From a52ad632ad0aa68754e607e912058c2a4660a68b Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Tue, 13 Dec 2022 15:20:01 +0900 Subject: [PATCH] Auto Update 2022/12/13 06:20:01 --- 2007/CVE-2007-4559.json | 2 +- 2017/CVE-2017-0199.json | 8 +- 2018/CVE-2018-2894.json | 8 +- 2018/CVE-2018-8611.json | 8 +- 2019/CVE-2019-11358.json | 4 +- 2019/CVE-2019-11510.json | 37 +- 2019/CVE-2019-19781.json | 29 + 2019/CVE-2019-5544.json | 4 +- 2019/CVE-2019-7609.json | 4 +- 2020/CVE-2020-0796.json | 8 +- 2020/CVE-2020-11890.json | 4 +- 2020/CVE-2020-12116.json | 8 +- 2020/CVE-2020-3992.json | 4 +- 2020/CVE-2020-5902.json | 58 +- 2021/CVE-2021-1732.json | 8 +- 2021/CVE-2021-3129.json | 4 +- 2021/CVE-2021-3156.json | 8 +- 2021/CVE-2021-4034.json | 4 +- 2021/CVE-2021-44228.json | 8 +- 2022/CVE-2022-37042.json | 29 + 2022/CVE-2022-40674.json | 10 +- 2022/CVE-2022-42889.json | 24 +- 2022/CVE-2022-44721.json | 8 +- 2022/CVE-2022-45025.json | 12 +- 2022/CVE-2022-46169.json | 31 + README.md | 2031 ++++++-------------------------------- 26 files changed, 526 insertions(+), 1837 deletions(-) create mode 100644 2022/CVE-2022-46169.json diff --git a/2007/CVE-2007-4559.json b/2007/CVE-2007-4559.json index 79ff87d221..05e37da574 100644 --- a/2007/CVE-2007-4559.json +++ b/2007/CVE-2007-4559.json @@ -43,7 +43,7 @@ "fork": false, "created_at": "2022-10-21T06:38:41Z", "updated_at": "2022-12-11T20:33:31Z", - "pushed_at": "2022-12-11T21:58:36Z", + "pushed_at": "2022-12-13T01:05:45Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2017/CVE-2017-0199.json b/2017/CVE-2017-0199.json index 51196cf6f2..04349c9f82 100644 --- a/2017/CVE-2017-0199.json +++ b/2017/CVE-2017-0199.json @@ -71,10 +71,10 @@ "description": "Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF\/PPSX file and deliver metasploit \/ meterpreter \/ other payload to victim without any complex configuration.", "fork": false, "created_at": "2017-04-17T08:10:07Z", - "updated_at": "2022-12-09T21:38:45Z", + "updated_at": "2022-12-13T02:45:29Z", "pushed_at": "2017-11-19T11:01:16Z", - "stargazers_count": 694, - "watchers_count": 694, + "stargazers_count": 695, + "watchers_count": 695, "has_discussions": false, "forks_count": 287, "allow_forking": true, @@ -83,7 +83,7 @@ "topics": [], "visibility": "public", "forks": 287, - "watchers": 694, + "watchers": 695, "score": 0 }, { diff --git a/2018/CVE-2018-2894.json b/2018/CVE-2018-2894.json index 412dbcc1c8..a295c2f978 100644 --- a/2018/CVE-2018-2894.json +++ b/2018/CVE-2018-2894.json @@ -100,10 +100,10 @@ "description": "Ladon Scanner For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability \/ exploit \/ detection \/ MS17010\/SmbGhost\/CVE-2020-0796\/CVE-2018-2894", "fork": false, "created_at": "2019-11-19T16:51:39Z", - "updated_at": "2022-10-19T10:03:07Z", + "updated_at": "2022-12-13T04:50:32Z", "pushed_at": "2020-12-08T15:39:24Z", - "stargazers_count": 43, - "watchers_count": 43, + "stargazers_count": 44, + "watchers_count": 44, "has_discussions": false, "forks_count": 19, "allow_forking": true, @@ -112,7 +112,7 @@ "topics": [], "visibility": "public", "forks": 19, - "watchers": 43, + "watchers": 44, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-8611.json b/2018/CVE-2018-8611.json index a5044c801b..2fca057a63 100644 --- a/2018/CVE-2018-8611.json +++ b/2018/CVE-2018-8611.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2021-04-27T12:00:24Z", - "updated_at": "2022-11-23T02:28:47Z", + "updated_at": "2022-12-13T05:56:21Z", "pushed_at": "2021-04-30T02:27:52Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 6, + "watchers_count": 6, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 7, + "watchers": 6, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-11358.json b/2019/CVE-2019-11358.json index 2b116a6e46..06b1b0fd0d 100644 --- a/2019/CVE-2019-11358.json +++ b/2019/CVE-2019-11358.json @@ -84,13 +84,13 @@ "stargazers_count": 43, "watchers_count": 43, "has_discussions": false, - "forks_count": 31, + "forks_count": 32, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 31, + "forks": 32, "watchers": 43, "score": 0 }, diff --git a/2019/CVE-2019-11510.json b/2019/CVE-2019-11510.json index e2a4f9ebf8..7f394d4218 100644 --- a/2019/CVE-2019-11510.json +++ b/2019/CVE-2019-11510.json @@ -254,10 +254,10 @@ "description": "Automated script for Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API. You must