.io/static/v1?label=Product&message=zitadel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.62.0%2C%20%3C%202.62.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to unauthorized access. Additionally, if a project was deactivated access to applications was also still possible. The issue stems from the fact that when an organization is deactivated in Zitadel, the applications associated with it do not automatically deactivate. The application lifecycle is not tightly coupled with the organization's lifecycle, leading to a situation where the organization or project is marked as inactive, but its resources remain accessible. This vulnerability allows for unauthorized access to projects and their resources, which should have been restricted post-organization deactivation. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly disable the application to make sure the client is not allowed anymore. + +### POC + +#### Reference +- https://github.com/zitadel/zitadel/security/advisories/GHSA-jj94-6f5c-65r8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47062.md b/2024/CVE-2024-47062.md new file mode 100644 index 0000000000..e2dba544a0 --- /dev/null +++ b/2024/CVE-2024-47062.md @@ -0,0 +1,18 @@ +### [CVE-2024-47062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47062) +![](https://img.shields.io/static/v1?label=Product&message=navidrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.53.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6 + +#### Github +- https://github.com/fahimalshihab/DataSecurity +- https://github.com/saisathvik1/CVE-2024-47062 + diff --git a/2024/CVE-2024-47066.md b/2024/CVE-2024-47066.md new file mode 100644 index 0000000000..044ed1016d --- /dev/null +++ b/2024/CVE-2024-47066.md @@ -0,0 +1,18 @@ +### [CVE-2024-47066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47066) +![](https://img.shields.io/static/v1?label=Product&message=lobe-chat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.19.13%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue. + +### POC + +#### Reference +- https://github.com/lobehub/lobe-chat/security/advisories/GHSA-3fc8-2r3f-8wrg +- https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc + +#### Github +- https://github.com/l8BL/CVE-2024-47066 + diff --git a/2024/CVE-2024-47067.md b/2024/CVE-2024-47067.md new file mode 100644 index 0000000000..b28b455bd1 --- /dev/null +++ b/2024/CVE-2024-47067.md @@ -0,0 +1,17 @@ +### [CVE-2024-47067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47067) +![](https://img.shields.io/static/v1?label=Product&message=alist&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.29.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2023-220_Alist/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47068.md b/2024/CVE-2024-47068.md new file mode 100644 index 0000000000..bec4d14126 --- /dev/null +++ b/2024/CVE-2024-47068.md @@ -0,0 +1,17 @@ +### [CVE-2024-47068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47068) +![](https://img.shields.io/static/v1?label=Product&message=rollup&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.0.0%2C%20%3C%203.29.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability. + +### POC + +#### Reference +- https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm + +#### Github +- https://github.com/jackfromeast/dom-clobbering-collection + diff --git a/2024/CVE-2024-47069.md b/2024/CVE-2024-47069.md new file mode 100644 index 0000000000..1d571e50ce --- /dev/null +++ b/2024/CVE-2024-47069.md @@ -0,0 +1,17 @@ +### [CVE-2024-47069](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47069) +![](https://img.shields.io/static/v1?label=Product&message=contao-cookiebar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.16.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability. + +### POC + +#### Reference +- https://github.com/oveleon/contao-cookiebar/security/advisories/GHSA-296q-rj83-g9rq + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47071.md b/2024/CVE-2024-47071.md new file mode 100644 index 0000000000..4e8a867b54 --- /dev/null +++ b/2024/CVE-2024-47071.md @@ -0,0 +1,17 @@ +### [CVE-2024-47071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47071) +![](https://img.shields.io/static/v1?label=Product&message=security-reporting&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2014.0.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4. + +### POC + +#### Reference +- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-x9wc-qjrc-j7ww + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47072.md b/2024/CVE-2024-47072.md new file mode 100644 index 0000000000..204982906a --- /dev/null +++ b/2024/CVE-2024-47072.md @@ -0,0 +1,18 @@ +### [CVE-2024-47072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47072) +![](https://img.shields.io/static/v1?label=Product&message=xstream&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.4.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bhagyahosur18/banking-app + diff --git a/2024/CVE-2024-47075.md b/2024/CVE-2024-47075.md new file mode 100644 index 0000000000..2f08b2a086 --- /dev/null +++ b/2024/CVE-2024-47075.md @@ -0,0 +1,17 @@ +### [CVE-2024-47075](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47075) +![](https://img.shields.io/static/v1?label=Product&message=layui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.9.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/jackfromeast/dom-clobbering-collection + diff --git a/2024/CVE-2024-47076.md b/2024/CVE-2024-47076.md new file mode 100644 index 0000000000..b0db903067 --- /dev/null +++ b/2024/CVE-2024-47076.md @@ -0,0 +1,28 @@ +### [CVE-2024-47076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47076) +![](https://img.shields.io/static/v1?label=Product&message=libcupsfilters&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.1b1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. + +### POC + +#### Reference +- https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 +- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 +- https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 +- https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 + +#### Github +- https://github.com/0x7556/CVE-2024-47176 +- https://github.com/0xCZR1/PoC-Cups-RCE-CVE-exploit-chain +- https://github.com/Alie-N/cups-vulnerability-exploit +- https://github.com/Kuri119/EvilCups +- https://github.com/MalwareTech/CVE-2024-47176-Scanner +- https://github.com/gumerzzzindo/CVE-2024-47176 +- https://github.com/l0n3m4n/CVE-2024-47176 +- https://github.com/lkarlslund/jugular +- https://github.com/mutkus/CVE-2024-47076 + diff --git a/2024/CVE-2024-47103.md b/2024/CVE-2024-47103.md new file mode 100644 index 0000000000..bbdc0eac46 --- /dev/null +++ b/2024/CVE-2024-47103.md @@ -0,0 +1,17 @@ +### [CVE-2024-47103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47103) +![](https://img.shields.io/static/v1?label=Product&message=Sterling%20B2B%20Integrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0.0%3C%3D%206.1.2.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/aldisat/aldisat.github.io + diff --git a/2024/CVE-2024-4711.md b/2024/CVE-2024-4711.md new file mode 100644 index 0000000000..aa792f5f8b --- /dev/null +++ b/2024/CVE-2024-4711.md @@ -0,0 +1,17 @@ +### [CVE-2024-4711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4711) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Infinite%20Scroll%20%E2%80%93%20Ajax%20Load%20More&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%207.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/realstatus/CVE-2024-40711-Exp + diff --git a/2024/CVE-2024-47170.md b/2024/CVE-2024-47170.md new file mode 100644 index 0000000000..5be4c59117 --- /dev/null +++ b/2024/CVE-2024-47170.md @@ -0,0 +1,17 @@ +### [CVE-2024-47170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47170) +![](https://img.shields.io/static/v1?label=Product&message=agnai&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.0.330%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-35%3A%20Path%20Traversal%3A%20'...