From 82ffedde3beb610743ec7b22c84c1262492ecd2e Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sun, 22 Jan 2023 03:29:21 +0900 Subject: [PATCH] Auto Update 2023/01/21 18:29:21 --- 2015/CVE-2015-3864.json | 8 ++++---- 2016/CVE-2016-0638.json | 8 ++++---- 2017/CVE-2017-3248.json | 8 ++++---- 2018/CVE-2018-14847.json | 8 ++++---- 2018/CVE-2018-2628.json | 8 ++++---- 2019/CVE-2019-16278.json | 8 ++++---- 2019/CVE-2019-2618.json | 8 ++++---- 2020/CVE-2020-1472.json | 20 ++++++++++---------- 2020/CVE-2020-2551.json | 8 ++++---- 2021/CVE-2021-20294.json | 31 +++++++++++++++++++++++++++++++ 2021/CVE-2021-31166.json | 8 ++++---- 2021/CVE-2021-3156.json | 2 +- 2021/CVE-2021-4034.json | 2 +- 2021/CVE-2021-44228.json | 16 ++++++++-------- 2022/CVE-2022-21661.json | 8 ++++---- 2022/CVE-2022-21907.json | 8 ++++---- 2022/CVE-2022-22963.json | 4 ++-- 2022/CVE-2022-22965.json | 20 ++++++++++---------- 2022/CVE-2022-33679.json | 8 ++++---- 2022/CVE-2022-34718.json | 8 ++++---- 2022/CVE-2022-42864.json | 8 ++++---- 2022/CVE-2022-44877.json | 4 ++-- 2022/CVE-2022-44900.json | 31 +++++++++++++++++++++++++++++++ 2022/CVE-2022-46689.json | 2 +- 2022/CVE-2022-47966.json | 8 ++++---- 2023/CVE-2023-0179.json | 14 +++++++------- 2023/CVE-2023-22809.json | 31 +++++++++++++++++++++++++++++++ README.md | 24 ++++++++++++++++++++++++ 28 files changed, 219 insertions(+), 102 deletions(-) create mode 100644 2021/CVE-2021-20294.json create mode 100644 2022/CVE-2022-44900.json create mode 100644 2023/CVE-2023-22809.json diff --git a/2015/CVE-2015-3864.json b/2015/CVE-2015-3864.json index a456a4feba..efa8188a1c 100644 --- a/2015/CVE-2015-3864.json +++ b/2015/CVE-2015-3864.json @@ -42,10 +42,10 @@ "description": "Python script to generate a malicious MP4 file and start a CherryPy web server hosting a simple HTML page with the embedded file. Exploits another Stagefright vulnerability, the integer overflow (CVE-2015-3864).", "fork": false, "created_at": "2015-12-08T18:27:52Z", - "updated_at": "2022-03-04T05:03:01Z", + "updated_at": "2023-01-21T16:07:47Z", "pushed_at": "2015-12-08T18:35:47Z", - "stargazers_count": 17, - "watchers_count": 17, + "stargazers_count": 18, + "watchers_count": 18, "has_discussions": false, "forks_count": 15, "allow_forking": true, @@ -54,7 +54,7 @@ "topics": [], "visibility": "public", "forks": 15, - "watchers": 17, + "watchers": 18, "score": 0 }, { diff --git a/2016/CVE-2016-0638.json b/2016/CVE-2016-0638.json index 21f4b4b2a2..00d3001fd0 100644 --- a/2016/CVE-2016-0638.json +++ b/2016/CVE-2016-0638.json @@ -13,10 +13,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-01-21T06:26:42Z", + "updated_at": "2023-01-21T16:53:26Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1589, - "watchers_count": 1589, + "stargazers_count": 1590, + "watchers_count": 1590, "has_discussions": false, "forks_count": 317, "allow_forking": true, @@ -46,7 +46,7 @@ ], "visibility": "public", "forks": 317, - "watchers": 1589, + "watchers": 1590, "score": 0 }, { diff --git a/2017/CVE-2017-3248.json b/2017/CVE-2017-3248.json index 0011aef2ff..952e401f05 100644 --- a/2017/CVE-2017-3248.json +++ b/2017/CVE-2017-3248.json @@ -42,10 +42,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-01-21T06:26:42Z", + "updated_at": "2023-01-21T16:53:26Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1589, - "watchers_count": 1589, + "stargazers_count": 1590, + "watchers_count": 1590, "has_discussions": false, "forks_count": 317, "allow_forking": true, @@ -75,7 +75,7 @@ ], "visibility": "public", "forks": 317, - "watchers": 1589, + "watchers": 1590, "score": 0 }, { diff --git a/2018/CVE-2018-14847.json b/2018/CVE-2018-14847.json index 556704225c..9f1f3bcf21 100644 --- a/2018/CVE-2018-14847.json +++ b/2018/CVE-2018-14847.json @@ -13,10 +13,10 @@ "description": "Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)", "fork": false, "created_at": "2018-06-24T05:34:05Z", - "updated_at": "2023-01-17T16:46:51Z", + "updated_at": "2023-01-21T15:44:38Z", "pushed_at": "2020-10-16T12:09:45Z", - "stargazers_count": 479, - "watchers_count": 479, + "stargazers_count": 480, + "watchers_count": 480, "has_discussions": false, "forks_count": 468, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 468, - "watchers": 479, + "watchers": 480, "score": 0 }, { diff --git a/2018/CVE-2018-2628.json b/2018/CVE-2018-2628.json index 566d6ef5ba..b8df77c7d9 100644 --- a/2018/CVE-2018-2628.json +++ b/2018/CVE-2018-2628.json @@ -568,10 +568,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-01-21T06:26:42Z", + "updated_at": "2023-01-21T16:53:26Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1589, - "watchers_count": 1589, + "stargazers_count": 1590, + "watchers_count": 1590, "has_discussions": false, "forks_count": 317, "allow_forking": true, @@ -601,7 +601,7 @@ ], "visibility": "public", "forks": 317, - "watchers": 1589, + "watchers": 1590, "score": 0 }, { diff --git a/2019/CVE-2019-16278.json b/2019/CVE-2019-16278.json index f6c9fa489c..6bef9e69da 100644 --- a/2019/CVE-2019-16278.json +++ b/2019/CVE-2019-16278.json @@ -129,10 +129,10 @@ "description": "A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Simply takes a host and port that the web server is running on. ", "fork": false, "created_at": "2019-11-22T18:35:14Z", - "updated_at": "2022-11-09T18:05:19Z", + "updated_at": "2023-01-21T16:12:32Z", "pushed_at": "2019-11-22T18:57:29Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -141,7 +141,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 6, + "watchers": 7, "score": 0 }, { diff --git a/2019/CVE-2019-2618.json b/2019/CVE-2019-2618.json index 58fddfc861..ac05312620 100644 --- a/2019/CVE-2019-2618.json +++ b/2019/CVE-2019-2618.json @@ -187,10 +187,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-01-21T06:26:42Z", + "updated_at": "2023-01-21T16:53:26Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1589, - "watchers_count": 1589, + "stargazers_count": 1590, + "watchers_count": 1590, "has_discussions": false, "forks_count": 317, "allow_forking": true, @@ -220,7 +220,7 @@ ], "visibility": "public", "forks": 317, - "watchers": 1589, + "watchers": 1590, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index 2b7d48c526..9f9c8e7e58 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -42,10 +42,10 @@ "description": "Test tool for CVE-2020-1472", "fork": false, "created_at": "2020-09-08T08:58:37Z", - "updated_at": "2023-01-18T13:43:58Z", + "updated_at": "2023-01-21T18:16:06Z", "pushed_at": "2021-12-08T10:31:54Z", - "stargazers_count": 1543, - "watchers_count": 1543, + "stargazers_count": 1544, + "watchers_count": 1544, "has_discussions": false, "forks_count": 351, "allow_forking": true, @@ -54,7 +54,7 @@ "topics": [], "visibility": "public", "forks": 351, - "watchers": 1543, + "watchers": 1544, "score": 0 }, { @@ -105,13 +105,13 @@ "stargazers_count": 994, "watchers_count": 994, "has_discussions": false, - "forks_count": 272, + "forks_count": 273, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 272, + "forks": 273, "watchers": 994, "score": 0 }, @@ -165,10 +165,10 @@ "description": "Exploit for zerologon