have a Shodan account to use this script.", "fork": false, "created_at": "2019-12-07T17:09:24Z", - "updated_at": "2022-09-01T00:06:29Z", + "updated_at": "2022-12-13T05:28:49Z", "pushed_at": "2020-04-25T05:06:45Z", - "stargazers_count": 8, - "watchers_count": 8, + "stargazers_count": 9, + "watchers_count": 9, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -273,7 +273,7 @@ ], "visibility": "public", "forks": 4, - "watchers": 8, + "watchers": 9, "score": 0 }, { @@ -362,5 +362,34 @@ "forks": 1, "watchers": 1, "score": 0 + }, + { + "id": 577600604, + "name": "CVE-2019-11510", + "full_name": "trhacknon\/CVE-2019-11510", + "owner": { + "login": "trhacknon", + "id": 98242014, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/98242014?v=4", + "html_url": "https:\/\/github.com\/trhacknon" + }, + "html_url": "https:\/\/github.com\/trhacknon\/CVE-2019-11510", + "description": null, + "fork": false, + "created_at": "2022-12-13T05:09:42Z", + "updated_at": "2022-12-13T05:32:09Z", + "pushed_at": "2022-12-13T05:12:21Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-19781.json b/2019/CVE-2019-19781.json index 5f9f69407e..f47864c2e5 100644 --- a/2019/CVE-2019-19781.json +++ b/2019/CVE-2019-19781.json @@ -1435,5 +1435,34 @@ "forks": 0, "watchers": 2, "score": 0 + }, + { + "id": 577607477, + "name": "CVE-2019-19781", + "full_name": "trhacknon\/CVE-2019-19781", + "owner": { + "login": "trhacknon", + "id": 98242014, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/98242014?v=4", + "html_url": "https:\/\/github.com\/trhacknon" + }, + "html_url": "https:\/\/github.com\/trhacknon\/CVE-2019-19781", + "description": null, + "fork": false, + "created_at": "2022-12-13T05:38:14Z", + "updated_at": "2022-12-13T05:40:37Z", + "pushed_at": "2022-12-13T05:41:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-5544.json b/2019/CVE-2019-5544.json index 209abb3dec..30f2ea20de 100644 --- a/2019/CVE-2019-5544.json +++ b/2019/CVE-2019-5544.json @@ -53,13 +53,13 @@ "stargazers_count": 45, "watchers_count": 45, "has_discussions": false, - "forks_count": 18, + "forks_count": 19, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 18, + "forks": 19, "watchers": 45, "score": 0 } diff --git a/2019/CVE-2019-7609.json b/2019/CVE-2019-7609.json index 40a0b0f5bf..18e5182c8c 100644 --- a/2019/CVE-2019-7609.json +++ b/2019/CVE-2019-7609.json @@ -79,7 +79,7 @@ "stargazers_count": 138, "watchers_count": 138, "has_discussions": false, - "forks_count": 63, + "forks_count": 62, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -89,7 +89,7 @@ "rce" ], "visibility": "public", - "forks": 63, + "forks": 62, "watchers": 138, "score": 0 }, diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index 19772ac4c3..7a0d16dd9c 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -13,10 +13,10 @@ "description": "Ladon Scanner For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability \/ exploit \/ detection \/ MS17010\/SmbGhost\/CVE-2020-0796\/CVE-2018-2894", "fork": false, "created_at": "2019-11-19T16:51:39Z", - "updated_at": "2022-10-19T10:03:07Z", + "updated_at": "2022-12-13T04:50:32Z", "pushed_at": "2020-12-08T15:39:24Z", - "stargazers_count": 43, - "watchers_count": 43, + "stargazers_count": 44, + "watchers_count": 44, "has_discussions": false, "forks_count": 19, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 19, - "watchers": 43, + "watchers": 44, "score": 0 }, { diff --git a/2020/CVE-2020-11890.json b/2020/CVE-2020-11890.json index fcf1e7a61b..11abc365ed 100644 --- a/2020/CVE-2020-11890.json +++ b/2020/CVE-2020-11890.json @@ -18,13 +18,13 @@ "stargazers_count": 62, "watchers_count": 62, "has_discussions": false, - "forks_count": 13, + "forks_count": 14, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 13, + "forks": 14, "watchers": 62, "score": 0 } diff --git a/2020/CVE-2020-12116.json b/2020/CVE-2020-12116.json index 165c2514e6..4a3791ebc5 100644 --- a/2020/CVE-2020-12116.json +++ b/2020/CVE-2020-12116.json @@ -13,10 +13,10 @@ "description": "Proof of concept code to exploit CVE-2020-12116: Unauthenticated arbitrary file read on ManageEngine OpManger.", "fork": false, "created_at": "2020-05-08T15:56:26Z", - "updated_at": "2022-11-09T18:07:39Z", + "updated_at": "2022-12-13T02:01:21Z", "pushed_at": "2020-05-08T17:10:48Z", - "stargazers_count": 27, - "watchers_count": 27, + "stargazers_count": 28, + "watchers_count": 