%2F...%2F%2F'&color=brighgreen) + +### Description + +Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. + +### POC + +#### Reference +- https://github.com/agnaistic/agnai/security/advisories/GHSA-h355-hm5h-cm8h + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47175.md b/2024/CVE-2024-47175.md new file mode 100644 index 0000000000..241d9944f9 --- /dev/null +++ b/2024/CVE-2024-47175.md @@ -0,0 +1,28 @@ +### [CVE-2024-47175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175) +![](https://img.shields.io/static/v1?label=Product&message=libppd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.1b1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. + +### POC + +#### Reference +- https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 +- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 +- https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 +- https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 + +#### Github +- https://github.com/0x7556/CVE-2024-47176 +- https://github.com/0xCZR1/PoC-Cups-RCE-CVE-exploit-chain +- https://github.com/Alie-N/cups-vulnerability-exploit +- https://github.com/Kuri119/EvilCups +- https://github.com/MalwareTech/CVE-2024-47176-Scanner +- https://github.com/adegoodyer/kubernetes-admin-toolkit +- https://github.com/gumerzzzindo/CVE-2024-47176 +- https://github.com/l0n3m4n/CVE-2024-47176 +- https://github.com/lkarlslund/jugular + diff --git a/2024/CVE-2024-47176.md b/2024/CVE-2024-47176.md new file mode 100644 index 0000000000..1457d8a318 --- /dev/null +++ b/2024/CVE-2024-47176.md @@ -0,0 +1,44 @@ +### [CVE-2024-47176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47176) +![](https://img.shields.io/static/v1?label=Product&message=cups-browsed&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1327%3A%20Binding%20to%20an%20Unrestricted%20IP%20Address&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-749%3A%20Exposed%20Dangerous%20Method%20or%20Function&color=brighgreen) + +### Description + +CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to. + +### POC + +#### Reference +- https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 +- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 +- https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 +- https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 + +#### Github +- https://github.com/0x7556/CVE-2024-47176 +- https://github.com/0xCZR1/PoC-Cups-RCE-CVE-exploit-chain +- https://github.com/Alie-N/cups-vulnerability-exploit +- https://github.com/GO0dspeed/spill +- https://github.com/GraveRose/cups +- https://github.com/Kuri119/EvilCups +- https://github.com/MalwareTech/CVE-2024-47176-Scanner +- https://github.com/NIMRAA3/cisco-n-map-port-scanning-lab +- https://github.com/Ostorlab/KEV +- https://github.com/WillGAndre/WillGAndre +- https://github.com/aytackalinci/CVE-2024-47176 +- https://github.com/fr33s0ul/CUPS-mitigation-script +- https://github.com/gianlu111/CUPS-CVE-2024-47176 +- https://github.com/gonoph/ansible-mitigation +- https://github.com/gumerzzzindo/CVE-2024-47176 +- https://github.com/l0n3m4n/CVE-2024-47176 +- https://github.com/lkarlslund/jugular +- https://github.com/mr-r3b00t/CVE-2024-47176 +- https://github.com/nma-io/CVE-2024-47176 +- https://github.com/onhexgroup/Exploits-Review +- https://github.com/referefref/cupspot-2024-47177 +- https://github.com/tonyarris/CVE-2024-47176-Scanner +- https://github.com/workabhiwin09/CVE-2024-47176 + diff --git a/2024/CVE-2024-47177.md b/2024/CVE-2024-47177.md new file mode 100644 index 0000000000..8edd5bf38d --- /dev/null +++ b/2024/CVE-2024-47177.md @@ -0,0 +1,39 @@ +### [CVE-2024-47177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47177) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or CVE-2024-47176 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. According to rule 4.2.15 of the CVE CNA rules, \"CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0x7556/CVE-2024-47176 +- https://github.com/0xCZR1/PoC-Cups-RCE-CVE-exploit-chain +- https://github.com/12442RF/POC +- https://github.com/Alie-N/cups-vulnerability-exploit +- https://github.com/DMW11525708/wiki +- https://github.com/J1ezds/Vulnerability-Wiki-page +- https://github.com/Kuri119/EvilCups +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/MalwareTech/CVE-2024-47176-Scanner +- https://github.com/Threekiii/Awesome-POC +- https://github.com/XiaomingX/awesome-poc-for-red-team +- https://github.com/adysec/POC +- https://github.com/cisp-pte/POC-20241008-sec-fork +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/l0n3m4n/CVE-2024-47176 +- https://github.com/laoa1573/wy876 +- https://github.com/lkarlslund/jugular +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 +- https://github.com/referefref/cupspot-2024-47177 + diff --git a/2024/CVE-2024-47179.md b/2024/CVE-2024-47179.md new file mode 100644 index 0000000000..218c53abb7 --- /dev/null +++ b/2024/CVE-2024-47179.md @@ -0,0 +1,18 @@ +### [CVE-2024-47179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47179) +![](https://img.shields.io/static/v1?label=Product&message=RSSHub&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2064e00e7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made the repository no longer vulnerable. The `docker-test-cont.yml` workflow gets triggered when the `PR - Docker build test` workflow completes successfully. It then collects some information about the Pull Request that triggered the triggering workflow and set some labels depending on the PR body and sender. If the PR also contains a `routes` markdown block, it will set the `TEST_CONTINUE` environment variable to `true`. The workflow then downloads and extracts an artifact uploaded by the triggering workflow which is expected to contain a single `rsshub.tar.zst` file. However, prior to commit 64e00e7, it did not validate and the contents were extracted in the root of the workspace overriding any existing files. Since the contents of the artifact were not validated, it is possible for a malicious actor to send a Pull Request which uploads, not just the `rsshub.tar.zst` compressed docker image, but also a malicious `package.json` file with a script to run arbitrary code in the context of the privileged workflow. As of commit 64e00e7, this scenario has been addressed and the RSSHub repository is no longer vulnerable. + +### POC + +#### Reference +- https://github.com/DIYgod/RSSHub/security/advisories/GHSA-9mqc-fm24-h8cw +- https://securitylab.github.com/advisories/GHSL-2024-178_RSSHub + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47182.md b/2024/CVE-2024-47182.md new file mode 100644 index 0000000000..22240564a8 --- /dev/null +++ b/2024/CVE-2024-47182.md @@ -0,0 +1,17 @@ +### [CVE-2024-47182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47182) +![](https://img.shields.io/static/v1?label=Product&message=dozzle&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%208.5.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-328%3A%20Use%20of%20Weak%20Hash&color=brighgreen) + +### Description + +Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3. + +### POC + +#### Reference +- https://github.com/amir20/dozzle/security/advisories/GHSA-w7qr-q9fh-fj35 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47184.md b/2024/CVE-2024-47184.md new file mode 100644 index 0000000000..97d576e85f --- /dev/null +++ b/2024/CVE-2024-47184.md @@ -0,0 +1,17 @@ +### [CVE-2024-47184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47184) +![](https://img.shields.io/static/v1?label=Product&message=ampache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%206.