cve-2020-1472", "fork": false, "created_at": "2020-09-14T19:19:07Z", - "updated_at": "2023-01-18T19:48:44Z", + "updated_at": "2023-01-21T17:59:40Z", "pushed_at": "2020-10-15T18:31:15Z", - "stargazers_count": 506, - "watchers_count": 506, + "stargazers_count": 507, + "watchers_count": 507, "has_discussions": false, "forks_count": 138, "allow_forking": true, @@ -177,7 +177,7 @@ "topics": [], "visibility": "public", "forks": 138, - "watchers": 506, + "watchers": 507, "score": 0 }, { diff --git a/2020/CVE-2020-2551.json b/2020/CVE-2020-2551.json index e438071a89..624065d4de 100644 --- a/2020/CVE-2020-2551.json +++ b/2020/CVE-2020-2551.json @@ -13,10 +13,10 @@ "description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2023-01-21T06:26:42Z", + "updated_at": "2023-01-21T16:53:26Z", "pushed_at": "2022-07-17T12:41:46Z", - "stargazers_count": 1589, - "watchers_count": 1589, + "stargazers_count": 1590, + "watchers_count": 1590, "has_discussions": false, "forks_count": 317, "allow_forking": true, @@ -46,7 +46,7 @@ ], "visibility": "public", "forks": 317, - "watchers": 1589, + "watchers": 1590, "score": 0 }, { diff --git a/2021/CVE-2021-20294.json b/2021/CVE-2021-20294.json new file mode 100644 index 0000000000..f05b4e07ac --- /dev/null +++ b/2021/CVE-2021-20294.json @@ -0,0 +1,31 @@ +[ + { + "id": 591711046, + "name": "CVE-2021-20294-POC", + "full_name": "tin-z\/CVE-2021-20294-POC", + "owner": { + "login": "tin-z", + "id": 32848129, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/32848129?v=4", + "html_url": "https:\/\/github.com\/tin-z" + }, + "html_url": "https:\/\/github.com\/tin-z\/CVE-2021-20294-POC", + "description": "Simple CVE-2021-20294 poc", + "fork": false, + "created_at": "2023-01-21T16:15:21Z", + "updated_at": "2023-01-21T16:55:57Z", + "pushed_at": "2023-01-21T16:28:15Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 1, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-31166.json b/2021/CVE-2021-31166.json index fb4251f4b8..c4252ee463 100644 --- a/2021/CVE-2021-31166.json +++ b/2021/CVE-2021-31166.json @@ -330,10 +330,10 @@ "description": "PoC for CVE-2021-31166 and CVE-2022-21907", "fork": false, "created_at": "2022-11-22T09:10:36Z", - "updated_at": "2023-01-07T10:32:31Z", + "updated_at": "2023-01-21T17:00:27Z", "pushed_at": "2022-12-08T11:05:50Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -342,7 +342,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index 3255c639f9..118dc4d4a4 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -1039,7 +1039,7 @@ "description": "Sudo Baron Samedit Exploit", "fork": false, "created_at": "2021-03-15T17:37:02Z", - "updated_at": "2023-01-18T18:18:30Z", + "updated_at": "2023-01-21T17:21:45Z", "pushed_at": "2022-01-13T05:48:01Z", "stargazers_count": 560, "watchers_count": 560, diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index df3944ca2b..7564caa943 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -3867,7 +3867,7 @@ "fork": false, "created_at": "2022-03-16T23:05:53Z", "updated_at": "2022-03-16T23:20:31Z", - "pushed_at": "2022-12-27T12:08:27Z", + "pushed_at": "2023-01-21T18:23:45Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index e0e5dc3cf6..a2a55807f4 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -2042,10 +2042,10 @@ "description": "CVE-2021-44228,log4j2 burp插件 Java版本,dnslog选取了非dnslog.cn域名", "fork": false, "created_at": "2021-12-12T01:24:39Z", - "updated_at": "2022-12-19T05:13:42Z", + "updated_at": "2023-01-21T17:34:17Z", "pushed_at": "2021-12-11T10:39:41Z", - "stargazers_count": 22, - "watchers_count": 22, + "stargazers_count": 23, + "watchers_count": 23, "has_discussions": false, "forks_count": 43, "allow_forking": true, @@ -2054,7 +2054,7 @@ "topics": [], "visibility": "public", "forks": 43, - "watchers": 22, + "watchers": 23, "score": 0 }, { @@ -3614,10 +3614,10 @@ "description": "A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 ", "fork": false, "created_at": "2021-12-13T03:57:50Z", - "updated_at": "2023-01-21T09:56:55Z", + "updated_at": "2023-01-21T14:10:33Z", "pushed_at": "2022-11-23T18:23:24Z", - "stargazers_count": 3170, - "watchers_count": 3170, + "stargazers_count": 3171, + "watchers_count": 3171, "has_discussions": true, "forks_count": 743, "allow_forking": true, @@ -3626,7 +3626,7 @@ "topics": [], "visibility": "public", "forks": 743, - "watchers": 3170, + "watchers": 3171, "score": 0 }, { diff --git a/2022/CVE-2022-21661.json b/2022/CVE-2022-21661.json index 98c878f840..da45675ac3 100644 --- a/2022/CVE-2022-21661.json +++ b/2022/CVE-2022-21661.json @@ -187,10 +187,10 @@ "description": "The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' \/ CVE-2022-21661) ", "fork": false, "created_at": "2022-11-06T20:44:10Z", - "updated_at": "2023-01-16T17:28:44Z", + "updated_at": "2023-01-21T18:26:18Z", "pushed_at": "2022-11-23T21:09:11Z", - "stargazers_count": 86, - "watchers_count": 86, + "stargazers_count": 85, + "watchers_count": 85, "has_discussions": false, "forks_count": 17, "allow_forking": true, @@ -205,7 +205,7 @@ ], "visibility": "public", "forks": 17, - "watchers": 86, + "watchers": 85, "score": 0 }, { diff --git a/2022/CVE-2022-21907.json b/2022/CVE-2022-21907.json index da687dde6b..52b5c9bfa0 100644 --- a/2022/CVE-2022-21907.json +++ b/2022/CVE-2022-21907.json @@ -377,10 +377,10 @@ "description": "PoC for CVE-2021-31166 and CVE-2022-21907", "fork": false, "created_at": "2022-11-22T09:10:36Z", - "updated_at": "2023-01-07T10:32:31Z", + "updated_at": "2023-01-21T17:00:27Z", "pushed_at": "2022-12-08T11:05:50Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -389,7 +389,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-22963.json b/2022/CVE-2022-22963.json index 30ed3738b7..d04b838231 100644 --- a/2022/CVE-2022-22963.json +++ b/2022/CVE-2022-22963.json @@ -18,7 +18,7 @@ "stargazers_count": 341, "watchers_count": 341, "has_discussions": false, - "forks_count": 84, + "forks_count": 85, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -34,7 +34,7 @@ "spring-cloud-function" ], "visibility": "public", - "forks": 84, + "forks": 85, "watchers": 341, "score": 0 }, diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index 71a3f06392..bf79433a0f 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -90,7 +90,7 @@ "stargazers_count": 120, "watchers_count": 120, "has_discussions": false, - "forks_count": 84, + "forks_count": 85, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -107,7 +107,7 @@ "working-example" ], "visibility": "public", - "forks": 84, + "forks": 85, "watchers": 120, "score": 0 }, @@ -130,13 +130,13 @@ "stargazers_count": 276, "watchers_count": 276, "has_discussions": false, - "forks_count": 217, + "forks_count": 218, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 217, + "forks": 218, "watchers": 276, "score": 0 }, @@ -1434,19 +1434,19 @@ "description": "CVE-2022-22965写入冰蝎webshell脚本", "fork": false, "created_at": "2022-04-07T03:50:14Z", - "updated_at": "2023-01-18T11:33:21Z", + "updated_at": "2023-01-21T15:18:22Z", "pushed_at": "2022-05-10T03:54:23Z", - "stargazers_count": 59, - "watchers_count": 59, + "stargazers_count": 60, + "watchers_count": 60, "has_discussions": false, - "forks_count": 20, + "forks_count": 21, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 20, - "watchers": 59, + "forks": 