From 58b98ff4165a163c907121369d1c00e5c2d49063 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Wed, 8 Jan 2025 21:33:47 +0900 Subject: [PATCH] Auto Update 2025/01/08 12:33:47 --- 2014/CVE-2014-3153.json | 4 ++-- 2015/CVE-2015-9251.json | 31 ++++++++++++++++++++++++++++++ 2016/CVE-2016-1287.json | 8 ++++---- 2017/CVE-2017-11882.json | 8 ++++---- 2018/CVE-2018-19320.json | 8 ++++---- 2019/CVE-2019-19030.json | 8 ++++---- 2019/CVE-2019-2215.json | 12 ++++++------ 2020/CVE-2020-0796.json | 8 ++++---- 2020/CVE-2020-15368.json | 8 ++++---- 2021/CVE-2021-37580.json | 2 +- 2021/CVE-2021-44228.json | 18 +++++++++--------- 2022/CVE-2022-0337.json | 8 ++++---- 2022/CVE-2022-0847.json | 31 ++++++++++++++++++++++++++++++ 2022/CVE-2022-29464.json | 8 ++++---- 2022/CVE-2022-3699.json | 8 ++++---- 2022/CVE-2022-38694.json | 12 ++++++------ 2023/CVE-2023-21036.json | 8 ++++---- 2023/CVE-2023-21768.json | 31 ++++++++++++++++++++++++++++++ 2023/CVE-2023-41772.json | 4 ++-- 2023/CVE-2023-45866.json | 12 ++++++------ 2023/CVE-2023-48795.json | 33 ++++++++++++++++++++++++++++++++ 2024/CVE-2024-11613.json | 33 ++++++++++++++++++++++++++++++++ 2024/CVE-2024-12849.json | 4 ++-- 2024/CVE-2024-21762.json | 4 ++-- 2024/CVE-2024-27115.json | 33 ++++++++++++++++++++++++++++++++ 2024/CVE-2024-35250.json | 20 ++++++++++---------- 2024/CVE-2024-38998.json | 31 ++++++++++++++++++++++++++++++ 2024/CVE-2024-42327.json | 8 ++++---- 2024/CVE-2024-45519.json | 4 ++-- 2024/CVE-2024-4577.json | 31 ++++++++++++++++++++++++++++++ 2024/CVE-2024-4885.json | 4 ++-- 2024/CVE-2024-49039.json | 8 ++++---- 2024/CVE-2024-49113.json | 12 ++++++------ 2024/CVE-2024-50603.json | 33 ++++++++++++++++++++++++++++++++ 2024/CVE-2024-50623.json | 12 ++++++------ 2024/CVE-2024-54498.json | 33 ++++++++++++++++++++++++++++++++ 2024/CVE-2024-56433.json | 4 ++-- 2024/CVE-2024-6387.json | 16 ++++++++-------- 2024/CVE-2024-9047.json | 35 ++++++++++++++++++++++++++++++++++ README.md | 41 ++++++++++++++++++++++++++++++++++++++++ 40 files changed, 516 insertions(+), 120 deletions(-) create mode 100644 2023/CVE-2023-48795.json create mode 100644 2024/CVE-2024-11613.json create mode 100644 2024/CVE-2024-27115.json create mode 100644 2024/CVE-2024-50603.json create mode 100644 2024/CVE-2024-54498.json diff --git a/2014/CVE-2014-3153.json b/2014/CVE-2014-3153.json index 79b66173f0..b0e379de15 100644 --- a/2014/CVE-2014-3153.json +++ b/2014/CVE-2014-3153.json @@ -239,7 +239,7 @@ "stargazers_count": 11, "watchers_count": 11, "has_discussions": false, - "forks_count": 3, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -252,7 +252,7 @@ "towelroot" ], "visibility": "public", - "forks": 3, + "forks": 2, "watchers": 11, "score": 0, "subscribers_count": 2 diff --git a/2015/CVE-2015-9251.json b/2015/CVE-2015-9251.json index fa7eff5614..198c7f9e7e 100644 --- a/2015/CVE-2015-9251.json +++ b/2015/CVE-2015-9251.json @@ -60,5 +60,36 @@ "watchers": 1, "score": 0, "subscribers_count": 1 + }, + { + "id": 913764460, + "name": "CVE-2015-9251", + "full_name": "hackgiver\/CVE-2015-9251", + "owner": { + "login": "hackgiver", + "id": 142176983, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/142176983?v=4", + "html_url": "https:\/\/github.com\/hackgiver", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/hackgiver\/CVE-2015-9251", + "description": "This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions.", + "fork": false, + "created_at": "2025-01-08T10:03:02Z", + "updated_at": "2025-01-08T10:19:33Z", + "pushed_at": "2025-01-08T10:19:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2016/CVE-2016-1287.json b/2016/CVE-2016-1287.json index 5a59d00920..b55e16532b 100644 --- a/2016/CVE-2016-1287.json +++ b/2016/CVE-2016-1287.json @@ -45,10 +45,10 @@ "description": "Verification tools for CVE-2016-1287", "fork": false, "created_at": "2016-09-08T19:43:18Z", - "updated_at": "2023-11-17T06:44:26Z", + "updated_at": "2025-01-08T08:02:02Z", "pushed_at": "2017-03-15T20:25:40Z", - "stargazers_count": 32, - "watchers_count": 32, + "stargazers_count": 33, + "watchers_count": 33, "has_discussions": false, "forks_count": 19, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 19, - "watchers": 32, + "watchers": 33, "score": 0, "subscribers_count": 51 } diff --git a/2017/CVE-2017-11882.json b/2017/CVE-2017-11882.json index c2809bdf8a..664677af50 100644 --- a/2017/CVE-2017-11882.json +++ b/2017/CVE-2017-11882.json @@ -76,10 +76,10 @@ "description": "CVE-2017-11882 from