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue. + +### POC + +#### Reference +- https://github.com/ampache/ampache/security/advisories/GHSA-f99r-gv34-v46f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47186.md b/2024/CVE-2024-47186.md new file mode 100644 index 0000000000..2eafd77d12 --- /dev/null +++ b/2024/CVE-2024-47186.md @@ -0,0 +1,17 @@ +### [CVE-2024-47186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47186) +![](https://img.shields.io/static/v1?label=Product&message=filament&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.0.0%2C%20%3C%203.2.115%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue. + +### POC + +#### Reference +- https://github.com/filamentphp/filament/security/advisories/GHSA-9h9q-qhxg-89xr + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47187.md b/2024/CVE-2024-47187.md new file mode 100644 index 0000000000..8b15be68b0 --- /dev/null +++ b/2024/CVE-2024-47187.md @@ -0,0 +1,17 @@ +### [CVE-2024-47187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47187) +![](https://img.shields.io/static/v1?label=Product&message=suricata&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%207.0.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-330%3A%20Use%20of%20Insufficiently%20Random%20Values&color=brighgreen) + +### Description + +Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules. + +### POC + +#### Reference +- https://redmine.openinfosecfoundation.org/issues/7209 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47195.md b/2024/CVE-2024-47195.md new file mode 100644 index 0000000000..4e09d985c8 --- /dev/null +++ b/2024/CVE-2024-47195.md @@ -0,0 +1,18 @@ +### [CVE-2024-47195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47195) +![](https://img.shields.io/static/v1?label=Product&message=ModelSim&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Questa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2024.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-427%3A%20Uncontrolled%20Search%20Path%20Element&color=brighgreen) + +### Description + +A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kipiiler/chat-bot-nvd + diff --git a/2024/CVE-2024-47208.md b/2024/CVE-2024-47208.md new file mode 100644 index 0000000000..4450bc70d7 --- /dev/null +++ b/2024/CVE-2024-47208.md @@ -0,0 +1,19 @@ +### [CVE-2024-47208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47208) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20OFBiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2018.12.17%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.17.Users are recommended to upgrade to version 18.12.17, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DoTTak/Apache-OFBiz-1-Day-Analysis +- https://github.com/Threekiii/CVE + diff --git a/2024/CVE-2024-47212.md b/2024/CVE-2024-47212.md new file mode 100644 index 0000000000..d1df12b0b3 --- /dev/null +++ b/2024/CVE-2024-47212.md @@ -0,0 +1,17 @@ +### [CVE-2024-47212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47212) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. + +### POC + +#### Reference +- https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47213.md b/2024/CVE-2024-47213.md new file mode 100644 index 0000000000..a56238b384 --- /dev/null +++ b/2024/CVE-2024-47213.md @@ -0,0 +1,17 @@ +### [CVE-2024-47213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47213) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted. + +### POC + +#### Reference +- https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47214.md b/2024/CVE-2024-47214.md new file mode 100644 index 0000000000..27057f6e27 --- /dev/null +++ b/2024/CVE-2024-47214.md @@ -0,0 +1,17 @@ +### [CVE-2024-47214](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47214) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47212, but involves a different kind of malicious payload. As above, it can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. + +### POC + +#### Reference +- https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47215.md b/2024/CVE-2024-47215.md new file mode 100644 index 0000000000..bca0be6473 --- /dev/null +++ b/2024/CVE-2024-47215.md @@ -0,0 +1,17 @@ +### [CVE-2024-47215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47215) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected (latency, throughput). + +### POC + +#### Reference +- https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47217.md b/2024/CVE-2024-47217.md new file mode 100644 index 0000000000..04ef34bacb --- /dev/null +++ b/2024/CVE-2024-47217.md @@ -0,0 +1,17 @@ +### [CVE-2024-47217](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47217) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Iglu Server 0.13.0 and below. It is similar to CVE-2024-47214, but involves an authenticated endpoint. It can render Iglu Server completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt. + +### POC + +#### Reference +- https://support.snowplow.io/hc/en-us/articles/26318139354909-Update-Critical-Snowplow-Security-Updates-Impact-on-Open-Source-Software-Users + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47223.md b/2024/CVE-2024-47223.md new file mode 100644 index 0000000000..f359c35cf6 --- /dev/null +++ b/2024/CVE-2024-47223.md @@ -0,0 +1,17 @@ +### [CVE-2024-47223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47223) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/uklad/Micollab-Script + diff --git a/2024/CVE-2024-47226.md b/2024/CVE-2024-47226.md new file mode 100644 index 0000000000..c8c33786a7 --- /dev/null +++ b/2024/CVE-2024-47226.md @@ -0,0 +1,17 @@ +### [CVE-2024-47226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47226) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties have disputed this as not a vulnerability. It is argued that the configuration revision banner feature is meant to contain unsanitized HTML in order to display notifications to users. Since these fields are intended to display unsanitized HTML, this is working as intended. + +### POC + +#### Reference +- https://github.com/tu3n4nh/netbox/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4730.md b/2024/CVE-2024-4730.md index 2abd6d935d..477e7615df 100644 --- a/2024/CVE-2024-4730.md +++ b/2024/CVE-2024-4730.md @@ -11,6 +11,7 @@ A vulnerability classified as problematic has been found in Campcodes Legal Case #### Reference - https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_judge.md +- https://vuldb.com/?id.263808 #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-47315.md b/2024/CVE-2024-47315.md new file mode 100644 index 0000000000..666a4403d5 --- /dev/null +++ b/2024/CVE-2024-47315.md @@ -0,0 +1,17 @@ +### [CVE-2024-47315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47315) +![](https://img.shields.io/static/v1?label=Product&message=GiveWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Chocapikk/wpprobe + diff --git a/2024/CVE-2024-47373.md b/2024/CVE-2024-47373.md new file mode 100644 index 0000000000..5c06d21f71 --- /dev/null +++ b/2024/CVE-2024-47373.md @@ -0,0 +1,17 @@ +### [CVE-2024-47373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47373) +![](https://img.shields.io/static/v1?label=Product&message=LiteSpeed%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-47374.md b/2024/CVE-2024-47374.md new file mode 100644 index 0000000000..29e8f367a5 --- /dev/null +++ b/2024/CVE-2024-47374.md @@ -0,0 +1,17 @@ +### [CVE-2024-47374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47374) +![](https://img.shields.io/static/v1?label=Product&message=LiteSpeed%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-47408.md b/2024/CVE-2024-47408.md new file mode 100644 index 0000000000..593dddb595 --- /dev/null +++ b/2024/CVE-2024-47408.md @@ -0,0 +1,17 @@ +### [CVE-2024-47408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47408) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5c21c4ccafe85906db809de3af391fd434df8a27%3C%20a36364d8d4fabb105001f992fb8ff2d3546203d6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:net/smc: check smcd_v2_ext_offset when receiving proposal msgWhen receiving proposal msg in server, the field smcd_v2_ext_offset inproposal msg is from the remote client and can not be fully trusted.Once the value of smcd_v2_ext_offset exceed the max value, there hasthe chance to access wrong address, and crash may happen.This patch checks the value of smcd_v2_ext_offset before using it. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oogasawa/Utility-security + diff --git a/2024/CVE-2024-4741.md b/2024/CVE-2024-4741.md new file mode 100644 index 0000000000..3ab73399d4 --- /dev/null +++ b/2024/CVE-2024-4741.md @@ -0,0 +1,21 @@ +### [CVE-2024-4741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741) +![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=3.3.0%3C%203.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) + +### Description + +Issue summary: Calling the OpenSSL API function SSL_free_buffers may causememory to be accessed that was previously freed in some situationsImpact summary: A use after free can have a range of potential consequences suchas the corruption of valid data, crashes or execution of arbitrary code.However, only applications that directly call the SSL_free_buffers function areaffected by this issue. Applications that do not call this function are notvulnerable. Our investigations indicate that this function is rarely used byapplications.The SSL_free_buffers function is used to free the internal OpenSSL buffer usedwhen processing an incoming record from the network. The call is only expectedto succeed if the buffer is not currently in use. However, two scenarios havebeen identified where the buffer is freed even when still in use.The first scenario occurs where a record header has been received from thenetwork and processed by OpenSSL, but the full record body has not yet arrived.In this case calling SSL_free_buffers will succeed even though a record has onlybeen partially processed and the buffer is still in use.The second scenario occurs where a full record containing application data hasbeen received and processed by OpenSSL but the application has only read part ofthis data. Again a call to SSL_free_buffers will succeed even though the bufferis still in use.While these scenarios could occur accidentally during normal operation amalicious attacker could attempt to engineer a stituation where this occurs.We are not aware of this issue being actively exploited.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ardhiatno/ubimicro-fluentbit +- https://github.com/chnzzh/OpenSSL-CVE-lib +- https://github.com/h4ckm1n-dev/report-test +- https://github.com/jtgorny/cve-scanning +- https://github.com/mmbazm/secure_license_server + diff --git a/2024/CVE-2024-47523.md b/2024/CVE-2024-47523.md new file mode 100644 index 0000000000..2e368aac28 --- /dev/null +++ b/2024/CVE-2024-47523.md @@ -0,0 +1,17 @@ +### [CVE-2024-47523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47523) +![](https://img.shields.io/static/v1?label=Product&message=librenms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2024.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. + +### POC + +#### Reference +- https://github.com/librenms/librenms/security/advisories/GHSA-7f84-28qh-9486 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47524.md b/2024/CVE-2024-47524.md new file mode 100644 index 0000000000..88d0f5a03c --- /dev/null +++ b/2024/CVE-2024-47524.md @@ -0,0 +1,17 @@ +### [CVE-2024-47524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47524) +![](https://img.shields.io/static/v1?label=Product&message=librenms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2024.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0. + +### POC + +#### Reference +- https://github.com/librenms/librenms/security/advisories/GHSA-fc38-2254-48g7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47525.md b/2024/CVE-2024-47525.md new file mode 100644 index 0000000000..ec88521f8f --- /dev/null +++ b/2024/CVE-2024-47525.md @@ -0,0 +1,17 @@ +### [CVE-2024-47525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47525) +![](https://img.shields.io/static/v1?label=Product&message=librenms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2024.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. + +### POC + +#### Reference +- https://github.com/librenms/librenms/security/advisories/GHSA-j2j9-7pr6-xqwv + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47526.md b/2024/CVE-2024-47526.md new file mode 100644 index 0000000000..caa3d5e532 --- /dev/null +++ b/2024/CVE-2024-47526.md @@ -0,0 +1,17 @@ +### [CVE-2024-47526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47526) +![](https://img.shields.io/static/v1?label=Product&message=librenms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2024.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. + +### POC + +#### Reference +- https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47527.md b/2024/CVE-2024-47527.md new file mode 100644 index 0000000000..5e13daf0a6 --- /dev/null +++ b/2024/CVE-2024-47527.md @@ -0,0 +1,17 @@ +### [CVE-2024-47527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47527) +![](https://img.shields.io/static/v1?label=Product&message=librenms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2024.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0. + +### POC + +#### Reference +- https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47528.md b/2024/CVE-2024-47528.md new file mode 100644 index 0000000000..3ce7bc77eb --- /dev/null +++ b/2024/CVE-2024-47528.md @@ -0,0 +1,19 @@ +### [CVE-2024-47528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47528) +![](https://img.shields.io/static/v1?label=Product&message=librenms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2024.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%3A%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%3A%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. + +### POC + +#### Reference +- https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47529.md b/2024/CVE-2024-47529.md new file mode 100644 index 0000000000..f065f9ae56 --- /dev/null +++ b/2024/CVE-2024-47529.md @@ -0,0 +1,17 @@ +### [CVE-2024-47529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47529) +![](https://img.shields.io/static/v1?label=Product&message=cosmos&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.19.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-312%3A%20Cleartext%20Storage%20of%20Sensitive%20Information&color=brighgreen) + +### Description + +OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128). This vulnerability is fixed in 5.19.0. This only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-127_GHSL-2024-129_OpenC3_COSMOS + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47530.md b/2024/CVE-2024-47530.md new file mode 100644 index 0000000000..0d4cbd7591 --- /dev/null +++ b/2024/CVE-2024-47530.md @@ -0,0 +1,17 @@ +### [CVE-2024-47530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47530) +![](https://img.shields.io/static/v1?label=Product&message=scout&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.89%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. + +### POC + +#### Reference +- https://github.com/Clinical-Genomics/scout/security/advisories/GHSA-3x45-2m34-x95v + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47531.md b/2024/CVE-2024-47531.md new file mode 100644 index 0000000000..04ce7786a5 --- /dev/null +++ b/2024/CVE-2024-47531.md @@ -0,0 +1,17 @@ +### [CVE-2024-47531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47531) +![](https://img.shields.io/static/v1?label=Product&message=scout&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%204.88.