From 29e3b41afa067cb57b3fa37668bb5fbebcfee49b Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Thu, 19 Jan 2023 21:33:38 +0900 Subject: [PATCH] Auto Update 2023/01/19 12:33:38 --- 2016/CVE-2016-5195.json | 8 +++--- 2016/CVE-2016-8858.json | 8 +++--- 2019/CVE-2019-17558.json | 8 +++--- 2019/CVE-2019-5418.json | 2 +- 2020/CVE-2020-12351.json | 4 +-- 2020/CVE-2020-14882.json | 8 +++--- 2020/CVE-2020-35846.json | 8 +++--- 2021/CVE-2021-31800.json | 37 +++++++++++++++++++++++++ 2021/CVE-2021-34527.json | 8 +++--- 2021/CVE-2021-41773.json | 2 +- 2022/CVE-2022-0543.json | 8 +++--- 2022/CVE-2022-0847.json | 8 +++--- 2022/CVE-2022-1040.json | 4 +-- 2022/CVE-2022-20452.json | 2 +- 2022/CVE-2022-22536.json | 4 +-- 2022/CVE-2022-22965.json | 4 +-- 2022/CVE-2022-23521.json | 30 ++++++++++---------- 2022/CVE-2022-2588.json | 12 ++++---- 2022/CVE-2022-26134.json | 8 +++--- 2022/CVE-2022-34169.json | 8 +++--- 2022/CVE-2022-37332.json | 4 +-- 2022/CVE-2022-40684.json | 8 +++--- 2022/CVE-2022-45934.json | 31 +++++++++++++++++++++ 2022/CVE-2022-46463.json | 33 ++-------------------- 2022/CVE-2022-46689.json | 30 ++++++++++---------- 2022/CVE-2022-47966.json | 60 ++++++++++++++++++++++++++++++++++++++++ 2023/CVE-2023-21752.json | 8 +++--- README.md | 21 ++++++++++++-- 28 files changed, 246 insertions(+), 130 deletions(-) create mode 100644 2022/CVE-2022-45934.json create mode 100644 2022/CVE-2022-47966.json diff --git a/2016/CVE-2016-5195.json b/2016/CVE-2016-5195.json index 19ffb2b15b..e9d124373a 100644 --- a/2016/CVE-2016-5195.json +++ b/2016/CVE-2016-5195.json @@ -71,10 +71,10 @@ "description": "CVE-2016-5195 (dirtycow\/dirtyc0w) proof of concept for Android", "fork": false, "created_at": "2016-10-21T11:19:21Z", - "updated_at": "2023-01-17T12:44:17Z", + "updated_at": "2023-01-19T11:38:19Z", "pushed_at": "2021-02-03T16:03:40Z", - "stargazers_count": 915, - "watchers_count": 915, + "stargazers_count": 916, + "watchers_count": 916, "has_discussions": false, "forks_count": 409, "allow_forking": true, @@ -83,7 +83,7 @@ "topics": [], "visibility": "public", "forks": 409, - "watchers": 915, + "watchers": 916, "score": 0 }, { diff --git a/2016/CVE-2016-8858.json b/2016/CVE-2016-8858.json index 43911f9936..0af3c4b2a0 100644 --- a/2016/CVE-2016-8858.json +++ b/2016/CVE-2016-8858.json @@ -13,10 +13,10 @@ "description": "Proof of concept for CVE-2016-8858", "fork": false, "created_at": "2016-11-03T16:10:47Z", - "updated_at": "2021-08-07T15:43:19Z", + "updated_at": "2023-01-19T08:00:21Z", "pushed_at": "2018-09-17T13:51:37Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 6, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 4, + "watchers": 5, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index 5093e54b43..fa41e529be 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -42,10 +42,10 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2023-01-19T05:57:17Z", + "updated_at": "2023-01-19T08:49:21Z", "pushed_at": "2021-04-04T09:13:57Z", - "stargazers_count": 3658, - "watchers_count": 3658, + "stargazers_count": 3659, + "watchers_count": 3659, "has_discussions": false, "forks_count": 1052, "allow_forking": true, @@ -74,7 +74,7 @@ ], "visibility": "public", "forks": 1052, - "watchers": 3658, + "watchers": 3659, "score": 0 }, { diff --git a/2019/CVE-2019-5418.json b/2019/CVE-2019-5418.json index fa1d262c37..b671dda856 100644 --- a/2019/CVE-2019-5418.json +++ b/2019/CVE-2019-5418.json @@ -107,7 +107,7 @@ "fork": false, "created_at": "2019-03-23T02:52:31Z", "updated_at": "2022-12-10T01:50:20Z", - "pushed_at": "2022-12-14T05:21:32Z", + "pushed_at": "2023-01-19T12:13:40Z", "stargazers_count": 121, "watchers_count": 121, "has_discussions": false, diff --git a/2020/CVE-2020-12351.json