https:\/\/github.com\/embedi\/CVE-2017-11882", "fork": false, "created_at": "2017-11-21T05:55:53Z", - "updated_at": "2025-01-04T08:49:03Z", + "updated_at": "2025-01-08T07:33:05Z", "pushed_at": "2017-11-29T03:33:53Z", - "stargazers_count": 540, - "watchers_count": 540, + "stargazers_count": 541, + "watchers_count": 541, "has_discussions": false, "forks_count": 252, "allow_forking": true, @@ -88,7 +88,7 @@ "topics": [], "visibility": "public", "forks": 252, - "watchers": 540, + "watchers": 541, "score": 0, "subscribers_count": 28 }, diff --git a/2018/CVE-2018-19320.json b/2018/CVE-2018-19320.json index 241c0b1c96..9e30fa15bb 100644 --- a/2018/CVE-2018-19320.json +++ b/2018/CVE-2018-19320.json @@ -76,10 +76,10 @@ "description": "Unsigned driver loader using CVE-2018-19320", "fork": false, "created_at": "2022-11-12T05:48:13Z", - "updated_at": "2025-01-07T03:46:57Z", + "updated_at": "2025-01-08T09:25:21Z", "pushed_at": "2023-04-09T13:50:29Z", - "stargazers_count": 219, - "watchers_count": 219, + "stargazers_count": 220, + "watchers_count": 220, "has_discussions": false, "forks_count": 58, "allow_forking": true, @@ -88,7 +88,7 @@ "topics": [], "visibility": "public", "forks": 58, - "watchers": 219, + "watchers": 220, "score": 0, "subscribers_count": 10 } diff --git a/2019/CVE-2019-19030.json b/2019/CVE-2019-19030.json index 6ed2eafcf9..55af1d93c1 100644 --- a/2019/CVE-2019-19030.json +++ b/2019/CVE-2019-19030.json @@ -14,10 +14,10 @@ "description": "Exploit for CVE-2019-19030 that affects Harbor versions <1.10.3 and <2.0.1. Can also be used to enumerate and pull public projects from higher versions.", "fork": false, "created_at": "2024-06-12T11:46:57Z", - "updated_at": "2024-08-29T11:44:02Z", + "updated_at": "2025-01-08T06:36:09Z", "pushed_at": "2024-08-29T11:43:58Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 1 } diff --git a/2019/CVE-2019-2215.json b/2019/CVE-2019-2215.json index 56354fcbff..56fb03ed5b 100644 --- a/2019/CVE-2019-2215.json +++ b/2019/CVE-2019-2215.json @@ -81,13 +81,13 @@ "stargazers_count": 111, "watchers_count": 111, "has_discussions": false, - "forks_count": 48, + "forks_count": 49, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 48, + "forks": 49, "watchers": 111, "score": 0, "subscribers_count": 9 @@ -233,10 +233,10 @@ "description": "Triggering and Analyzing Android Kernel Vulnerability CVE-2019-2215", "fork": false, "created_at": "2020-06-07T15:03:07Z", - "updated_at": "2024-12-04T12:15:00Z", + "updated_at": "2025-01-08T09:10:38Z", "pushed_at": "2022-09-04T14:16:50Z", - "stargazers_count": 58, - "watchers_count": 58, + "stargazers_count": 59, + "watchers_count": 59, "has_discussions": false, "forks_count": 17, "allow_forking": true, @@ -250,7 +250,7 @@ ], "visibility": "public", "forks": 17, - "watchers": 58, + "watchers": 59, "score": 0, "subscribers_count": 3 }, diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index fd380176d9..3d29ebd7d7 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -1398,10 +1398,10 @@ "description": "CVE-2020-0796 Remote Code Execution POC", "fork": false, "created_at": "2020-04-20T14:35:48Z", - "updated_at": "2024-12-30T21:29:49Z", + "updated_at": "2025-01-08T06:51:43Z", "pushed_at": "2020-06-09T20:46:45Z", - "stargazers_count": 541, - "watchers_count": 541, + "stargazers_count": 542, + "watchers_count": 542, "has_discussions": false, "forks_count": 171, "allow_forking": true, @@ -1416,7 +1416,7 @@ ], "visibility": "public", "forks": 171, - "watchers": 541, + "watchers": 542, "score": 0, "subscribers_count": 25 }, diff --git a/2020/CVE-2020-15368.json b/2020/CVE-2020-15368.json index b7c4b02cad..a64cb748a3 100644 --- a/2020/CVE-2020-15368.json +++ b/2020/CVE-2020-15368.json @@ -14,10 +14,10 @@ "description": "CVE-2020-15368, aka \"How to exploit a vulnerable driver\"", "fork": false, "created_at": "2021-06-29T04:38:24Z", - "updated_at": "2025-01-08T02:41:48Z", + "updated_at": "2025-01-08T10:50:56Z", "pushed_at": "2022-04-14T03:17:44Z", - "stargazers_count": 448, - "watchers_count": 448, + "stargazers_count": 449, + "watchers_count": 449, "has_discussions": false, "forks_count": 46, "allow_forking": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 46, - "watchers": 448, + "watchers": 449, "score": 0, "subscribers_count": 6 }, diff --git a/2021/CVE-2021-37580.json b/2021/CVE-2021-37580.json index 17d3fc7fb1..50b447514a 100644 --- a/2021/CVE-2021-37580.json +++ b/2021/CVE-2021-37580.json @@ -45,7 +45,7 @@ "description": "CVE-2021-37580的poc", "fork": false, "created_at": "2021-11-17T13:26:46Z", - "updated_at": "2024-08-12T20:18:10Z", + "updated_at": "2025-01-08T11:25:54Z", "pushed_at": "2023-06-18T01:19:09Z", "stargazers_count": 37, "watchers_count": 37, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 0ca5c1800b..8042f7bbce 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -935,10 +935,10 @@ "description": "A Proof-Of-Concept for the CVE-2021-44228 vulnerability. ", "fork": false, "created_at": "2021-12-10T23:19:28Z", - "updated_at": "2024-12-30T03:30:40Z", + "updated_at": "2025-01-08T07:46:36Z", "pushed_at": "2024-02-12T22:37:25Z", - "stargazers_count": 1812, - "watchers_count": 1812, + "stargazers_count": 1813, + "watchers_count": 1813, "has_discussions": false, "forks_count": 530, "allow_forking": true, @@ -952,7 +952,7 @@ ], "visibility": "public", "forks": 530, - "watchers": 1812, + "watchers": 1813, "score": 0, "subscribers_count": 26 }, @@ -3749,10 +3749,10 @@ "description": "A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 ", "fork": false, "created_at": "2021-12-13T03:57:50Z", - "updated_at": "2025-01-07T13:58:10Z", + "updated_at": "2025-01-08T06:23:15Z", "pushed_at": "2022-11-23T18:23:24Z", - "stargazers_count": 3404, - "watchers_count": 3404, + "stargazers_count": 3405, + "watchers_count": 3405, "has_discussions": true, "forks_count": 739, "allow_forking": true, @@ -3761,7 +3761,7 @@ "topics": [], "visibility": "public", "forks": 739, - "watchers": 3404, + "watchers": 3405, "score": 0, "subscribers_count": 55 }, @@ -7264,7 +7264,7 @@ "fork": false, "created_at": "2021-12-15T21:09:00Z", "updated_at": "2023-06-22T04:46:02Z", - "pushed_at": "2024-12-25T06:55:32Z", + "pushed_at": "2025-01-08T06:45:48Z", "stargazers_count": 4, "watchers_count": 4, "has_discussions": false, diff --git a/2022/CVE-2022-0337.json b/2022/CVE-2022-0337.json index 293e415c2b..ca7ee715dc 100644 --- a/2022/CVE-2022-0337.json +++ b/2022/CVE-2022-0337.json @@ -14,10 +14,10 @@ "description": "🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337", "fork": false, "created_at": "2022-03-19T08:10:46Z", - "updated_at": "2025-01-06T03:02:01Z", + "updated_at": "2025-01-08T10:55:34Z", "pushed_at": "2022-09-04T17:28:56Z", - "stargazers_count": 328, - "watchers_count": 328, + "stargazers_count": 329, + "watchers_count": 329, "has_discussions": false, "forks_count": 34, "allow_forking": true, @@ -42,7 +42,7 @@ ], "visibility": "public", "forks": 34, - "watchers": 328, + "watchers": 329, "score": 0, "subscribers_count": 6 }, diff --git a/2022/CVE-2022-0847.json b/2022/CVE-2022-0847.json index 593011117e..4118b19b74 100644 --- a/2022/CVE-2022-0847.json +++ b/2022/CVE-2022-0847.json @@ -2928,5 +2928,36 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 913704023, + "name": "Dirty-Pipe-Exploit", + "full_name": "mithunmadhukuttan\/Dirty-Pipe-Exploit", + "owner": { + "login": "mithunmadhukuttan", + "id": 104143246, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/104143246?v=4", + "html_url": "https:\/\/github.com\/mithunmadhukuttan", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/mithunmadhukuttan\/Dirty-Pipe-Exploit", + "description": "The **Dirty Pipe exploit (CVE-2022-0847)** is a Linux kernel vulnerability (v5.8+) allowing unprivileged attackers to overwrite arbitrary files via a flaw in the pipe mechanism. This leads to privilege escalation, granting root access. Similar to Dirty Cow but easier to exploit. Fix: Update to a patched kernel version.", + "fork": false, + "created_at": "2025-01-08T07:40:20Z", + "updated_at": "2025-01-08T07:41:44Z", + "pushed_at": "2025-01-08T07:41:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-29464.json b/2022/CVE-2022-29464.json index 08b753f5fa..c3090a7b1d 100644 --- a/2022/CVE-2022-29464.json +++ b/2022/CVE-2022-29464.json @@ -605,10 +605,10 @@ "description": "CVE-2022-29464 Exploit", "fork": false, "created_at": "2022-07-05T08:27:04Z", - "updated_at": "2023-11-12T16:10:10Z", + "updated_at": "2025-01-08T06:52:13Z", "pushed_at": "2023-11-29T17:37:16Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -617,7 +617,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 1 }, diff --git a/2022/CVE-2022-3699.json b/2022/CVE-2022-3699.json index cdf949cf28..dae12d1f19 100644 --- a/2022/CVE-2022-3699.json +++ b/2022/CVE-2022-3699.json @@ -14,10 +14,10 @@ "description": "Lenovo Diagnostics Driver EoP - Arbitrary