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%3A%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89. + +### POC + +#### Reference +- https://github.com/Clinical-Genomics/scout/security/advisories/GHSA-24xv-q29v-3h6r + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47532.md b/2024/CVE-2024-47532.md new file mode 100644 index 0000000000..ad801e26c9 --- /dev/null +++ b/2024/CVE-2024-47532.md @@ -0,0 +1,17 @@ +### [CVE-2024-47532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47532) +![](https://img.shields.io/static/v1?label=Product&message=RestrictedPython&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%207.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application does not require access to the module string, it can remove it from RestrictedPython.Utilities.utility_builtins or otherwise do not make it available in the restricted execution environment. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/haiyen11231/automation-tool-for-patch-backporting + diff --git a/2024/CVE-2024-47533.md b/2024/CVE-2024-47533.md new file mode 100644 index 0000000000..f5d94b5b42 --- /dev/null +++ b/2024/CVE-2024-47533.md @@ -0,0 +1,24 @@ +### [CVE-2024-47533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47533) +![](https://img.shields.io/static/v1?label=Product&message=cobbler&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.0.0%2C%20%3C%203.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen) + +### Description + +Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue. + +### POC + +#### Reference +- https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h + +#### Github +- https://github.com/00xCanelo/CVE-2024-47533-PoC +- https://github.com/baph00met/CVE-2024-47533 +- https://github.com/dollarboysushil/CVE-2024-47533-Cobbler-XMLRPC-Authentication-Bypass-RCE-Exploit-POC +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/okkotsu1/CVE-2024-47533 +- https://github.com/zs1n/CVE-2023-46818 +- https://github.com/zs1n/CVE-2024-47533 +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-47535.md b/2024/CVE-2024-47535.md new file mode 100644 index 0000000000..4a275e07be --- /dev/null +++ b/2024/CVE-2024-47535.md @@ -0,0 +1,17 @@ +### [CVE-2024-47535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47535) +![](https://img.shields.io/static/v1?label=Product&message=netty&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.1.115%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. + +### POC + +#### Reference +- https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47536.md b/2024/CVE-2024-47536.md new file mode 100644 index 0000000000..35321feb49 --- /dev/null +++ b/2024/CVE-2024-47536.md @@ -0,0 +1,18 @@ +### [CVE-2024-47536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47536) +![](https://img.shields.io/static/v1?label=Product&message=mediawiki-skins-Citizen&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.6.3%2C%20%3C%202.31.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-80%3A%20Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brighgreen) + +### Description + +Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. This vulnerability is fixed in 2.31.0. + +### POC + +#### Reference +- https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-62r2-gcxr-426x + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47554.md b/2024/CVE-2024-47554.md new file mode 100644 index 0000000000..48ba60dbdc --- /dev/null +++ b/2024/CVE-2024-47554.md @@ -0,0 +1,17 @@ +### [CVE-2024-47554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Commons%20IO&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.0%3C%202.14.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Uncontrolled Resource Consumption vulnerability in Apache Commons IO.The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.This issue affects Apache Commons IO: from 2.0 before 2.14.0.Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/kahlai/java-micro-experiment + diff --git a/2024/CVE-2024-47575.md b/2024/CVE-2024-47575.md new file mode 100644 index 0000000000..b6c0c7a254 --- /dev/null +++ b/2024/CVE-2024-47575.md @@ -0,0 +1,39 @@ +### [CVE-2024-47575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47575) +![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen) + +### Description + +A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/12442RF/POC +- https://github.com/ARPSyndicate/cve-scores +- https://github.com/AnnnNix/CVE-2024-47575 +- https://github.com/DMW11525708/wiki +- https://github.com/Lern0n/Lernon-POC +- https://github.com/Linxloop/fork_POC +- https://github.com/SkyGodling/exploit-cve-2024-47575 +- https://github.com/Threekiii/CVE +- https://github.com/XiaomingX/awesome-cve-exp-poc +- https://github.com/XiaomingX/cve-2024-47575-exp +- https://github.com/adysec/POC +- https://github.com/eeeeeeeeee-code/POC +- https://github.com/greenberglinken/2023hvv_1 +- https://github.com/iemotion/POC +- https://github.com/krmxd/CVE-2024-47575 +- https://github.com/laoa1573/wy876 +- https://github.com/oLy0/Vulnerability +- https://github.com/plbplbp/loudong001 +- https://github.com/revanslbw/CVE-2024-47575-POC +- https://github.com/tylzars/awesome-vrre-writeups +- https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575 +- https://github.com/zhanpengliu-tencent/medium-cve +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-47595.md b/2024/CVE-2024-47595.md new file mode 100644 index 0000000000..ff7d34c8ab --- /dev/null +++ b/2024/CVE-2024-47595.md @@ -0,0 +1,17 @@ +### [CVE-2024-47595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47595) +![](https://img.shields.io/static/v1?label=Product&message=SAP%20Host%20Agent&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20SAPHOSTAGENT%207.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-266%3A%20Incorrect%20Privilege%20Assignment&color=brighgreen) + +### Description + +An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/anvilsecure/SAPCARve + diff --git a/2024/CVE-2024-4761.md b/2024/CVE-2024-4761.md index 5d5b9f0139..d4a88bebe9 100644 --- a/2024/CVE-2024-4761.md +++ b/2024/CVE-2024-4761.md @@ -15,8 +15,11 @@ No PoCs from references. #### Github - https://github.com/dan-mba/python-selenium-news - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/gmh5225/vulnjs - https://github.com/michredteam/CVE-2024-4761 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sdm313/Cyber-security-Projects - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/tanjiti/sec_profile +- https://github.com/wh1ant/vulnjs diff --git a/2024/CVE-2024-47619.md b/2024/CVE-2024-47619.md new file mode 100644 index 0000000000..4b34e0b050 --- /dev/null +++ b/2024/CVE-2024-47619.md @@ -0,0 +1,17 @@ +### [CVE-2024-47619](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619) +![](https://img.shields.io/static/v1?label=Product&message=syslog-ng&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.8.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-295%3A%20Improper%20Certificate%20Validation&color=brighgreen) + +### Description + +syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue. + +### POC + +#### Reference +- https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47637.md b/2024/CVE-2024-47637.md new file mode 100644 index 0000000000..f57e2ea1fe --- /dev/null +++ b/2024/CVE-2024-47637.md @@ -0,0 +1,17 @@ +### [CVE-2024-47637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47637) +![](https://img.shields.io/static/v1?label=Product&message=LiteSpeed%20Cache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%3A%20Relative%20Path%20Traversal&color=brighgreen) + +### Description + +: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/TaiYou-TW/TaiYou-TW + diff --git a/2024/CVE-2024-4768.md b/2024/CVE-2024-4768.md new file mode 100644 index 0000000000..5f99c997aa --- /dev/null +++ b/2024/CVE-2024-4768.md @@ -0,0 +1,20 @@ +### [CVE-2024-4768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4768) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20115.