28, "has_discussions": false, "forks_count": 15, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 15, - "watchers": 27, + "watchers": 28, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-3992.json b/2020/CVE-2020-3992.json index 209abb3dec..30f2ea20de 100644 --- a/2020/CVE-2020-3992.json +++ b/2020/CVE-2020-3992.json @@ -53,13 +53,13 @@ "stargazers_count": 45, "watchers_count": 45, "has_discussions": false, - "forks_count": 18, + "forks_count": 19, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 18, + "forks": 19, "watchers": 45, "score": 0 } diff --git a/2020/CVE-2020-5902.json b/2020/CVE-2020-5902.json index 8100bc285b..5a5261fa41 100644 --- a/2020/CVE-2020-5902.json +++ b/2020/CVE-2020-5902.json @@ -244,35 +244,6 @@ "watchers": 1, "score": 0 }, - { - "id": 277626606, - "name": "F5-Patch", - "full_name": "GoodiesHQ\/F5-Patch", - "owner": { - "login": "GoodiesHQ", - "id": 4576046, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4576046?v=4", - "html_url": "https:\/\/github.com\/GoodiesHQ" - }, - "html_url": "https:\/\/github.com\/GoodiesHQ\/F5-Patch", - "description": "Patch F5 appliance CVE-2020-5902", - "fork": false, - "created_at": "2020-07-06T19:07:33Z", - "updated_at": "2020-07-06T19:07:34Z", - "pushed_at": "2020-07-06T19:07:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - }, { "id": 277692329, "name": "CVE-2020-5902", @@ -1306,5 +1277,34 @@ "forks": 1, "watchers": 0, "score": 0 + }, + { + "id": 577594257, + "name": "CVE-2020-5902-Scanner", + "full_name": "trhacknon\/CVE-2020-5902-Scanner", + "owner": { + "login": "trhacknon", + "id": 98242014, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/98242014?v=4", + "html_url": "https:\/\/github.com\/trhacknon" + }, + "html_url": "https:\/\/github.com\/trhacknon\/CVE-2020-5902-Scanner", + "description": null, + "fork": false, + "created_at": "2022-12-13T04:42:11Z", + "updated_at": "2022-12-13T04:42:26Z", + "pushed_at": "2022-12-13T05:30:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-1732.json b/2021/CVE-2021-1732.json index b6912a8bcd..2f2056fb8c 100644 --- a/2021/CVE-2021-1732.json +++ b/2021/CVE-2021-1732.json @@ -13,10 +13,10 @@ "description": "CVE-2021-1732 Exploit", "fork": false, "created_at": "2021-03-05T02:11:10Z", - "updated_at": "2022-11-22T14:31:37Z", + "updated_at": "2022-12-13T05:56:18Z", "pushed_at": "2021-03-05T03:10:26Z", - "stargazers_count": 392, - "watchers_count": 392, + "stargazers_count": 391, + "watchers_count": 391, "has_discussions": false, "forks_count": 121, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 121, - "watchers": 392, + "watchers": 391, "score": 0 }, { diff --git a/2021/CVE-2021-3129.json b/2021/CVE-2021-3129.json index 959124abdf..b24046e24f 100644 --- a/2021/CVE-2021-3129.json +++ b/2021/CVE-2021-3129.json @@ -18,13 +18,13 @@ "stargazers_count": 228, "watchers_count": 228, "has_discussions": false, - "forks_count": 67, + "forks_count": 68, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 67, + "forks": 68, "watchers": 228, "score": 0 }, diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index bec0ae6f15..569ab3a8bf 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -455,10 +455,10 @@ "description": null, "fork": false, "created_at": "2021-01-30T20:39:58Z", - "updated_at": "2022-12-06T17:50:06Z", + "updated_at": "2022-12-13T05:59:07Z", "pushed_at": "2021-02-02T17:07:09Z", - "stargazers_count": 846, - "watchers_count": 846, + "stargazers_count": 845, + "watchers_count": 845, "has_discussions": false, "forks_count": 239, "allow_forking": true, @@ -467,7 +467,7 @@ "topics": [], "visibility": "public", "forks": 239, - "watchers": 846, + "watchers": 845, "score": 0 }, { diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index abfad7dd72..76137d5325 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -1924,13 +1924,13 @@ "stargazers_count": 324, "watchers_count": 324, "has_discussions": false, - "forks_count": 39, + "forks_count": 40, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 39, + "forks": 40, "watchers": 324, "score": 0 }, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index ac03d2412b..2b0c1c838e 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -1049,10 +1049,10 @@ "description": "A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 ", "fork": false, "created_at": "2021-12-13T03:57:50Z", - "updated_at": "2022-12-12T06:47:10Z", + "updated_at": "2022-12-13T02:02:54Z", "pushed_at": "2022-11-23T18:23:24Z", - "stargazers_count": 