R\/W", "fork": false, "created_at": "2022-11-09T14:15:30Z", - "updated_at": "2024-12-08T17:04:10Z", + "updated_at": "2025-01-08T09:12:45Z", "pushed_at": "2022-12-05T23:36:42Z", - "stargazers_count": 170, - "watchers_count": 170, + "stargazers_count": 171, + "watchers_count": 171, "has_discussions": false, "forks_count": 47, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 47, - "watchers": 170, + "watchers": 171, "score": 0, "subscribers_count": 5 }, diff --git a/2022/CVE-2022-38694.json b/2022/CVE-2022-38694.json index e9a1fa8bfd..7c97f4672c 100644 --- a/2022/CVE-2022-38694.json +++ b/2022/CVE-2022-38694.json @@ -14,12 +14,12 @@ "description": "This is a one-time signature verification bypass. For persistent signature verification bypass, check https:\/\/github.com\/TomKing062\/CVE-2022-38691_38692", "fork": false, "created_at": "2023-06-10T08:31:26Z", - "updated_at": "2025-01-04T04:33:25Z", + "updated_at": "2025-01-08T09:32:28Z", "pushed_at": "2024-08-01T15:09:15Z", - "stargazers_count": 316, - "watchers_count": 316, + "stargazers_count": 318, + "watchers_count": 318, "has_discussions": true, - "forks_count": 46, + "forks_count": 47, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -28,8 +28,8 @@ "unisoc" ], "visibility": "public", - "forks": 46, - "watchers": 316, + "forks": 47, + "watchers": 318, "score": 0, "subscribers_count": 8 }, diff --git a/2023/CVE-2023-21036.json b/2023/CVE-2023-21036.json index 77f9f7467e..1ce636a9f9 100644 --- a/2023/CVE-2023-21036.json +++ b/2023/CVE-2023-21036.json @@ -52,10 +52,10 @@ "description": "Detection and sanitization for Acropalypse Now - CVE-2023-21036", "fork": false, "created_at": "2023-03-22T14:59:42Z", - "updated_at": "2024-09-06T13:10:33Z", + "updated_at": "2025-01-08T10:05:57Z", "pushed_at": "2023-05-15T12:12:33Z", - "stargazers_count": 78, - "watchers_count": 78, + "stargazers_count": 79, + "watchers_count": 79, "has_discussions": false, "forks_count": 6, "allow_forking": true, @@ -64,7 +64,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 78, + "watchers": 79, "score": 0, "subscribers_count": 10 }, diff --git a/2023/CVE-2023-21768.json b/2023/CVE-2023-21768.json index 11f1da3b1c..15cd131e07 100644 --- a/2023/CVE-2023-21768.json +++ b/2023/CVE-2023-21768.json @@ -347,5 +347,36 @@ "watchers": 13, "score": 0, "subscribers_count": 2 + }, + { + "id": 910182976, + "name": "CVE-2023-21768", + "full_name": "IlanDudnik\/CVE-2023-21768", + "owner": { + "login": "IlanDudnik", + "id": 16364955, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16364955?v=4", + "html_url": "https:\/\/github.com\/IlanDudnik", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/IlanDudnik\/CVE-2023-21768", + "description": "Exploit implementation with IO Rings for CVE-2023-21768", + "fork": false, + "created_at": "2024-12-30T17:27:56Z", + "updated_at": "2025-01-08T12:00:22Z", + "pushed_at": "2025-01-08T11:57:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-41772.json b/2023/CVE-2023-41772.json index ec6bf4c020..5f75d1eeb9 100644 --- a/2023/CVE-2023-41772.json +++ b/2023/CVE-2023-41772.json @@ -19,13 +19,13 @@ "stargazers_count": 11, "watchers_count": 11, "has_discussions": false, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 11, "score": 0, "subscribers_count": 1 diff --git a/2023/CVE-2023-45866.json b/2023/CVE-2023-45866.json index be1a18fc84..7581845baf 100644 --- a/2023/CVE-2023-45866.json +++ b/2023/CVE-2023-45866.json @@ -14,19 +14,19 @@ "description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)", "fork": false, "created_at": "2024-01-16T06:52:02Z", - "updated_at": "2025-01-08T05:55:25Z", + "updated_at": "2025-01-08T11:53:56Z", "pushed_at": "2024-08-18T08:26:46Z", - "stargazers_count": 1370, - "watchers_count": 1370, + "stargazers_count": 1372, + "watchers_count": 1372, "has_discussions": false, - "forks_count": 233, + "forks_count": 234, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 233, - "watchers": 1370, + "forks": 234, + "watchers": 1372, "score": 0, "subscribers_count": 21 }, diff --git a/2023/CVE-2023-48795.json b/2023/CVE-2023-48795.json new file mode 100644 index 0000000000..85c71f5ce4 --- /dev/null +++ b/2023/CVE-2023-48795.json @@ -0,0 +1,33 @@ +[ + { + "id": 913695968, + "name": "CVE-2023-48795", + "full_name": "TrixSec\/CVE-2023-48795", + "owner": { + "login": "TrixSec", + "id": 157342883, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/157342883?v=4", + "html_url": "https:\/\/github.com\/TrixSec", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/TrixSec\/CVE-2023-48795", + "description": "A