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20126%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Potential%20permissions%20request%20bypass%20via%20clickjacking&color=brighgreen) + +### Description + +A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1886082 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4769.md b/2024/CVE-2024-4769.md new file mode 100644 index 0000000000..3c3d344345 --- /dev/null +++ b/2024/CVE-2024-4769.md @@ -0,0 +1,20 @@ +### [CVE-2024-4769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4769) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20115.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20126%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-origin%20responses%20could%20be%20distinguished%20between%20script%20and%20non-script%20content-types&color=brighgreen) + +### Description + +When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1886108 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47691.md b/2024/CVE-2024-47691.md new file mode 100644 index 0000000000..0cceb2de38 --- /dev/null +++ b/2024/CVE-2024-47691.md @@ -0,0 +1,17 @@ +### [CVE-2024-47691](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47691) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=7950e9ac638e%3C%20fc18e655b62a%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()syzbot reports a f2fs bug as below: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_report+0xe8/0x550 mm/kasan/report.c:491 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline] __refcount_add include/linux/refcount.h:184 [inline] __refcount_inc include/linux/refcount.h:241 [inline] refcount_inc include/linux/refcount.h:258 [inline] get_task_struct include/linux/sched/task.h:118 [inline] kthread_stop+0xca/0x630 kernel/kthread.c:704 f2fs_stop_gc_thread+0x65/0xb0 fs/f2fs/gc.c:210 f2fs_do_shutdown+0x192/0x540 fs/f2fs/file.c:2283 f2fs_ioc_shutdown fs/f2fs/file.c:2325 [inline] __f2fs_ioctl+0x443a/0xbe60 fs/f2fs/file.c:4325 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7fThe root cause is below race condition, it may cause use-after-freeissue in sbi->gc_th pointer.- remount - f2fs_remount - f2fs_stop_gc_thread - kfree(gc_th) - f2fs_ioc_shutdown - f2fs_do_shutdown - f2fs_stop_gc_thread - kthread_stop(gc_th->f2fs_gc_task) : sbi->gc_thread = NULL;We will call f2fs_do_shutdown() in two paths:- for f2fs_ioc_shutdown() path, we should grab sb->s_umount semaphorefor fixing.- for f2fs_shutdown() path, it's safe since caller has already grabbedsb->s_umount semaphore. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bygregonline/devsec-fastapi-report + diff --git a/2024/CVE-2024-47704.md b/2024/CVE-2024-47704.md new file mode 100644 index 0000000000..20b7520305 --- /dev/null +++ b/2024/CVE-2024-47704.md @@ -0,0 +1,17 @@ +### [CVE-2024-47704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47704) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20be2ca7a2c156%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Check link_res->hpo_dp_link_enc before using it[WHAT & HOW]Functions dp_enable_link_phy and dp_disable_link_phy can pass link_reswithout initializing hpo_dp_link_enc and it is necessary to check fornull before dereferencing.This fixes 2 FORWARD_NULL issues reported by Coverity. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/w4zu/Debian_security + diff --git a/2024/CVE-2024-4773.md b/2024/CVE-2024-4773.md new file mode 100644 index 0000000000..50a9b71b15 --- /dev/null +++ b/2024/CVE-2024-4773.md @@ -0,0 +1,17 @@ +### [CVE-2024-4773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4773) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20126%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=URL%20bar%20could%20be%20cleared%20after%20network%20error&color=brighgreen) + +### Description + +When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1875248 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47730.md b/2024/CVE-2024-47730.md new file mode 100644 index 0000000000..b8c26d5f45 --- /dev/null +++ b/2024/CVE-2024-47730.md @@ -0,0 +1,17 @@ +### [CVE-2024-47730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47730) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=6c6dd5802c2d6769fa589c0e8de54299def199a7%3C%2085e81103033324d7a271dafb584991da39554a89%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:crypto: hisilicon/qm - inject error before stopping queueThe master ooo cannot be completely closed when theaccelerator core reports memory error. Therefore, the driverneeds to inject the qm error to close the master ooo. Currently,the qm error is injected after stopping queue, memory may bereleased immediately after stopping queue, causing the device toaccess the released memory. Therefore, error is injected to close masterooo before stopping queue to ensure that the device does not accessthe released memory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/dipta-roy/CVE_Info_Fetcher + diff --git a/2024/CVE-2024-47736.md b/2024/CVE-2024-47736.md new file mode 100644 index 0000000000..ff5f2f2297 --- /dev/null +++ b/2024/CVE-2024-47736.md @@ -0,0 +1,17 @@ +### [CVE-2024-47736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47736) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8e6c8fa9f2e95c88a642521a5da19a8e31748846%3C%201bf7e414cac303c9aec1be67872e19be8b64980c%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:erofs: handle overlapped pclusters out of crafted images properlysyzbot reported a task hang issue due to a deadlock case where it iswaiting for the folio lock of a cached folio that will be used forcache I/Os.After looking into the crafted fuzzed image, I found it's formed withseveral overlapped big pclusters as below: Ext: logical offset | length : physical offset | length 0: 0.. 16384 | 16384 : 151552.. 167936 | 16384 1: 16384.. 32768 | 16384 : 155648.. 172032 | 16384 2: 32768.. 49152 | 16384 : 537223168.. 537239552 | 16384...Here, extent 0/1 are physically overlapped although it's entirely_impossible_ for normal filesystem images generated by mkfs.First, managed folios containing compressed data will be marked asup-to-date and then unlocked immediately (unlike in-place folios) whencompressed I/Os are complete. If physical blocks are not submitted inthe incremental order, there should be separate BIOs to avoid dependencyissues. However, the current code mis-arranges z_erofs_fill_bio_vec()and BIO submission which causes unexpected BIO waits.Second, managed folios will be connected to their own pclusters forefficient inter-queries. However, this is somewhat hard to implementeasily if overlapped big pclusters exist. Again, these only appear infuzzed images so let's simply fall back to temporary short-lived pagesfor correctness.Additionally, it justifies that referenced managed folios cannot betruncated for now and reverts part of commit 2080ca1ed3e4 ("erofs: tidyup `struct z_erofs_bvec`") for simplicity although it shouldn't be anydifference. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oogasawa/Utility-security + diff --git a/2024/CVE-2024-4775.md b/2024/CVE-2024-4775.md new file mode 100644 index 0000000000..2216d20f7a --- /dev/null +++ b/2024/CVE-2024-4775.md @@ -0,0 +1,17 @@ +### [CVE-2024-4775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4775) +![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20126%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Invalid%20memory%20access%20in%20the%20built-in%20profiler&color=brighgreen) + +### Description + +An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126. + +### POC + +#### Reference +- https://bugzilla.mozilla.org/show_bug.cgi?id=1887332 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47764.md b/2024/CVE-2024-47764.md new file mode 100644 index 0000000000..8f291c6db1 --- /dev/null +++ b/2024/CVE-2024-47764.md @@ -0,0 +1,17 @@ +### [CVE-2024-47764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47764) +![](https://img.shields.io/static/v1?label=Product&message=cookie&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) + +### Description + +cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/andrewbearsley/lacework-sca-scan-example + diff --git a/2024/CVE-2024-47765.md b/2024/CVE-2024-47765.md new file mode 100644 index 0000000000..aa09f9b1f9 --- /dev/null +++ b/2024/CVE-2024-47765.md @@ -0,0 +1,18 @@ +### [CVE-2024-47765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47765) +![](https://img.shields.io/static/v1?label=Product&message=MinecraftMotdParser&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-80%3A%20Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brighgreen) + +### Description + +Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6. + +### POC + +#### Reference +- https://github.com/jgniecki/MinecraftMotdParser/security/advisories/GHSA-q898-frwq-f3qp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47769.md b/2024/CVE-2024-47769.md new file mode 100644 index 0000000000..c026e9d4d9 --- /dev/null +++ b/2024/CVE-2024-47769.md @@ -0,0 +1,18 @@ +### [CVE-2024-47769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47769) +![](https://img.shields.io/static/v1?label=Product&message=idurar-erp-crm&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%204.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%3A%20Relative%20Path%20Traversal&color=brighgreen) + +### Description + +IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. + +### POC + +#### Reference +- https://github.com/idurar/idurar-erp-crm/security/advisories/GHSA-948g-2vm7-mfv7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47770.md b/2024/CVE-2024-47770.md new file mode 100644 index 0000000000..fa6ecb8c51 --- /dev/null +++ b/2024/CVE-2024-47770.md @@ -0,0 +1,17 @@ +### [CVE-2024-47770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47770) +![](https://img.shields.io/static/v1?label=Product&message=wazuh&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.9.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brighgreen) + +### Description + +Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47773.md b/2024/CVE-2024-47773.md new file mode 100644 index 0000000000..179ead4c59 --- /dev/null +++ b/2024/CVE-2024-47773.md @@ -0,0 +1,17 @@ +### [CVE-2024-47773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47773) +![](https://img.shields.io/static/v1?label=Product&message=discourse&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20stable%3A%20%3C%203.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-610%3A%20Externally%20Controlled%20Reference%20to%20a%20Resource%20in%20Another%20Sphere&color=brighgreen) + +### Description + +Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ibrahmsql/CVE-2024-47773 + diff --git a/2024/CVE-2024-47796.md b/2024/CVE-2024-47796.md new file mode 100644 index 0000000000..f929126135 --- /dev/null +++ b/2024/CVE-2024-47796.md @@ -0,0 +1,17 @@ +### [CVE-2024-47796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47796) +![](https://img.shields.io/static/v1?label=Product&message=DCMTK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.6.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%3A%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. + +### POC + +#### Reference +- https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47799.md b/2024/CVE-2024-47799.md new file mode 100644 index 0000000000..4773d9f501 --- /dev/null +++ b/2024/CVE-2024-47799.md @@ -0,0 +1,17 @@ +### [CVE-2024-47799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47799) +![](https://img.shields.io/static/v1?label=Product&message=Mesh%20Wi-Fi%20router%20RP562B&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20firmware%20version%20v1.0.2%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20sensitive%20system%20information%20to%20an%20unauthorized%20control%20sphere&color=brighgreen) + +### Description + +Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xNslabs/SoftBankMeshAPI + diff --git a/2024/CVE-2024-4781.md b/2024/CVE-2024-4781.md index f6ef37435c..a1f5f5cbf7 100644 --- a/2024/CVE-2024-4781.md +++ b/2024/CVE-2024-4781.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/s0uthwood/netpuzz diff --git a/2024/CVE-2024-47810.md b/2024/CVE-2024-47810.md new file mode 100644 index 0000000000..bfc9feaef0 --- /dev/null +++ b/2024/CVE-2024-47810.md @@ -0,0 +1,17 @@ +### [CVE-2024-47810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47810) +![](https://img.shields.io/static/v1?label=Product&message=Foxit%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202024.3.0.26795%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47814.md b/2024/CVE-2024-47814.md new file mode 100644 index 0000000000..9432699c14 --- /dev/null +++ b/2024/CVE-2024-47814.md @@ -0,0 +1,17 @@ +### [CVE-2024-47814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47814) +![](https://img.shields.io/static/v1?label=Product&message=vim&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20v9.1.0764%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen) + +### Description + +Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg + +#### Github +- https://github.com/gandalf4a/crash_report + diff --git a/2024/CVE-2024-47817.md b/2024/CVE-2024-47817.md new file mode 100644 index 0000000000..809088d099 --- /dev/null +++ b/2024/CVE-2024-47817.md @@ -0,0 +1,17 @@ +### [CVE-2024-47817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47817) +![](https://img.shields.io/static/v1?label=Product&message=dynamic-dashboard&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20lara-zeus%2Fdynamic-dashboard%3A%20%3E%3D%203.0.0%2C%20%3C%203.0.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/lara-zeus/dynamic-dashboard/security/advisories/GHSA-c6cw-g7fc-4gwc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47818.md b/2024/CVE-2024-47818.md new file mode 100644 index 0000000000..2977698a64 --- /dev/null +++ b/2024/CVE-2024-47818.md @@ -0,0 +1,17 @@ +### [CVE-2024-47818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47818) +![](https://img.shields.io/static/v1?label=Product&message=saltcorn&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.0.0-beta.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/saltcorn/saltcorn/security/advisories/GHSA-43f3-h63w-p6f6 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-4782.md b/2024/CVE-2024-4782.md index fe84d6237b..204714d221 100644 --- a/2024/CVE-2024-4782.md +++ b/2024/CVE-2024-4782.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/s0uthwood/netpuzz diff --git a/2024/CVE-2024-47821.md b/2024/CVE-2024-47821.md new file mode 100644 index 0000000000..2fdcc97525 --- /dev/null +++ b/2024/CVE-2024-47821.md @@ -0,0 +1,17 @@ +### [CVE-2024-47821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47821) +![](https://img.shields.io/static/v1?label=Product&message=pyload&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.5.0b3.dev87%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue. + +### POC + +#### Reference +- https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47822.md b/2024/CVE-2024-47822.md new file mode 100644 index 0000000000..1591405226 --- /dev/null +++ b/2024/CVE-2024-47822.md @@ -0,0 +1,17 @@ +### [CVE-2024-47822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47822) +![](https://img.shields.io/static/v1?label=Product&message=directus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2010.13.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/directus/directus/security/advisories/GHSA-vw58-ph65-6rxp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47823.md b/2024/CVE-2024-47823.md new file mode 100644 index 0000000000..7ecef37e33 --- /dev/null +++ b/2024/CVE-2024-47823.md @@ -0,0 +1,17 @@ +### [CVE-2024-47823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47823) +![](https://img.shields.io/static/v1?label=Product&message=livewire&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.0.0-beta.1%2C%20%3C%203.