21, + "watchers": 60, "score": 0 }, { diff --git a/2022/CVE-2022-33679.json b/2022/CVE-2022-33679.json index 2577a93a5d..7c16c6d6b3 100644 --- a/2022/CVE-2022-33679.json +++ b/2022/CVE-2022-33679.json @@ -13,10 +13,10 @@ "description": "One day based on https:\/\/googleprojectzero.blogspot.com\/2022\/10\/rc4-is-still-considered-harmful.html", "fork": false, "created_at": "2022-11-02T18:38:01Z", - "updated_at": "2023-01-17T16:18:45Z", + "updated_at": "2023-01-21T18:26:58Z", "pushed_at": "2022-12-13T15:26:57Z", - "stargazers_count": 357, - "watchers_count": 357, + "stargazers_count": 356, + "watchers_count": 356, "has_discussions": false, "forks_count": 65, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 65, - "watchers": 357, + "watchers": 356, "score": 0 }, { diff --git a/2022/CVE-2022-34718.json b/2022/CVE-2022-34718.json index 6a1ec60b4a..570fe63d7c 100644 --- a/2022/CVE-2022-34718.json +++ b/2022/CVE-2022-34718.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2022-10-03T11:39:25Z", - "updated_at": "2023-01-12T10:35:51Z", + "updated_at": "2023-01-21T17:50:11Z", "pushed_at": "2022-10-10T08:57:29Z", - "stargazers_count": 40, - "watchers_count": 40, + "stargazers_count": 41, + "watchers_count": 41, "has_discussions": false, "forks_count": 15, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 15, - "watchers": 40, + "watchers": 41, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-42864.json b/2022/CVE-2022-42864.json index fac19816d6..e69829caa9 100644 --- a/2022/CVE-2022-42864.json +++ b/2022/CVE-2022-42864.json @@ -13,10 +13,10 @@ "description": "Proof-of-concept for the CVE-2022-42864 IOHIDFamily race condition", "fork": false, "created_at": "2023-01-19T20:36:49Z", - "updated_at": "2023-01-21T08:36:35Z", + "updated_at": "2023-01-21T17:37:18Z", "pushed_at": "2023-01-20T17:58:39Z", - "stargazers_count": 15, - "watchers_count": 15, + "stargazers_count": 16, + "watchers_count": 16, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 15, + "watchers": 16, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-44877.json b/2022/CVE-2022-44877.json index 0db4f6c19e..1c07ba8bd8 100644 --- a/2022/CVE-2022-44877.json +++ b/2022/CVE-2022-44877.json @@ -18,13 +18,13 @@ "stargazers_count": 91, "watchers_count": 91, "has_discussions": false, - "forks_count": 19, + "forks_count": 20, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 19, + "forks": 20, "watchers": 91, "score": 0 }, diff --git a/2022/CVE-2022-44900.json b/2022/CVE-2022-44900.json new file mode 100644 index 0000000000..f200392b51 --- /dev/null +++ b/2022/CVE-2022-44900.json @@ -0,0 +1,31 @@ +[ + { + "id": 591689085, + "name": "CVE-2022-44900-demo-lab", + "full_name": "0xless\/CVE-2022-44900-demo-lab", + "owner": { + "login": "0xless", + "id": 78535423, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/78535423?v=4", + "html_url": "https:\/\/github.com\/0xless" + }, + "html_url": "https:\/\/github.com\/0xless\/CVE-2022-44900-demo-lab", + "description": "Demo webapp vulnerable to CVE-2022-44900", + "fork": false, + "created_at": "2023-01-21T14:52:59Z", + "updated_at": "2023-01-21T14:53:53Z", + "pushed_at": "2023-01-21T15:17:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-46689.json b/2022/CVE-2022-46689.json index 7994e97cf6..6596f23766 100644 --- a/2022/CVE-2022-46689.json +++ b/2022/CVE-2022-46689.json @@ -221,7 +221,7 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2023-01-05T21:50:25Z", - "updated_at": "2023-01-21T12:17:20Z", + "updated_at": "2023-01-21T17:20:43Z", "pushed_at": "2023-01-21T07:09:05Z", "stargazers_count": 107, "watchers_count": 107, diff --git a/2022/CVE-2022-47966.json b/2022/CVE-2022-47966.json index ee38198514..a8a033956b 100644 --- a/2022/CVE-2022-47966.json +++ b/2022/CVE-2022-47966.json @@ -13,10 +13,10 @@ "description": "POC for CVE-2022-47966 affecting multiple ManageEngine products", "fork": false, "created_at": "2023-01-17T21:26:28Z", - "updated_at": "2023-01-21T09:54:44Z", + "updated_at": "2023-01-21T18:15:49Z", "pushed_at": "2023-01-19T13:10:07Z", - "stargazers_count": 55, - "watchers_count": 55, + "stargazers_count": 57, + "watchers_count": 57, "has_discussions": false, "forks_count": 16, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 16, - "watchers": 55, + "watchers": 57, "score": 0 }, { diff --git a/2023/CVE-2023-0179.json b/2023/CVE-2023-0179.json index 1836152071..90deaec297 100644 --- a/2023/CVE-2023-0179.json +++ b/2023/CVE-2023-0179.json @@ -13,19 +13,19 @@ "description": null, "fork": false, "created_at": "2023-01-21T01:02:01Z", - "updated_at": "2023-01-21T11:10:05Z", - "pushed_at": "2023-01-21T01:09:11Z", - "stargazers_count": 7, - "watchers_count": 7, + "updated_at": "2023-01-21T18:09:48Z", + "pushed_at": "2023-01-21T14:23:42Z", + "stargazers_count": 10, + "watchers_count": 10, "has_discussions": false, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, - "watchers": 7, + "forks": 2, + "watchers": 10, "score": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-22809.json b/2023/CVE-2023-22809.json new file mode 100644 index 0000000000..d63ef9d459 --- /dev/null +++ b/2023/CVE-2023-22809.json @@ -0,0 +1,31 @@ +[ + { + "id": 591696201, + "name": "CVE-2023-22809-sudoedit-privesc", + "full_name": "n3m1dotsys\/CVE-2023-22809-sudoedit-privesc", + "owner": { + "login": "n3m1dotsys", + "id": 30940342, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30940342?v=4", + "html_url": "https:\/\/github.com\/n3m1dotsys" + }, + "html_url": "https:\/\/github.com\/n3m1dotsys\/CVE-2023-22809-sudoedit-privesc", + "description": "A script to automate privilege escalation with CVE-2023-22809 vulnerability", + "fork": false, + "created_at": "2023-01-21T15:19:23Z", + "updated_at": "2023-01-21T15:52:37Z", + "pushed_at": "2023-01-21T15:25:38Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/README.md b/README.md index 6e7d2b0726..dbfae15c12 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,14 @@ Windows Backup Service Elevation of Privilege Vulnerability. - [Wh04m1001/CVE-2023-21752](https://github.com/Wh04m1001/CVE-2023-21752) +### CVE-2023-22809 (2023-01-18) + + +In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. + + +- [n3m1dotsys/CVE-2023-22809-sudoedit-privesc](https://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc) + ### CVE-2023-23161 - [rahulpatwari/CVE-2023-23161](https://github.com/rahulpatwari/CVE-2023-23161) @@ -5086,6 +5094,14 @@ login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9. - [numanturle/CVE-2022-44877](https://github.com/numanturle/CVE-2022-44877) - [komomon/CVE-2022-44877-RCE](https://github.com/komomon/CVE-2022-44877-RCE) +### CVE-2022-44900 (2022-12-06) + + +A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. + + +- [0xless/CVE-2022-44900-demo-lab](https://github.com/0xless/CVE-2022-44900-demo-lab) + ### CVE-2022-45025 (2022-12-06) @@ -6694,6 +6710,14 @@ A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the me - [pauljrowland/BootHoleFix](https://github.com/pauljrowland/BootHoleFix) +### CVE-2021-20294 (2021-04-29) + + +A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. + + +- [tin-z/CVE-2021-20294-POC](https://github.com/tin-z/CVE-2021-20294-POC) + ### CVE-2021-20323 (2022-03-25)