b/2020/CVE-2020-12351.json index a0c9cc15ea..09c6c9c851 100644 --- a/2020/CVE-2020-12351.json +++ b/2020/CVE-2020-12351.json @@ -18,13 +18,13 @@ "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 2, "score": 0 } diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index 968c5b76af..27e15476b4 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -13,10 +13,10 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2023-01-19T05:57:17Z", + "updated_at": "2023-01-19T08:49:21Z", "pushed_at": "2021-04-04T09:13:57Z", - "stargazers_count": 3658, - "watchers_count": 3658, + "stargazers_count": 3659, + "watchers_count": 3659, "has_discussions": false, "forks_count": 1052, "allow_forking": true, @@ -45,7 +45,7 @@ ], "visibility": "public", "forks": 1052, - "watchers": 3658, + "watchers": 3659, "score": 0 }, { diff --git a/2020/CVE-2020-35846.json b/2020/CVE-2020-35846.json index b137133531..81649e372e 100644 --- a/2020/CVE-2020-35846.json +++ b/2020/CVE-2020-35846.json @@ -13,10 +13,10 @@ "description": "Python PoC for CVE-2020-35846 targeting Cockpit 0.11.1", "fork": false, "created_at": "2021-07-25T05:05:14Z", - "updated_at": "2022-11-27T13:03:41Z", + "updated_at": "2023-01-19T09:01:36Z", "pushed_at": "2021-07-25T05:28:51Z", - "stargazers_count": 14, - "watchers_count": 14, + "stargazers_count": 15, + "watchers_count": 15, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 5, - "watchers": 14, + "watchers": 15, "score": 0 }, { diff --git a/2021/CVE-2021-31800.json b/2021/CVE-2021-31800.json index 055fde39ee..85d43853d6 100644 --- a/2021/CVE-2021-31800.json +++ b/2021/CVE-2021-31800.json @@ -1,4 +1,41 @@ [ + { + "id": 529954227, + "name": "CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write", + "full_name": "p0dalirius\/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write", + "owner": { + "login": "p0dalirius", + "id": 79218792, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79218792?v=4", + "html_url": "https:\/\/github.com\/p0dalirius" + }, + "html_url": "https:\/\/github.com\/p0dalirius\/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write", + "description": "A path traversal in smbserver.py allows an attacker to read\/write arbitrary files on the server.", + "fork": false, + "created_at": "2022-08-28T19:04:46Z", + "updated_at": "2023-01-19T11:08:52Z", + "pushed_at": "2023-01-19T11:06:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "arbitrary", + "cve-2021-31800", + "file", + "impacket", + "read", + "smbserver", + "write" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 531854393, "name": "CVE-2021-31800", diff --git a/2021/CVE-2021-34527.json b/2021/CVE-2021-34527.json index 403546b73d..fb4178bf2b 100644 --- a/2021/CVE-2021-34527.json +++ b/2021/CVE-2021-34527.json @@ -179,10 +179,10 @@ "description": "PrintNightmare (CVE-2021-34527) PoC Exploit", "fork": false, "created_at": "2022-08-23T20:20:45Z", - "updated_at": "2023-01-17T13:04:52Z", + "updated_at": "2023-01-19T06:44:58Z", "pushed_at": "2022-12-17T16:10:46Z", - "stargazers_count": 62, - "watchers_count": 62, + "stargazers_count": 63, + "watchers_count": 63, "has_discussions": false, "forks_count": 14, "allow_forking": true, @@ -191,7 +191,7 @@ "topics": [], "visibility": "public", "forks": 14, - "watchers": 62, + "watchers": 63, "score": 0 }, { diff --git a/2021/CVE-2021-41773.json b/2021/CVE-2021-41773.json index ed026de7d5..4ddc5a6d9e 100644 --- a/2021/CVE-2021-41773.json +++ b/2021/CVE-2021-41773.json @@ -3306,7 +3306,7 @@ "description": "Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013)", "fork": false, "created_at": "2022-11-22T14:09:18Z", - "updated_at": "2022-11-22T16:30:39Z", + "updated_at": "2023-01-19T08:25:10Z", "pushed_at": "2022-11-22T14:42:10Z", "stargazers_count": 2, "watchers_count": 2, diff --git a/2022/CVE-2022-0543.json b/2022/CVE-2022-0543.json index a1acf6cf58..1e539fdd01 100644 --- a/2022/CVE-2022-0543.json +++ b/2022/CVE-2022-0543.json @@ -18,13 +18,13 @@ "stargazers_count": 74, "watchers_count": 74, "has_discussions": false, - "forks_count": 29, + "forks_count": 30, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 29, + "forks": 30, "watchers": 74, "score": 0 }, @@ -47,13 +47,13 @@ "stargazers_count": 19, "watchers_count": 19, "has_discussions": false, - "forks_count": 11, + "forks_count": 12, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 11, + "forks": 12, "watchers": 19, "score": 0 }, diff --git a/2022/CVE-2022-0847.json b/2022/CVE-2022-0847.json index 93222644b8..8c1005a1e7 100644 --- a/2022/CVE-2022-0847.json +++ b/2022/CVE-2022-0847.json @@ -129,10 +129,10 @@ "description": "A root exploit for CVE-2022-0847 (Dirty Pipe)", "fork": false, "created_at": "2022-03-07T18:55:20Z", - "updated_at": "2023-01-09T10:15:52Z", + "updated_at": "2023-01-19T09:20:04Z", "pushed_at": "2022-03-08T06:20:05Z", - "stargazers_count": 1005, - "watchers_count": 1005, + "stargazers_count": 1006, + "watchers_count": 1006, "has_discussions": false, "forks_count": 218, "allow_forking": true, @@ -141,7 +141,7 @@ "topics": [], "visibility": "public", "forks": 218, - "watchers": 1005, + "watchers": 1006, "score": 0 }, { diff --git a/2022/CVE-2022-1040.json b/2022/CVE-2022-1040.json index 0165255d83..9f40f0c4f6 100644 --- a/2022/CVE-2022-1040.json +++ b/2022/CVE-2022-1040.json @@ -85,13 +85,13 @@ "stargazers_count": 12, "watchers_count": 12, "has_discussions": false, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 12, "score": 0 }, diff --git a/2022/CVE-2022-20452.json b/2022/CVE-2022-20452.json index 0a2c021d24..a34cc63417 100644 --- a/2022/CVE-2022-20452.json +++ b/2022/CVE-2022-20452.json @@ -13,7 +13,7 @@ "description": "Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()", "fork": false, "created_at": "2023-01-10T16:24:51Z", - "updated_at": "2023-01-19T04:17:20Z", + "updated_at": "2023-01-19T07:55:09Z", "pushed_at": "2023-01-10T16:25:49Z", "stargazers_count": 117, "watchers_count": 117, diff --git a/2022/CVE-2022-22536.json b/2022/CVE-2022-22536.json index 54381b7285..550733d6b5 100644 --- a/2022/CVE-2022-22536.json +++ b/2022/CVE-2022-22536.json @@ -18,13 +18,13 @@ "stargazers_count": 50, "watchers_count": 50, "has_discussions": false, - "forks_count": 15, + "forks_count": 16, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 15, + "forks": 16, "watchers": 50, "score": 0 }, diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index 323f87b6a4..8992ef051c 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -547,13 +547,13 @@ "stargazers_count": 73, "watchers_count": 73, "has_discussions": false, - "forks_count": 15, + "forks_count": 16, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 15, + "forks": 16, "watchers": 73, "score": 0 }, diff --git a/2022/CVE-2022-23521.json b/2022/CVE-2022-23521.json index ec34dac367..7806cf3c4f 100644 --- a/2022/CVE-2022-23521.json +++ b/2022/CVE-2022-23521.json @@ -1,22 +1,22 @@ [ { - "id": 590400210, - "name": "git-crasher-poc-cve-2022-23521", - "full_name": "jfrog\/git-crasher-poc-cve-2022-23521", + "id": 590864009, + "name": "CVE-2022-23521", + "full_name": "0xDSousa\/CVE-2022-23521", "owner": { - "login": "jfrog", - "id": 499942, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/499942?v=4", - "html_url": "https:\/\/github.com\/jfrog" + "login": "0xDSousa", + "id": 30153603, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30153603?v=4", + "html_url": "https:\/\/github.com\/0xDSousa" }, - "html_url": "https:\/\/github.com\/jfrog\/git-crasher-poc-cve-2022-23521", - "description": null, + "html_url": "https:\/\/github.com\/0xDSousa\/CVE-2022-23521", + "description": "Truncated