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute “.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47827.md b/2024/CVE-2024-47827.md new file mode 100644 index 0000000000..f27dfc1e77 --- /dev/null +++ b/2024/CVE-2024-47827.md @@ -0,0 +1,18 @@ +### [CVE-2024-47827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47827) +![](https://img.shields.io/static/v1?label=Product&message=argo-workflows&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.6.0-rc1%2C%20%3C%203.6.0-rc2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1108%3A%20Excessive%20Reliance%20on%20Global%20Variables&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-362%3A%20Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization%20('Race%20Condition')&color=brighgreen) + +### Description + +Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2. + +### POC + +#### Reference +- https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47828.md b/2024/CVE-2024-47828.md new file mode 100644 index 0000000000..5b82c5b943 --- /dev/null +++ b/2024/CVE-2024-47828.md @@ -0,0 +1,17 @@ +### [CVE-2024-47828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47828) +![](https://img.shields.io/static/v1?label=Product&message=ampache&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%206.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent. + +### POC + +#### Reference +- https://github.com/ampache/ampache/security/advisories/GHSA-p9cq-2qph-55f2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47830.md b/2024/CVE-2024-47830.md new file mode 100644 index 0000000000..5c5a4b8d34 --- /dev/null +++ b/2024/CVE-2024-47830.md @@ -0,0 +1,17 @@ +### [CVE-2024-47830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47830) +![](https://img.shields.io/static/v1?label=Product&message=plane&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.23.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. + +### POC + +#### Reference +- https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348 + +#### Github +- https://github.com/Sim4n6/Sim4n6 + diff --git a/2024/CVE-2024-47833.md b/2024/CVE-2024-47833.md new file mode 100644 index 0000000000..01d1ea850c --- /dev/null +++ b/2024/CVE-2024-47833.md @@ -0,0 +1,18 @@ +### [CVE-2024-47833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47833) +![](https://img.shields.io/static/v1?label=Product&message=taipy&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1004%3A%20Sensitive%20Cookie%20Without%20'HttpOnly'%20Flag&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-614%3A%20Sensitive%20Cookie%20in%20HTTPS%20Session%20Without%20'Secure'%20Attribute&color=brighgreen) + +### Description + +Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp + +#### Github +- https://github.com/mbiesiad/security-hall-of-fame-mb + diff --git a/2024/CVE-2024-47836.md b/2024/CVE-2024-47836.md new file mode 100644 index 0000000000..407bbc2895 --- /dev/null +++ b/2024/CVE-2024-47836.md @@ -0,0 +1,17 @@ +### [CVE-2024-47836](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47836) +![](https://img.shields.io/static/v1?label=Product&message=admidio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.3.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue. + +### POC + +#### Reference +- https://github.com/Admidio/admidio/security/advisories/GHSA-7c4c-749j-pfp2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4785.md b/2024/CVE-2024-4785.md new file mode 100644 index 0000000000..1b72278aec --- /dev/null +++ b/2024/CVE-2024-4785.md @@ -0,0 +1,18 @@ +### [CVE-2024-4785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4785) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%3A%20NULL%20Pointer%20Dereference&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Divide%20By%20Zero&color=brighgreen) + +### Description + +BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/zoolab-org/blueman.artifact + diff --git a/2024/CVE-2024-47850.md b/2024/CVE-2024-47850.md new file mode 100644 index 0000000000..6145fb68a2 --- /dev/null +++ b/2024/CVE-2024-47850.md @@ -0,0 +1,17 @@ +### [CVE-2024-47850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47850) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) + +### POC + +#### Reference +- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47854.md b/2024/CVE-2024-47854.md new file mode 100644 index 0000000000..5a50968847 --- /dev/null +++ b/2024/CVE-2024-47854.md @@ -0,0 +1,17 @@ +### [CVE-2024-47854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47854) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/MarioTesoro/CVE-2024-47854 + diff --git a/2024/CVE-2024-47865.md b/2024/CVE-2024-47865.md new file mode 100644 index 0000000000..4a1c3fb7ba --- /dev/null +++ b/2024/CVE-2024-47865.md @@ -0,0 +1,17 @@ +### [CVE-2024-47865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47865) +![](https://img.shields.io/static/v1?label=Product&message=Rakuten%20Turbo%205G&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20V1.3.18%20and%20earlier%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20authentication%20for%20critical%20function&color=brighgreen) + +### Description + +Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0xNslabs/Rakuten5GTurboAPI + diff --git a/2024/CVE-2024-47873.md b/2024/CVE-2024-47873.md new file mode 100644 index 0000000000..2c959ae016 --- /dev/null +++ b/2024/CVE-2024-47873.md @@ -0,0 +1,17 @@ +### [CVE-2024-47873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47873) +![](https://img.shields.io/static/v1?label=Product&message=PhpSpreadsheet&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.29.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%3A%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue. + +### POC + +#### Reference +- https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-jw4x-v69f-hh5w + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-47874.md b/2024/CVE-2024-47874.md new file mode 100644 index 0000000000..34a0dbc1a3 --- /dev/null +++ b/2024/CVE-2024-47874.md @@ -0,0 +1,22 @@ +### [CVE-2024-47874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47874) +![](https://img.shields.io/static/v1?label=Product&message=starlette&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.40.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. Verison 0.40.0 fixes this issue. + +### POC + +#### Reference +- https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw + +#### Github +- https://github.com/Giovanni26101982/Grupo4_Docker_Tarea3 +- https://github.com/Oscar112248/Grupo4_Docker_Tarea3 +- https://github.com/PaulJara84/Grupo4_Docker_Tarea3 +- https://github.com/TinchoXD/Grupo4_Docker_Tarea3 +- https://github.com/acureno85/sentinelcomply-lab +- https://github.com/m-abdallah99/fastapi-app + diff --git a/2024/CVE-2024-47875.md b/2024/CVE-2024-47875.md new file mode 100644 index 0000000000..14b41729c3 --- /dev/null +++ b/2024/CVE-2024-47875.md @@ -0,0 +1,18 @@ +### [CVE-2024-47875](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875) +![](https://img.shields.io/static/v1?label=Product&message=DOMPurify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.5.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. + +### POC + +#### Reference +- https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf + +#### Github +- https://github.com/roj1py/CVE-2024-47875-PhpSpreadsheet-XSS-PoC +- https://github.com/zulloper/cve-poc + diff --git a/2024/CVE-2024-47878.md b/2024/CVE-2024-47878.md new file mode 100644 index 0000000000..7af3074720 --- /dev/null +++ b/2024/CVE-2024-47878.md @@ -0,0 +1,17 @@ +### [CVE-2024-47878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47878) +![](https://img.shields.io/static/v1?label=Product&message=OpenRefine&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.8.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `