From 53bdab2082fa852ac8ca3bebcc86935b03842a0d Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Mon, 27 May 2024 09:28:33 +0900 Subject: [PATCH] Auto Update 2024/05/27 00:28:33 --- 2016/CVE-2016-6187.json | 4 ++-- 2019/CVE-2019-0232.json | 8 ++++---- 2021/CVE-2021-40449.json | 2 +- 2021/CVE-2021-44228.json | 8 ++++---- 2022/CVE-2022-30190.json | 8 ++++---- 2023/CVE-2023-2255.json | 4 ++-- 2023/CVE-2023-30253.json | 4 ++-- 2023/CVE-2023-36845.json | 8 ++++---- 2023/CVE-2023-5360.json | 8 ++++---- 2024/CVE-2024-21762.json | 8 ++++---- 2024/CVE-2024-22120.json | 8 ++++---- 2024/CVE-2024-23897.json | 8 ++++---- 2024/CVE-2024-27130.json | 8 ++++---- 2024/CVE-2024-32002.json | 2 +- 2024/CVE-2024-32651.json | 32 ++++++++++++++++++++++++++++++++ 2024/CVE-2024-4367.json | 8 ++++---- README.md | 7 +++++++ 17 files changed, 87 insertions(+), 48 deletions(-) create mode 100644 2024/CVE-2024-32651.json diff --git a/2016/CVE-2016-6187.json b/2016/CVE-2016-6187.json index 9855f95189..41ec67cc34 100644 --- a/2016/CVE-2016-6187.json +++ b/2016/CVE-2016-6187.json @@ -43,8 +43,8 @@ "description": "Kernel Exploit PoC for CVE-2016-6187 (Local Privilege Escalation)", "fork": false, "created_at": "2024-05-12T12:52:54Z", - "updated_at": "2024-05-25T18:48:45Z", - "pushed_at": "2024-05-25T18:46:29Z", + "updated_at": "2024-05-26T22:45:11Z", + "pushed_at": "2024-05-26T22:45:08Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2019/CVE-2019-0232.json b/2019/CVE-2019-0232.json index 85e0ae7a80..64edecf0b1 100644 --- a/2019/CVE-2019-0232.json +++ b/2019/CVE-2019-0232.json @@ -43,10 +43,10 @@ "description": "Apache Tomcat Remote Code Execution on Windows - CGI-BIN", "fork": false, "created_at": "2019-04-16T14:32:03Z", - "updated_at": "2023-12-15T12:10:29Z", + "updated_at": "2024-05-26T21:59:58Z", "pushed_at": "2019-04-17T02:42:03Z", - "stargazers_count": 68, - "watchers_count": 68, + "stargazers_count": 69, + "watchers_count": 69, "has_discussions": false, "forks_count": 28, "allow_forking": true, @@ -55,7 +55,7 @@ "topics": [], "visibility": "public", "forks": 28, - "watchers": 68, + "watchers": 69, "score": 0, "subscribers_count": 2 }, diff --git a/2021/CVE-2021-40449.json b/2021/CVE-2021-40449.json index 7316ffd057..4045b170ef 100644 --- a/2021/CVE-2021-40449.json +++ b/2021/CVE-2021-40449.json @@ -271,6 +271,6 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 118f062a86..eee7d470f0 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -309,10 +309,10 @@ "description": "Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM process", "fork": false, "created_at": "2021-12-10T10:10:19Z", - "updated_at": "2024-01-04T17:04:03Z", + "updated_at": "2024-05-26T21:56:14Z", "pushed_at": "2021-12-12T10:33:02Z", - "stargazers_count": 108, - "watchers_count": 108, + "stargazers_count": 109, + "watchers_count": 109, "has_discussions": false, "forks_count": 13, "allow_forking": true, @@ -321,7 +321,7 @@ "topics": [], "visibility": "public", "forks": 13, - "watchers": 108, + "watchers": 109, "score": 0, "subscribers_count": 4 }, diff --git a/2022/CVE-2022-30190.json b/2022/CVE-2022-30190.json index 819f7bd3ae..73a8bf8b89 100644 --- a/2022/CVE-2022-30190.json +++ b/2022/CVE-2022-30190.json @@ -171,10 +171,10 @@ "description": "This Repository Talks about the Follina MSDT from Defender Perspective", "fork": false, "created_at": "2022-05-31T14:10:11Z", - "updated_at": "2024-05-15T15:30:32Z", + "updated_at": "2024-05-26T21:57:21Z", "pushed_at": "2022-06-02T09:12:54Z", - "stargazers_count": 38, - "watchers_count": 38, + "stargazers_count": 39, + "watchers_count": 39, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -183,7 +183,7 @@ "topics": [], "visibility": "public", "forks": 10, - "watchers": 38, + "watchers": 39, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-2255.json b/2023/CVE-2023-2255.json index 253114c7ca..2ab3f00a95 100644 --- a/2023/CVE-2023-2255.json +++ b/2023/CVE-2023-2255.json @@ -18,13 +18,13 @@ "stargazers_count": 39, "watchers_count": 39, "has_discussions": false, - "forks_count": 6, + "forks_count": 7, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 6, + "forks": 7, "watchers": 39, "score": 0, "subscribers_count": 1 diff --git a/2023/CVE-2023-30253.json b/2023/CVE-2023-30253.json index cd76d95ded..690920e9e8 100644 --- a/2023/CVE-2023-30253.json +++ b/2023/CVE-2023-30253.json @@ -13,8 +13,8 @@ "description": "Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: RCE", "fork": false, "created_at": "2024-05-20T03:29:09Z", - "updated_at": "2024-05-25T15:53:11Z", + "updated_at": "2024-05-26T21:18:32Z", "pushed_at": "2024-05-21T10:30:49Z", - "stargazers_count": 83, - "watchers_count": 83, + "stargazers_count": 84, + "watchers_count": 84, "has_discussions": false, "forks_count": 16, "allow_forking": true, @@ -29,7 +29,7 @@ ], "visibility": "public", "forks": 16, - "watchers": 83, + "watchers": 84, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-23897.json b/2024/CVE-2024-23897.json index c6f8e87a49..ac63af4677 100644 --- a/2024/CVE-2024-23897.json +++ b/2024/CVE-2024-23897.json @@ -73,10 +73,10 @@ "description": "CVE-2024-23897", "fork": false, "created_at": "2024-01-26T09:44:32Z", - "updated_at": "2024-05-22T06:12:21Z", + "updated_at": "2024-05-26T21:25:43Z", "pushed_at": "2024-01-28T06:47:28Z", - "stargazers_count": 170, - "watchers_count": 170, + "stargazers_count": 171, + "watchers_count": 171, "has_discussions": false, "forks_count": 35, "allow_forking": true, @@ -85,7 +85,7 @@ "topics": [], "visibility": "public", "forks": 35, - "watchers": 170, + "watchers": 171, "score": 0, "subscribers_count": 2 }, diff --git a/2024/CVE-2024-27130.json b/2024/CVE-2024-27130.json index 47fd28fc97..056f2a017f 100644 --- a/2024/CVE-2024-27130.json +++ b/2024/CVE-2024-27130.json @@ -13,10 +13,10 @@ "description": "PoC for CVE-2024-27130", "fork": false, "created_at": "2024-05-17T07:58:01Z", - "updated_at": "2024-05-24T15:57:21Z", + "updated_at": "2024-05-26T22:12:23Z", "pushed_at": "2024-05-17T10:27:07Z", - "stargazers_count": 18, - "watchers_count": 18, + "stargazers_count": 19, + "watchers_count": 19, "has_discussions": false, "forks_count": 13, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 13, - "watchers": 18, + "watchers": 19, "score": 0, "subscribers_count": 0 }, diff --git a/2024/CVE-2024-32002.json b/2024/CVE-2024-32002.json index f731c22b59..bd9429b412 100644 --- a/2024/CVE-2024-32002.json +++ b/2024/CVE-2024-32002.json @@ -1199,7 +1199,7 @@ "description": "poc of git rce using cve-2024-32002", "fork": false, "created_at": "2024-05-23T07:56:05Z", - "updated_at": "2024-05-24T11:11:24Z", + "updated_at": "2024-05-26T19:44:08Z", "pushed_at": "2024-05-24T10:39:48Z", "stargazers_count": 1, "watchers_count": 1, diff --git a/2024/CVE-2024-32651.json b/2024/CVE-2024-32651.json new file mode 100644 index 0000000000..86b6f3e1df --- /dev/null +++ b/2024/CVE-2024-32651.json @@ -0,0 +1,32 @@ +[ + { + "id": 806279478, + "name": "cve-2024-32651", + "full_name": "zcrosman\/cve-2024-32651", + "owner": { + "login": "zcrosman", + "id": 21688962, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/21688962?v=4", + "html_url": "https:\/\/github.com\/zcrosman" + }, + "html_url": "https:\/\/github.com\/zcrosman\/cve-2024-32651", + "description": "changedetection rce though ssti", + "fork": false, + "created_at": "2024-05-26T21:24:14Z", + "updated_at": "2024-05-26T21:42:11Z", + "pushed_at": "2024-05-26T21:42:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-4367.json b/2024/CVE-2024-4367.json index ba3281830b..fe15c171c3 100644 --- a/2024/CVE-2024-4367.json +++ b/2024/CVE-2024-4367.json @@ -13,10 +13,10 @@ "description": "CVE-2024-4367 & CVE-2024-34342 Proof of Concept", "fork": false, "created_at": "2024-05-20T10:02:23Z", - "updated_at": "2024-05-26T16:17:26Z", + "updated_at": "2024-05-26T20:22:36Z", "pushed_at": "2024-05-23T10:07:41Z", - "stargazers_count": 30, - "watchers_count": 30, + "stargazers_count": 31, + "watchers_count": 31, "has_discussions": false, "forks_count": 6, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 30, + "watchers": 31, "score": 0, "subscribers_count": 1 }, diff --git a/README.md b/README.md index bafad5c1ce..ef122a011c 100644 --- a/README.md +++ b/README.md @@ -2101,6 +2101,13 @@ - [Stuub/CVE-2024-32640-SQLI-MuraCMS](https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS) - [0x3f3c/CVE-2024-32640-SQLI-MuraCMS](https://github.com/0x3f3c/CVE-2024-32640-SQLI-MuraCMS) +### CVE-2024-32651 (2024-04-25) + +changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced). + + +- [zcrosman/cve-2024-32651](https://github.com/zcrosman/cve-2024-32651) + ### CVE-2024-32709 (2024-04-24) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5.\n\n