Allocation Leading to Out of Bounds Write Via Large Number of Attributes", "fork": false, - "created_at": "2023-01-18T10:27:34Z", - "updated_at": "2023-01-18T19:55:18Z", - "pushed_at": "2023-01-18T10:27:35Z", - "stargazers_count": 1, - "watchers_count": 1, + "created_at": "2023-01-19T11:50:21Z", + "updated_at": "2023-01-19T11:50:21Z", + "pushed_at": "2023-01-19T11:50:21Z", + "stargazers_count": 0, + "watchers_count": 0, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 0, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-2588.json b/2022/CVE-2022-2588.json index d25adc201c..440d928612 100644 --- a/2022/CVE-2022-2588.json +++ b/2022/CVE-2022-2588.json @@ -13,19 +13,19 @@ "description": "exploit for CVE-2022-2588", "fork": false, "created_at": "2022-08-11T06:01:24Z", - "updated_at": "2023-01-11T09:03:03Z", + "updated_at": "2023-01-19T10:15:27Z", "pushed_at": "2022-10-27T16:35:08Z", - "stargazers_count": 404, - "watchers_count": 404, + "stargazers_count": 405, + "watchers_count": 405, "has_discussions": false, - "forks_count": 54, + "forks_count": 53, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 54, - "watchers": 404, + "forks": 53, + "watchers": 405, "score": 0 }, { diff --git a/2022/CVE-2022-26134.json b/2022/CVE-2022-26134.json index 7003b64cd9..6f3fea5534 100644 --- a/2022/CVE-2022-26134.json +++ b/2022/CVE-2022-26134.json @@ -1920,10 +1920,10 @@ "description": null, "fork": false, "created_at": "2023-01-15T20:11:27Z", - "updated_at": "2023-01-15T22:05:28Z", + "updated_at": "2023-01-19T09:17:14Z", "pushed_at": "2023-01-15T20:14:57Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -1932,7 +1932,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-34169.json b/2022/CVE-2022-34169.json index 1f75452ce0..d4f61b6900 100644 --- a/2022/CVE-2022-34169.json +++ b/2022/CVE-2022-34169.json @@ -42,10 +42,10 @@ "description": "cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件", "fork": false, "created_at": "2023-01-17T03:48:11Z", - "updated_at": "2023-01-18T15:40:55Z", + "updated_at": "2023-01-19T10:51:27Z", "pushed_at": "2023-01-17T12:27:08Z", - "stargazers_count": 28, - "watchers_count": 28, + "stargazers_count": 30, + "watchers_count": 30, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -54,7 +54,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 28, + "watchers": 30, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-37332.json b/2022/CVE-2022-37332.json index 94bb84ab18..d642a7b970 100644 --- a/2022/CVE-2022-37332.json +++ b/2022/CVE-2022-37332.json @@ -18,13 +18,13 @@ "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 0, "score": 0 } diff --git a/2022/CVE-2022-40684.json b/2022/CVE-2022-40684.json index 6fb8799f33..01ddd0eb06 100644 --- a/2022/CVE-2022-40684.json +++ b/2022/CVE-2022-40684.json @@ -13,10 +13,10 @@ "description": "A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager", "fork": false, "created_at": "2022-10-13T14:24:12Z", - "updated_at": "2023-01-17T08:24:42Z", + "updated_at": "2023-01-19T07:46:35Z", "pushed_at": "2022-10-13T15:25:00Z", - "stargazers_count": 300, - "watchers_count": 300, + "stargazers_count": 301, + "watchers_count": 301, "has_discussions": false, "forks_count": 89, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 89, - "watchers": 300, + "watchers": 301, "score": 0 }, { diff --git a/2022/CVE-2022-45934.json b/2022/CVE-2022-45934.json new file mode 100644 index 0000000000..3c17c0ff83 --- /dev/null +++ b/2022/CVE-2022-45934.json @@ -0,0 +1,31 @@ +[ + { + "id": 590866603, + "name": "linux-4.19.72_CVE-2022-45934", + "full_name": "Trinadh465\/linux-4.19.72_CVE-2022-45934", + "owner": { + "login": "Trinadh465", + "id": 