Python-based tool to check for vulnerabilities in OpenSSH installations on local or remote systems by scanning specific IPs. It checks if the OpenSSH version is affected by CVE-2023-48795", + "fork": false, + "created_at": "2025-01-08T07:19:23Z", + "updated_at": "2025-01-08T07:29:16Z", + "pushed_at": "2025-01-08T07:29:13Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-11613.json b/2024/CVE-2024-11613.json new file mode 100644 index 0000000000..0343a27c45 --- /dev/null +++ b/2024/CVE-2024-11613.json @@ -0,0 +1,33 @@ +[ + { + "id": 913765661, + "name": "CVE-2024-11613-wp-file-upload", + "full_name": "Sachinart\/CVE-2024-11613-wp-file-upload", + "owner": { + "login": "Sachinart", + "id": 18497191, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18497191?v=4", + "html_url": "https:\/\/github.com\/Sachinart", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Sachinart\/CVE-2024-11613-wp-file-upload", + "description": "Exploit by Chirag Artani for CVE-2024-11613 in WordPress File Upload", + "fork": false, + "created_at": "2025-01-08T10:06:00Z", + "updated_at": "2025-01-08T10:15:52Z", + "pushed_at": "2025-01-08T10:15:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-12849.json b/2024/CVE-2024-12849.json index 4c32a23422..2a2a7143a3 100644 --- a/2024/CVE-2024-12849.json +++ b/2024/CVE-2024-12849.json @@ -45,8 +45,8 @@ "description": null, "fork": false, "created_at": "2025-01-07T16:57:48Z", - "updated_at": "2025-01-07T17:20:00Z", - "pushed_at": "2025-01-07T17:19:56Z", + "updated_at": "2025-01-08T06:46:21Z", + "pushed_at": "2025-01-08T06:46:18Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-21762.json b/2024/CVE-2024-21762.json index 1a0e6c05b9..d74aa4ae57 100644 --- a/2024/CVE-2024-21762.json +++ b/2024/CVE-2024-21762.json @@ -19,13 +19,13 @@ "stargazers_count": 95, "watchers_count": 95, "has_discussions": false, - "forks_count": 14, + "forks_count": 15, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 14, + "forks": 15, "watchers": 95, "score": 0, "subscribers_count": 6 diff --git a/2024/CVE-2024-27115.json b/2024/CVE-2024-27115.json new file mode 100644 index 0000000000..4ce9e262a2 --- /dev/null +++ b/2024/CVE-2024-27115.json @@ -0,0 +1,33 @@ +[ + { + "id": 913334263, + "name": "CVE-2024-27115-Exploit", + "full_name": "theexploiters\/CVE-2024-27115-Exploit", + "owner": { + "login": "theexploiters", + "id": 185040501, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/185040501?v=4", + "html_url": "https:\/\/github.com\/theexploiters", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/theexploiters\/CVE-2024-27115-Exploit", + "description": "Exploit For SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)", + "fork": false, + "created_at": "2025-01-07T13:38:34Z", + "updated_at": "2025-01-08T07:50:51Z", + "pushed_at": "2025-01-07T14:16:47Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-35250.json b/2024/CVE-2024-35250.json index 5b33e54734..c995ac1404 100644 --- a/2024/CVE-2024-35250.json +++ b/2024/CVE-2024-35250.json @@ -14,10 +14,10 @@ "description": "PoC for the Untrusted Pointer Dereference in the ks.sys driver", "fork": false, "created_at": "2024-10-13T19:30:20Z", - "updated_at": "2025-01-08T03:20:04Z", + "updated_at": "2025-01-08T12:23:54Z", "pushed_at": "2024-11-29T16:56:23Z", - "stargazers_count": 257, - "watchers_count": 257, + "stargazers_count": 258, + "watchers_count": 258, "has_discussions": false, "forks_count": 57, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 57, - "watchers": 257, + "watchers": 258, "score": 0, "subscribers_count": 7 }, @@ -45,19 +45,19 @@ "description": "Cobalt Strike 的 CVE-2024-35250 的 BOF。(请给我加个星,谢谢。) ", "fork": false, "created_at": "2024-10-25T10:06:09Z", - "updated_at": "2025-01-08T01:57:03Z", + "updated_at": "2025-01-08T11:26:33Z", "pushed_at": "2024-10-21T04:15:27Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 13, + "watchers_count": 13, "has_discussions": false, - "forks_count": 6, + "forks_count": 5, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 6, - "watchers": 10, + "forks": 5, + "watchers": 13, "score": 0, "subscribers_count": 0 }, diff --git a/2024/CVE-2024-38998.json b/2024/CVE-2024-38998.json index 9dada12694..6d6432bd5d 100644 --- a/2024/CVE-2024-38998.json +++ b/2024/CVE-2024-38998.json @@ -29,5 +29,36 @@ "watchers": 1, "score": 0, "subscribers_count": 1 + }, + { + "id": 913713750, + "name": "PP_CVE-2024-38998", + "full_name": "cesarbtakeda\/PP_CVE-2024-38998", + "owner": { + "login": "cesarbtakeda", + "id": 114227831, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/114227831?v=4", + "html_url": "https:\/\/github.com\/cesarbtakeda", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/cesarbtakeda\/PP_CVE-2024-38998", + "description": null, + "fork": false, + "created_at": "2025-01-08T08:04:54Z", + "updated_at": "2025-01-08T08:13:26Z", + "pushed_at": "2025-01-08T08:13:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2024/CVE-2024-42327.json b/2024/CVE-2024-42327.json index e27882bda2..840104d4f5 100644 --- a/2024/CVE-2024-42327.json +++ b/2024/CVE-2024-42327.json @@ -200,10 +200,10 @@ "description": "Zabbix CVE-2024-42327 PoC", "fork": false, "created_at": "2025-01-01T18:25:44Z", - "updated_at": "2025-01-08T02:31:14Z", + "updated_at": "2025-01-08T08:05:10Z", "pushed_at": "2025-01-03T13:49:03Z", - "stargazers_count": 32, - "watchers_count": 32, + "stargazers_count": 34, + "watchers_count": 34, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -212,7 +212,7 @@ "topics": [], "visibility": "public", "forks": 4, - "watchers": 32, + "watchers": 34, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-45519.json b/2024/CVE-2024-45519.json index e95ba1f14a..50db489b9a 100644 --- a/2024/CVE-2024-45519.json +++ b/2024/CVE-2024-45519.json @@ -19,13 +19,13 @@ "stargazers_count": 42, "watchers_count": 42, "has_discussions": false, - "forks_count": 19, + "forks_count": 20, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 19, + "forks": 20, "watchers": 42, "score": 0, "subscribers_count": 2 diff --git a/2024/CVE-2024-4577.json b/2024/CVE-2024-4577.json index 4aefd293d1..7bb0e00072 100644 --- a/2024/CVE-2024-4577.json +++ b/2024/CVE-2024-4577.json @@ -1678,5 +1678,36 @@ "watchers": 17, "score": 0, "subscribers_count": 1 + }, + { + "id": 913704447, + "name": "CVE-2024-4577", + "full_name": "Dejavu666\/CVE-2024-4577", + "owner": { + "login": "Dejavu666", + "id": 14794918, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14794918?v=4", + "html_url": "https:\/\/github.com\/Dejavu666", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Dejavu666\/CVE-2024-4577", + "description": "CVE-2024-4577 POC", + "fork": false, + "created_at": "2025-01-08T07:41:29Z", + "updated_at": "2025-01-08T11:17:26Z", + "pushed_at": "2025-01-08T11:17:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2024/CVE-2024-4885.json b/2024/CVE-2024-4885.json index b00b0c0a61..ac3f0fed0e 100644 --- a/2024/CVE-2024-4885.json +++ b/2024/CVE-2024-4885.json @@ -19,13 +19,13 @@ "stargazers_count": 15, "watchers_count": 15, "has_discussions": false, - "forks_count": 5, + "forks_count": 6, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 5, + "forks": 6, "watchers": 15, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-49039.json b/2024/CVE-2024-49039.json index 96602aa853..782e317ba7 100644 --- a/2024/CVE-2024-49039.json +++ b/2024/CVE-2024-49039.json @@ -14,10 +14,10 @@ "description": "WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler", "fork": false, "created_at": "2024-11-19T08:57:18Z", - "updated_at": "2025-01-02T00:58:20Z", + "updated_at": "2025-01-08T09:21:16Z", "pushed_at": "2024-11-19T09:15:26Z", - "stargazers_count": 116, - "watchers_count": 116, + "stargazers_count": 117, + "watchers_count": 117, "has_discussions": false, "forks_count": 23, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 23, - "watchers": 116, + "watchers": 117, "score": 0, "subscribers_count": 2 }, diff --git a/2024/CVE-2024-49113.json b/2024/CVE-2024-49113.json index 4c380cf5e2..d7c752e05d 100644 --- a/2024/CVE-2024-49113.json +++ b/2024/CVE-2024-49113.json @@ -14,19 +14,19 @@ "description": "LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113", "fork": false, "created_at": "2025-01-01T15:48:38Z", - "updated_at": "2025-01-08T03:27:17Z", + "updated_at": "2025-01-08T12:05:24Z", "pushed_at": "2025-01-02T16:07:23Z", - "stargazers_count": 397, - "watchers_count": 397, + "stargazers_count": 399, + "watchers_count": 399, "has_discussions": false, - "forks_count": 93, + "forks_count": 94, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 93, - "watchers": 397, + "forks": 94, + "watchers": 399, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-50603.json b/2024/CVE-2024-50603.json new file mode 100644 index 0000000000..f3cb65fc6a --- /dev/null +++ b/2024/CVE-2024-50603.json @@ -0,0 +1,33 @@ +[ + { + "id": 913813364, + "name": "CVE-2024-50603", + "full_name": "newlinesec\/CVE-2024-50603", + "owner": { + "login": "newlinesec", + "id": 194232279, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/194232279?v=4", + "html_url": "https:\/\/github.com\/newlinesec", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/newlinesec\/CVE-2024-50603", + "description": "CVE-2024-50603-nuclei-poc", + "fork": false, + "created_at": "2025-01-08T12:00:38Z", + "updated_at": "2025-01-08T12:08:49Z", + "pushed_at": "2025-01-08T12:08:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-50623.json b/2024/CVE-2024-50623.json index cae606484f..cc8d575edc 100644 --- a/2024/CVE-2024-50623.json +++ b/2024/CVE-2024-50623.json @@ -14,19 +14,19 @@ "description": "Cleo Unrestricted file upload and download PoC (CVE-2024-50623)", "fork": false, "created_at": "2024-12-11T14:19:55Z", - "updated_at": "2024-12-16T20:09:24Z", + "updated_at": "2025-01-08T08:14:00Z", "pushed_at": "2024-12-11T14:23:19Z", - "stargazers_count": 19, - "watchers_count": 19, + "stargazers_count": 20, + "watchers_count": 20, "has_discussions": false, - "forks_count": 6, + "forks_count": 7, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 6, - "watchers": 19, + "forks": 7, + "watchers": 20, "score": 0, "subscribers_count": 0 }, diff --git a/2024/CVE-2024-54498.json b/2024/CVE-2024-54498.json new file mode 100644 index 0000000000..f6f4159dcf --- /dev/null +++ b/2024/CVE-2024-54498.json @@ -0,0 +1,33 @@ +[ + { + "id": 913761355, + "name": "CVE-2024-54498-PoC", + "full_name": "wh1te4ever\/CVE-2024-54498-PoC", + "owner": { + "login": "wh1te4ever", + "id": 88495487, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/88495487?v=4", + "html_url": "https:\/\/github.com\/wh1te4ever", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/wh1te4ever\/CVE-2024-54498-PoC", + "description": "Escape macOS Sandbox using sharedfilelistd exploit", + "fork": false, + "created_at": "2025-01-08T09:55:44Z", + "updated_at": "2025-01-08T11:05:12Z", + "pushed_at": "2025-01-08T10:37:17Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-56433.json b/2024/CVE-2024-56433.json index d7e9e79f09..6c4f02f541 100644 --- a/2024/CVE-2024-56433.json +++ b/2024/CVE-2024-56433.json @@ -14,8 +14,8 @@ "description": "CVE-2024-56433 - shadow-utils Default subordinate ID for local users creates risk of collision", "fork": false, "created_at": "2025-01-03T13:11:25Z", - "updated_at": "2025-01-06T12:02:43Z", - "pushed_at": "2025-01-06T12:02:39Z", + "updated_at": "2025-01-08T08:24:17Z", + "pushed_at": "2025-01-08T08:24:14Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-6387.json b/2024/CVE-2024-6387.json index 93adc75706..640226f468 100644 --- a/2024/CVE-2024-6387.json +++ b/2024/CVE-2024-6387.json @@ -1355,10 +1355,10 @@ "description": "PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit) ", "fork": false, "created_at": "2024-07-02T18:32:46Z", - "updated_at": "2024-12-30T01:05:18Z", + "updated_at": "2025-01-08T11:36:17Z", "pushed_at": "2024-07-05T15:19:28Z", - "stargazers_count": 72, - "watchers_count": 72, + "stargazers_count": 75, + "watchers_count": 75, "has_discussions": false, "forks_count": 29, "allow_forking": true, @@ -1376,7 +1376,7 @@ ], "visibility": "public", "forks": 29, - "watchers": 72, + "watchers": 75, "score": 0, "subscribers_count": 3 }, @@ -2180,10 +2180,10 @@ "description": "Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)", "fork": false, "created_at": "2024-07-08T11:27:49Z", - "updated_at": "2025-01-07T21:40:36Z", + "updated_at": "2025-01-08T10:43:24Z", "pushed_at": "2024-08-22T08:50:25Z", - "stargazers_count": 69, - "watchers_count": 69, + "stargazers_count": 71, + "watchers_count": 71, "has_discussions": false, "forks_count": 30, "allow_forking": true, @@ -2192,7 +2192,7 @@ "topics": [], "visibility": "public", "forks": 30, - "watchers": 69, + "watchers": 71, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-9047.json b/2024/CVE-2024-9047.json index e354c713c6..dc17dcb7a5 100644 --- a/2024/CVE-2024-9047.json +++ b/2024/CVE-2024-9047.json @@ -29,5 +29,40 @@ "watchers": 4, "score": 0, "subscribers_count": 2 + }, + { + "id": 913699164, + "name": "CVE-2024-9047", + "full_name": "verylazytech\/CVE-2024-9047", + "owner": { + "login": "verylazytech", + "id": 172168670, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/172168670?v=4", + "html_url": "https:\/\/github.com\/verylazytech", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/verylazytech\/CVE-2024-9047", + "description": "POC - WordPress File Upload plugin, in