102574296, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102574296?v=4", + "html_url": "https:\/\/github.com\/Trinadh465" + }, + "html_url": "https:\/\/github.com\/Trinadh465\/linux-4.19.72_CVE-2022-45934", + "description": null, + "fork": false, + "created_at": "2023-01-19T11:58:08Z", + "updated_at": "2023-01-19T12:12:29Z", + "pushed_at": "2023-01-19T12:09:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-46463.json b/2022/CVE-2022-46463.json index daa6c916f5..dfc4912552 100644 --- a/2022/CVE-2022-46463.json +++ b/2022/CVE-2022-46463.json @@ -47,43 +47,14 @@ "stargazers_count": 3, "watchers_count": 3, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 3, "score": 0 - }, - { - "id": 590343306, - "name": "CVE-2022-46463", - "full_name": "lanqingaa\/CVE-2022-46463", - "owner": { - "login": "lanqingaa", - "id": 94030940, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/94030940?v=4", - "html_url": "https:\/\/github.com\/lanqingaa" - }, - "html_url": "https:\/\/github.com\/lanqingaa\/CVE-2022-46463", - "description": null, - "fork": false, - "created_at": "2023-01-18T07:34:58Z", - "updated_at": "2023-01-18T07:34:58Z", - "pushed_at": "2023-01-18T07:35:29Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-46689.json b/2022/CVE-2022-46689.json index 70b4b2abe7..72779a25e9 100644 --- a/2022/CVE-2022-46689.json +++ b/2022/CVE-2022-46689.json @@ -71,19 +71,19 @@ "description": "Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.", "fork": false, "created_at": "2022-12-26T06:56:35Z", - "updated_at": "2023-01-18T17:45:52Z", + "updated_at": "2023-01-19T09:08:07Z", "pushed_at": "2023-01-06T06:31:57Z", - "stargazers_count": 621, - "watchers_count": 621, + "stargazers_count": 622, + "watchers_count": 622, "has_discussions": false, - "forks_count": 42, + "forks_count": 43, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 42, - "watchers": 621, + "forks": 43, + "watchers": 622, "score": 0 }, { @@ -129,8 +129,8 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2023-01-03T21:46:37Z", - "updated_at": "2023-01-18T20:40:23Z", - "pushed_at": "2023-01-18T20:22:31Z", + "updated_at": "2023-01-19T08:03:41Z", + "pushed_at": "2023-01-19T08:04:02Z", "stargazers_count": 50, "watchers_count": 50, "has_discussions": false, @@ -158,8 +158,8 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2023-01-04T05:08:20Z", - "updated_at": "2023-01-17T15:56:19Z", - "pushed_at": "2023-01-18T20:18:14Z", + "updated_at": "2023-01-19T08:12:23Z", + "pushed_at": "2023-01-19T08:12:40Z", "stargazers_count": 28, "watchers_count": 28, "has_discussions": false, @@ -221,10 +221,10 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2023-01-05T21:50:25Z", - "updated_at": "2023-01-19T03:29:17Z", - "pushed_at": "2023-01-18T20:12:54Z", - "stargazers_count": 97, - "watchers_count": 97, + "updated_at": "2023-01-19T07:25:20Z", + "pushed_at": "2023-01-19T10:24:20Z", + "stargazers_count": 98, + "watchers_count": 98, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -235,7 +235,7 @@ ], "visibility": "public", "forks": 4, - "watchers": 97, + "watchers": 98, "score": 0 }, { diff --git a/2022/CVE-2022-47966.json b/2022/CVE-2022-47966.json new file mode 100644 index 0000000000..89dc1df013 --- /dev/null +++ b/2022/CVE-2022-47966.json @@ -0,0 +1,60 @@ +[ + { + "id": 590840796, + "name": "CVE-2022-47966-RCE-PoC", + "full_name": "ralph-morrinson\/CVE-2022-47966-RCE-PoC", + "owner": { + "login": "ralph-morrinson", + "id": 123068091, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/123068091?v=4", + "html_url": "https:\/\/github.com\/ralph-morrinson" + }, + "html_url": "https:\/\/github.com\/ralph-morrinson\/CVE-2022-47966-RCE-PoC", + "description": "CVE-2022-47966 