the wfu_file_downloader.php file before version <= 4.24.11", + "fork": false, + "created_at": "2025-01-08T07:27:16Z", + "updated_at": "2025-01-08T07:58:06Z", + "pushed_at": "2025-01-08T07:36:19Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "cve-2024-9047", + "lfi", + "wordpress-plugin" + ], + "visibility": "public", + "forks": 1, + "watchers": 2, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/README.md b/README.md index aed61183b7..18d29b08f3 100644 --- a/README.md +++ b/README.md @@ -1075,6 +1075,7 @@ - [longhoangth18/CVE-2024-4577](https://github.com/longhoangth18/CVE-2024-4577) - [ahmetramazank/CVE-2024-4577](https://github.com/ahmetramazank/CVE-2024-4577) - [BTtea/CVE-2024-4577-RCE-PoC](https://github.com/BTtea/CVE-2024-4577-RCE-PoC) +- [Dejavu666/CVE-2024-4577](https://github.com/Dejavu666/CVE-2024-4577) ### CVE-2024-4701 (2024-05-10) @@ -1858,6 +1859,7 @@ - [iSee857/CVE-2024-9047-PoC](https://github.com/iSee857/CVE-2024-9047-PoC) +- [verylazytech/CVE-2024-9047](https://github.com/verylazytech/CVE-2024-9047) ### CVE-2024-9061 (2024-10-16) @@ -2403,6 +2405,13 @@ - [TheN00bBuilder/cve-2024-11477-writeup](https://github.com/TheN00bBuilder/cve-2024-11477-writeup) +### CVE-2024-11613 (2025-01-08) + +The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. + + +- [Sachinart/CVE-2024-11613-wp-file-upload](https://github.com/Sachinart/CVE-2024-11613-wp-file-upload) + ### CVE-2024-11616 (2024-12-19) Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue.\nThis issue affects Endpoint DLP version below R119. @@ -4051,6 +4060,13 @@ - [200101WhoAmI/CVE-2024-27088](https://github.com/200101WhoAmI/CVE-2024-27088) +### CVE-2024-27115 (2024-09-11) + +A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02. + + +- [theexploiters/CVE-2024-27115-Exploit](https://github.com/theexploiters/CVE-2024-27115-Exploit) + ### CVE-2024-27130 (2024-05-21) A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.1.7.2770 build 20240520 and later\nQuTS hero h5.1.7.2770 build 20240520 and later @@ -5961,6 +5977,7 @@ - [z3ldr1/PP_CVE-2024-38998](https://github.com/z3ldr1/PP_CVE-2024-38998) +- [cesarbtakeda/PP_CVE-2024-38998](https://github.com/cesarbtakeda/PP_CVE-2024-38998) ### CVE-2024-39031 (2024-07-09) @@ -7474,6 +7491,13 @@ - [RandomRobbieBF/CVE-2024-50510](https://github.com/RandomRobbieBF/CVE-2024-50510) +### CVE-2024-50603 (2025-01-08) + +An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. + + +- [newlinesec/CVE-2024-50603](https://github.com/newlinesec/CVE-2024-50603) + ### CVE-2024-50623 (2024-10-27) In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. @@ -7927,6 +7951,13 @@ - [RandomRobbieBF/CVE-2024-54385](https://github.com/RandomRobbieBF/CVE-2024-54385) +### CVE-2024-54498 (2024-12-11) + +A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox. + + +- [wh1te4ever/CVE-2024-54498-PoC](https://github.com/wh1te4ever/CVE-2024-54498-PoC) + ### CVE-2024-54679 (2024-12-05) CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. @@ -10167,6 +10198,7 @@ - [Rosayxy/Recreate-cve-2023-21768](https://github.com/Rosayxy/Recreate-cve-2023-21768) - [ldrx30/CVE-2023-21768](https://github.com/ldrx30/CVE-2023-21768) - [xboxoneresearch/CVE-2023-21768-dotnet](https://github.com/xboxoneresearch/CVE-2023-21768-dotnet) +- [IlanDudnik/CVE-2023-21768](https://github.com/IlanDudnik/CVE-2023-21768) ### CVE-2023-21823 (2023-02-14) @@ -15880,6 +15912,13 @@ - [horizon3ai/CVE-2023-48788](https://github.com/horizon3ai/CVE-2023-48788) +### CVE-2023-48795 (2023-12-18) + +The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. + + +- [TrixSec/CVE-2023-48795](https://github.com/TrixSec/CVE-2023-48795) + ### CVE-2023-48842 (2023-12-01) D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. @@ -16912,6 +16951,7 @@ - [muhammad1596/CVE-2022-0847-dirty-pipe-checker](https://github.com/muhammad1596/CVE-2022-0847-dirty-pipe-checker) - [muhammad1596/CVE-2022-0847-DirtyPipe-Exploits](https://github.com/muhammad1596/CVE-2022-0847-DirtyPipe-Exploits) - [JustinYe377/CTF-CVE-2022-0847](https://github.com/JustinYe377/CTF-CVE-2022-0847) +- [mithunmadhukuttan/Dirty-Pipe-Exploit](https://github.com/mithunmadhukuttan/Dirty-Pipe-Exploit) ### CVE-2022-0848 (2022-03-04) @@ -47628,6 +47668,7 @@ - [halkichi0308/CVE-2015-9251](https://github.com/halkichi0308/CVE-2015-9251) - [moften/CVE-2015-9251](https://github.com/moften/CVE-2015-9251) +- [hackgiver/CVE-2015-9251](https://github.com/hackgiver/CVE-2015-9251) ### CVE-2015-10034 (2023-01-09)