ManageEngine unauthenticated RCE exploit via the SAML request,", + "fork": false, + "created_at": "2023-01-19T10:41:26Z", + "updated_at": "2023-01-19T10:41:26Z", + "pushed_at": "2023-01-19T10:49:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 590861031, + "name": "PoC-for-ME-SAML-Vulnerability", + "full_name": "shameem-testing\/PoC-for-ME-SAML-Vulnerability", + "owner": { + "login": "shameem-testing", + "id": 83210904, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/83210904?v=4", + "html_url": "https:\/\/github.com\/shameem-testing" + }, + "html_url": "https:\/\/github.com\/shameem-testing\/PoC-for-ME-SAML-Vulnerability", + "description": "PoC for cve-2022-47966", + "fork": false, + "created_at": "2023-01-19T11:41:05Z", + "updated_at": "2023-01-19T11:41:05Z", + "pushed_at": "2023-01-19T12:29:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2023/CVE-2023-21752.json b/2023/CVE-2023-21752.json index 808730662e..839fadf3ba 100644 --- a/2023/CVE-2023-21752.json +++ b/2023/CVE-2023-21752.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2023-01-10T15:59:26Z", - "updated_at": "2023-01-19T04:51:48Z", + "updated_at": "2023-01-19T11:50:54Z", "pushed_at": "2023-01-13T09:01:20Z", - "stargazers_count": 209, - "watchers_count": 209, + "stargazers_count": 211, + "watchers_count": 211, "has_discussions": false, "forks_count": 44, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 44, - "watchers": 209, + "watchers": 211, "score": 0 } ] \ No newline at end of file diff --git a/README.md b/README.md index a78a7ec275..6adb4bdd34 100644 --- a/README.md +++ b/README.md @@ -1755,7 +1755,7 @@ A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of Ta Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue. -- [jfrog/git-crasher-poc-cve-2022-23521](https://github.com/jfrog/git-crasher-poc-cve-2022-23521) +- [0xDSousa/CVE-2022-23521](https://github.com/0xDSousa/CVE-2022-23521) ### CVE-2022-23529 (2022-12-21) @@ -5125,6 +5125,14 @@ An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escal - [p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE](https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE) +### CVE-2022-45934 (2022-11-26) + + +An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. + + +- [Trinadh465/linux-4.19.72_CVE-2022-45934](https://github.com/Trinadh465/linux-4.19.72_CVE-2022-45934) + ### CVE-2022-46104 - [NurSec747/CVE-2022-46104---POC](https://github.com/NurSec747/CVE-2022-46104---POC) @@ -5182,7 +5190,6 @@ Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type param - [wh-gov/CVE-2022-46463](https://github.com/wh-gov/CVE-2022-46463) - [nu0l/CVE-2022-46463](https://github.com/nu0l/CVE-2022-46463) -- [lanqingaa/CVE-2022-46463](https://github.com/lanqingaa/CVE-2022-46463) ### CVE-2022-46484 - [WodenSec/CVE-2022-46484](https://github.com/WodenSec/CVE-2022-46484) @@ -5246,6 +5253,15 @@ lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local - [MaherAzzouzi/CVE-2022-47952](https://github.com/MaherAzzouzi/CVE-2022-47952) +### CVE-2022-47966 (2023-01-18) + + +Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. + + +- [ralph-morrinson/CVE-2022-47966-RCE-PoC](https://github.com/ralph-morrinson/CVE-2022-47966-RCE-PoC) +- [shameem-testing/PoC-for-ME-SAML-Vulnerability](https://github.com/shameem-testing/PoC-for-ME-SAML-Vulnerability) + ### CVE-2022-48194 (2022-12-30) @@ -8485,6 +8501,7 @@ Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privil Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. +- [p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write](https://github.com/p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write) - [Louzogh/CVE-2021-31800](https://github.com/Louzogh/CVE-2021-31800) ### CVE-2021-31805 (2022-04-12)