3142, - "watchers_count": 3142, + "stargazers_count": 3141, + "watchers_count": 3141, "has_discussions": true, "forks_count": 734, "allow_forking": true, @@ -1061,7 +1061,7 @@ "topics": [], "visibility": "public", "forks": 734, - "watchers": 3142, + "watchers": 3141, "score": 0 }, { diff --git a/2022/CVE-2022-37042.json b/2022/CVE-2022-37042.json index 377edf8b13..bbc45be0d2 100644 --- a/2022/CVE-2022-37042.json +++ b/2022/CVE-2022-37042.json @@ -56,5 +56,34 @@ "forks": 9, "watchers": 16, "score": 0 + }, + { + "id": 556684444, + "name": "CVE-2022-37042", + "full_name": "0xf4n9x\/CVE-2022-37042", + "owner": { + "login": "0xf4n9x", + "id": 40891670, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40891670?v=4", + "html_url": "https:\/\/github.com\/0xf4n9x" + }, + "html_url": "https:\/\/github.com\/0xf4n9x\/CVE-2022-37042", + "description": "CVE-2022-37042 Zimbra Auth Bypass leads to RCE", + "fork": false, + "created_at": "2022-10-24T10:10:45Z", + "updated_at": "2022-12-13T05:33:58Z", + "pushed_at": "2022-12-09T02:45:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-40674.json b/2022/CVE-2022-40674.json index a642268ff0..71812d4231 100644 --- a/2022/CVE-2022-40674.json +++ b/2022/CVE-2022-40674.json @@ -1,20 +1,20 @@ [ { "id": 554169656, - "name": "-expat_2.1.0_CVE-2022-40674", - "full_name": "nidhi7598\/-expat_2.1.0_CVE-2022-40674", + "name": "expat_2.1.0_CVE-2022-40674", + "full_name": "nidhi7598\/expat_2.1.0_CVE-2022-40674", "owner": { "login": "nidhi7598", "id": 106973537, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/106973537?v=4", "html_url": "https:\/\/github.com\/nidhi7598" }, - "html_url": "https:\/\/github.com\/nidhi7598\/-expat_2.1.0_CVE-2022-40674", + "html_url": "https:\/\/github.com\/nidhi7598\/expat_2.1.0_CVE-2022-40674", "description": null, "fork": false, "created_at": "2022-10-19T11:15:29Z", - "updated_at": "2022-10-19T11:15:29Z", - "pushed_at": "2022-10-19T11:15:29Z", + "updated_at": "2022-12-13T05:56:49Z", + "pushed_at": "2022-12-13T05:57:17Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2022/CVE-2022-42889.json b/2022/CVE-2022-42889.json index e165d2ac70..74f77f649c 100644 --- a/2022/CVE-2022-42889.json +++ b/2022/CVE-2022-42889.json @@ -580,10 +580,10 @@ "description": "CVE-2022-42889 Text4Shell Exploit POC", "fork": false, "created_at": "2022-10-22T10:30:41Z", - "updated_at": "2022-10-22T10:31:54Z", + "updated_at": "2022-12-13T04:44:38Z", "pushed_at": "2022-10-22T10:31:50Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -592,7 +592,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0 }, { @@ -609,10 +609,10 @@ "description": "A simple dockerize application that shows how to exploit the CVE-2022-42889 vulnerability.", "fork": false, "created_at": "2022-10-23T05:48:48Z", - "updated_at": "2022-10-24T05:21:27Z", + "updated_at": "2022-12-13T04:50:35Z", "pushed_at": "2022-10-23T06:23:03Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -621,7 +621,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 4, + "watchers": 5, "score": 0 }, { @@ -831,10 +831,10 @@ "description": "Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability) ", "fork": false, "created_at": "2022-11-04T19:26:23Z", - "updated_at": "2022-12-09T20:14:16Z", + "updated_at": "2022-12-13T04:53:44Z", "pushed_at": "2022-11-21T10:17:03Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -843,7 +843,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 7, + "watchers": 8, "score": 0 }, { diff --git a/2022/CVE-2022-44721.json b/2022/CVE-2022-44721.json index b26480d842..980a785f58 100644 --- a/2022/CVE-2022-44721.json +++ b/2022/CVE-2022-44721.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2022-12-03T11:04:17Z", - "updated_at": "2022-12-12T14:00:34Z", + "updated_at": "2022-12-13T02:25:37Z", "pushed_at": "2022-12-02T14:38:27Z", - "stargazers_count": 9, - "watchers_count": 9, + "stargazers_count": 10, + "watchers_count": 10, "has_discussions": false, "forks_count": 13, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 13, - "watchers": 9, + "watchers": 10, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-45025.json b/2022/CVE-2022-45025.json index c9348d202d..208a032997 100644 --- a/2022/CVE-2022-45025.json +++ b/2022/CVE-2022-45025.json @@ -13,12 +13,12 @@ "description": "[PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)", "fork": false, "created_at": "2022-12-09T22:48:38Z", - "updated_at": "2022-12-12T22:22:17Z", + "updated_at": "2022-12-13T02:16:18Z", "pushed_at": "2022-12-11T13:37:22Z", - "stargazers_count": 61, - "watchers_count": 61, + "stargazers_count": 63, + "watchers_count": 63, "has_discussions": false, - "forks_count": 11, + "forks_count": 12, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -30,8 +30,8 @@ "rce" ], "visibility": "public", - "forks": 11, - "watchers": 61, + "forks": 12, + "watchers": 63, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-46169.json b/2022/CVE-2022-46169.json new file mode 100644 index 0000000000..bd349be307 --- /dev/null +++ b/2022/CVE-2022-46169.json @@ -0,0 +1,31 @@ +[ + { + "id": 575651169, + "name": "CVE-2022-46169", + "full_name": "0xf4n9x\/CVE-2022-46169", + "owner": { + "login": "0xf4n9x", + "id": 40891670, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40891670?v=4", + "html_url": "https:\/\/github.com\/0xf4n9x" + }, + "html_url": "https:\/\/github.com\/0xf4n9x\/CVE-2022-46169", + "description": "CVE-2022-46169 Cacti remote_agent.php Unauthenticated Command Injection.", + "fork": false, + "created_at": "2022-12-08T01:52:13Z", + "updated_at": "2022-12-13T06:16:32Z", + "pushed_at": "2022-12-08T02:50:46Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/README.md b/README.md index 95616df8a1..798c4bd515 100644 --- a/README.md +++ b/README.md @@ -4053,6 +4053,7 @@ Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality tha - [GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925](https://github.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925) - [aels/CVE-2022-37042](https://github.com/aels/CVE-2022-37042) +- [0xf4n9x/CVE-2022-37042](https://github.com/0xf4n9x/CVE-2022-37042) ### CVE-2022-37153 (2022-08-24) @@ -4361,7 +4362,7 @@ Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacke libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. -- [nidhi7598/-expat_2.1.0_CVE-2022-40674](https://github.com/nidhi7598/-expat_2.1.0_CVE-2022-40674) +- [nidhi7598/expat_2.1.0_CVE-2022-40674](https://github.com/nidhi7598/expat_2.1.0_CVE-2022-40674) ### CVE-2022-40684 (2022-10-18) @@ -4729,6 +4730,14 @@ CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows - [nicbrinkley/CVE-2022-45472](https://github.com/nicbrinkley/CVE-2022-45472) +### CVE-2022-46169 (2022-12-05) + + +Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch. + + +- [0xf4n9x/CVE-2022-46169](https://github.com/0xf4n9x/CVE-2022-46169) + ## 2021 ### CVE-2021-0302 (2021-02-10) @@ -5348,74 +5357,34 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - [somatrasss/weblogic2021](https://github.com/somatrasss/weblogic2021) -### CVE-2021-2021 (2021-01-20) - - -Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). - - +### CVE-2021-2021 - [TheCryingGame/CVE-2021-2021good](https://github.com/TheCryingGame/CVE-2021-2021good) -### CVE-2021-2109 (2021-01-20) - - -Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). - - +### CVE-2021-2109 - [Al1ex/CVE-2021-2109](https://github.com/Al1ex/CVE-2021-2109) - [rabbitsafe/CVE-2021-2109](https://github.com/rabbitsafe/CVE-2021-2109) - [yuaneuro/CVE-2021-2109_poc](https://github.com/yuaneuro/CVE-2021-2109_poc) - [coco0x0a/CVE-2021-2109](https://github.com/coco0x0a/CVE-2021-2109) - [Vulnmachines/oracle-weblogic-CVE-2021-2109](https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109) -### CVE-2021-2119 (2021-01-20) - - -Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). - - +### CVE-2021-2119 - [Sauercloud/RWCTF21-VirtualBox-61-escape](https://github.com/Sauercloud/RWCTF21-VirtualBox-61-escape) - [chatbottesisgmailh/Sauercloude](https://github.com/chatbottesisgmailh/Sauercloude) - [shi10587s/Sauercloude](https://github.com/shi10587s/Sauercloude) -### CVE-2021-2173 (2021-04-22) - - -Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). - - +### CVE-2021-2173 - [emad-almousa/CVE-2021-2173](https://github.com/emad-almousa/CVE-2021-2173) -### CVE-2021-2175 (2021-04-22) - - -Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). - - +### CVE-2021-2175 - [emad-almousa/CVE-2021-2175](https://github.com/emad-almousa/CVE-2021-2175) -### CVE-2021-2456 (2021-07-20) - - -Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). - - +### CVE-2021-2456 - [peterjson31337/CVE-2021-2456](https://github.com/peterjson31337/CVE-2021-2456) -### CVE-2021-3007 (2021-01-03) - - -** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized. - - +### CVE-2021-3007 - [Vulnmachines/ZF3_CVE-2021-3007](https://github.com/Vulnmachines/ZF3_CVE-2021-3007) -### CVE-2021-3019 (2021-01-04) - - -ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. - - +### CVE-2021-3019 - [B1anda0/CVE-2021-3019](https://github.com/B1anda0/CVE-2021-3019) - [0xf4n9x/CVE-2021-3019](https://github.com/0xf4n9x/CVE-2021-3019) - [Maksim-venus/CVE-2021-3019](https://github.com/Maksim-venus/CVE-2021-3019) @@ -5423,28 +5392,13 @@ ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties - [Aoyuh/cve-2021-3019](https://github.com/Aoyuh/cve-2021-3019) - [givemefivw/CVE-2021-3019](https://github.com/givemefivw/CVE-2021-3019) -### CVE-2021-3060 (2021-11-10) - - -An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue. - - +### CVE-2021-3060 - [timb-machine-mirrors/cve-2021-3060.py](https://github.com/timb-machine-mirrors/cve-2021-3060.py) -### CVE-2021-3122 (2021-02-07) - - -CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration." - - +### CVE-2021-3122 - [acquiredsecurity/CVE-2021-3122-Details](https://github.com/acquiredsecurity/CVE-2021-3122-Details) -### CVE-2021-3129 (2021-01-12) - - -Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. - - +### CVE-2021-3129 - [ambionics/laravel-exploits](https://github.com/ambionics/laravel-exploits) - [SNCKER/CVE-2021-3129](https://github.com/SNCKER/CVE-2021-3129) - [SecPros-Team/laravel-CVE-2021-3129-EXP](https://github.com/SecPros-Team/laravel-CVE-2021-3129-EXP) @@ -5461,36 +5415,16 @@ Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic - [0nion1/CVE-2021-3129](https://github.com/0nion1/CVE-2021-3129) - [MadExploits/Laravel-debug-Checker](https://github.com/MadExploits/Laravel-debug-Checker) -### CVE-2021-3130 (2021-01-20) - - -Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. - - +### CVE-2021-3130 - [jet-pentest/CVE-2021-3130](https://github.com/jet-pentest/CVE-2021-3130) -### CVE-2021-3131 (2021-01-13) - - -The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter. - - +### CVE-2021-3131 - [jet-pentest/CVE-2021-3131](https://github.com/jet-pentest/CVE-2021-3131) -### CVE-2021-3138 (2021-01-13) - - -In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. - - +### CVE-2021-3138 - [Mesh3l911/CVE-2021-3138](https://github.com/Mesh3l911/CVE-2021-3138) -### CVE-2021-3156 (2021-01-26) - - -Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. - - +### CVE-2021-3156 - [mr-r3b00t/CVE-2021-3156](https://github.com/mr-r3b00t/CVE-2021-3156) - [nexcess/sudo_cve-2021-3156](https://github.com/nexcess/sudo_cve-2021-3156) - [reverse-ex/CVE-2021-3156](https://github.com/reverse-ex/CVE-2021-3156) @@ -5552,143 +5486,58 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based ### CVE-2021-3157 - [CrackerCat/cve-2021-3157](https://github.com/CrackerCat/cve-2021-3157) -### CVE-2021-3164 (2021-01-21) - - -ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php. - - +### CVE-2021-3164 - [rmccarth/cve-2021-3164](https://github.com/rmccarth/cve-2021-3164) -### CVE-2021-3165 (2021-01-26) - - -SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI. - - +### CVE-2021-3165 - [orionhridoy/CVE-2021-3165](https://github.com/orionhridoy/CVE-2021-3165) -### CVE-2021-3166 (2021-01-17) - - -An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services. - - +### CVE-2021-3166 - [kaisersource/CVE-2021-3166](https://github.com/kaisersource/CVE-2021-3166) -### CVE-2021-3229 (2021-02-05) - - -Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. - - +### CVE-2021-3229 - [fullbbadda1208/CVE-2021-3229](https://github.com/fullbbadda1208/CVE-2021-3229) -### CVE-2021-3279 (2021-07-19) - - -sz.chat version 4 allows injection of web scripts and HTML in the message box. - - +### CVE-2021-3279 - [rafaelchriss/CVE-2021-3279](https://github.com/rafaelchriss/CVE-2021-3279) -### CVE-2021-3291 (2021-01-26) - - -Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. - - +### CVE-2021-3291 - [ImHades101/CVE-2021-3291](https://github.com/ImHades101/CVE-2021-3291) -### CVE-2021-3310 (2021-03-09) - - -Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files). - - +### CVE-2021-3310 - [piffd0s/CVE-2021-3310](https://github.com/piffd0s/CVE-2021-3310) -### CVE-2021-3317 (2021-01-26) - - -KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter. - - +### CVE-2021-3317 - [Al1ex/CVE-2021-3317](https://github.com/Al1ex/CVE-2021-3317) -### CVE-2021-3345 (2021-01-29) - - -_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. - - +### CVE-2021-3345 - [MLGRadish/CVE-2021-3345](https://github.com/MLGRadish/CVE-2021-3345) -### CVE-2021-3347 (2021-01-29) - - -An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. - - +### CVE-2021-3347 - [nanopathi/linux-4.19.72_CVE-2021-3347](https://github.com/nanopathi/linux-4.19.72_CVE-2021-3347) ### CVE-2021-3360 - [tcbutler320/CVE-2021-3360](https://github.com/tcbutler320/CVE-2021-3360) -### CVE-2021-3378 (2021-02-01) - - -FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. - - +### CVE-2021-3378 - [erberkan/fortilogger_arbitrary_fileupload](https://github.com/erberkan/fortilogger_arbitrary_fileupload) -### CVE-2021-3395 (2021-02-02) - - -A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment. - - +### CVE-2021-3395 - [jet-pentest/CVE-2021-3395](https://github.com/jet-pentest/CVE-2021-3395) -### CVE-2021-3441 (2021-10-29) - - -A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). - - +### CVE-2021-3441 - [tcbutler320/CVE-2021-3441-check](https://github.com/tcbutler320/CVE-2021-3441-check) -### CVE-2021-3449 (2021-03-25) - - -An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). - - +### CVE-2021-3449 - [terorie/cve-2021-3449](https://github.com/terorie/cve-2021-3449) -### CVE-2021-3490 (2021-06-03) - - -The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1). - - +### CVE-2021-3490 - [chompie1337/Linux_LPE_eBPF_CVE-2021-3490](https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490) -### CVE-2021-3492 (2021-04-17) - - -Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. - - +### CVE-2021-3492 - [synacktiv/CVE-2021-3492](https://github.com/synacktiv/CVE-2021-3492) -### CVE-2021-3493 (2021-04-17) - - -The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. - - +### CVE-2021-3493 - [briskets/CVE-2021-3493](https://github.com/briskets/CVE-2021-3493) - [oneoy/CVE-2021-3493](https://github.com/oneoy/CVE-2021-3493) - [Abdennour-py/CVE-2021-3493](https://github.com/Abdennour-py/CVE-2021-3493) @@ -5696,12 +5545,7 @@ The overlayfs implementation in the linux kernel did not properly validate with - [Ishan3011/CVE-2021-3493](https://github.com/Ishan3011/CVE-2021-3493) - [fei9747/CVE-2021-3493](https://github.com/fei9747/CVE-2021-3493) -### CVE-2021-3560 (2022-02-16) - - -It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - - +### CVE-2021-3560 - [aancw/polkit-auto-exploit](https://github.com/aancw/polkit-auto-exploit) - [swapravo/polkadots](https://github.com/swapravo/polkadots) - [hakivvi/CVE-2021-3560](https://github.com/hakivvi/CVE-2021-3560) @@ -5718,63 +5562,28 @@ It was found that polkit could be tricked into bypassing the credential checks f - [WinMin/CVE-2021-3560](https://github.com/WinMin/CVE-2021-3560) - [UNICORDev/exploit-CVE-2021-3560](https://github.com/UNICORDev/exploit-CVE-2021-3560) -### CVE-2021-3572 (2021-11-10) - - -A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. - - +### CVE-2021-3572 - [frenzymadness/CVE-2021-3572](https://github.com/frenzymadness/CVE-2021-3572) -### CVE-2021-3707 (2021-08-16) - - -D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. - - +### CVE-2021-3707 - [HadiMed/DSL-2750U-Full-chain](https://github.com/HadiMed/DSL-2750U-Full-chain) -### CVE-2021-3749 (2021-08-31) - - -axios is vulnerable to Inefficient Regular Expression Complexity - - +### CVE-2021-3749 - [T-Guerrero/axios-redos](https://github.com/T-Guerrero/axios-redos) -### CVE-2021-3864 (2022-08-26) - - -A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. - - +### CVE-2021-3864 - [walac/cve-2021-3864](https://github.com/walac/cve-2021-3864) ### CVE-2021-3899 - [liumuqing/CVE-2021-3899_PoC](https://github.com/liumuqing/CVE-2021-3899_PoC) -### CVE-2021-3929 (2022-08-25) - - -A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. - - +### CVE-2021-3929 - [QiuhaoLi/CVE-2021-3929-3947](https://github.com/QiuhaoLi/CVE-2021-3929-3947) -### CVE-2021-3972 (2022-04-22) - - -A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. - - +### CVE-2021-3972 - [killvxk/CVE-2021-3972](https://github.com/killvxk/CVE-2021-3972) -### CVE-2021-4034 (2022-01-28) - - -A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. - - +### CVE-2021-4034 - [ryaagard/CVE-2021-4034](https://github.com/ryaagard/CVE-2021-4034) - [lourkeur/cve-2021-4034-playground](https://github.com/lourkeur/cve-2021-4034-playground) - [berdav/CVE-2021-4034](https://github.com/berdav/CVE-2021-4034) @@ -5927,45 +5736,20 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - [jehovah2002/CVE-2021-4034-pwnkit](https://github.com/jehovah2002/CVE-2021-4034-pwnkit) - [fei9747/CVE-2021-4034](https://github.com/fei9747/CVE-2021-4034) -### CVE-2021-4043 (2022-02-04) - - -NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. - - +### CVE-2021-4043 - [cyberark/PwnKit-Hunter](https://github.com/cyberark/PwnKit-Hunter) -### CVE-2021-4045 (2022-03-07) - - -TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. - - +### CVE-2021-4045 - [hacefresko/CVE-2021-4045-PoC](https://github.com/hacefresko/CVE-2021-4045-PoC) - [1x019/CVE-2021-4045](https://github.com/1x019/CVE-2021-4045) -### CVE-2021-4104 (2021-12-14) - - -JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. - - +### CVE-2021-4104 - [open-AIMS/log4j](https://github.com/open-AIMS/log4j) -### CVE-2021-4154 (2022-02-04) - - -A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. - - +### CVE-2021-4154 - [Markakd/CVE-2021-4154](https://github.com/Markakd/CVE-2021-4154) -### CVE-2021-4204 (2022-08-24) - - -An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. - - +### CVE-2021-4204 - [tr3ee/CVE-2021-4204](https://github.com/tr3ee/CVE-2021-4204) ### CVE-2021-4428 @@ -7097,33 +6881,18 @@ Windows NTFS Denial of Service Vulnerability - [shubham0d/CVE-2021-28312](https://github.com/shubham0d/CVE-2021-28312) -### CVE-2021-28476 (2021-05-11) - - -Hyper-V Remote Code Execution Vulnerability - - +### CVE-2021-28476 - [0vercl0k/CVE-2021-28476](https://github.com/0vercl0k/CVE-2021-28476) - [bluefrostsecurity/CVE-2021-28476](https://github.com/bluefrostsecurity/CVE-2021-28476) - [australeo/CVE-2021-28476](https://github.com/australeo/CVE-2021-28476) - [2273852279qqs/0vercl0k](https://github.com/2273852279qqs/0vercl0k) - [dengyang123x/0vercl0k](https://github.com/dengyang123x/0vercl0k) -### CVE-2021-28480 (2021-04-13) - - -Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. - - +### CVE-2021-28480 - [ZephrFish/CVE-2021-28480_HoneyPoC3](https://github.com/ZephrFish/CVE-2021-28480_HoneyPoC3) - [Threonic/CVE-2021-28480](https://github.com/Threonic/CVE-2021-28480) -### CVE-2021-28482 (2021-04-13) - - -Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. - - +### CVE-2021-28482 - [Shadow0ps/CVE-2021-28482-Exchange-POC](https://github.com/Shadow0ps/CVE-2021-28482-Exchange-POC) - [KevinWorst/CVE-2021-28482_Exploit](https://github.com/KevinWorst/CVE-2021-28482_Exploit) - [timb-machine-mirrors/CVE-2021-28482](https://github.com/timb-machine-mirrors/CVE-2021-28482) @@ -7131,81 +6900,36 @@ Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is uni ### CVE-2021-28750 - [PfalzPrince/CVE-2021-28750-site](https://github.com/PfalzPrince/CVE-2021-28750-site) -### CVE-2021-29155 (2021-04-20) - - -An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. - - +### CVE-2021-29155 - [benschlueter/CVE-2021-29155](https://github.com/benschlueter/CVE-2021-29155) -### CVE-2021-29156 (2021-03-25) - - -ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. - - +### CVE-2021-29156 - [guidepointsecurity/CVE-2021-29156](https://github.com/guidepointsecurity/CVE-2021-29156) - [5amu/CVE-2021-29156](https://github.com/5amu/CVE-2021-29156) -### CVE-2021-29200 (2021-04-27) - - -Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack - - +### CVE-2021-29200 - [freeide/CVE-2021-29200](https://github.com/freeide/CVE-2021-29200) -### CVE-2021-29267 (2021-03-29) - - -Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature. - - +### CVE-2021-29267 - [Security-AVS/CVE-2021-29267](https://github.com/Security-AVS/CVE-2021-29267) -### CVE-2021-29337 (2021-06-21) - - -MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory. - - +### CVE-2021-29337 - [rjt-gupta/CVE-2021-29337](https://github.com/rjt-gupta/CVE-2021-29337) -### CVE-2021-29349 (2021-03-31) - - -Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. - - +### CVE-2021-29349 - [0xBaz/CVE-2021-29349](https://github.com/0xBaz/CVE-2021-29349) - [Vulnmachines/CVE-2021-29349](https://github.com/Vulnmachines/CVE-2021-29349) ### CVE-2021-29386 - [Umarovm/PowerSchool-Grade-Stealer](https://github.com/Umarovm/PowerSchool-Grade-Stealer) -### CVE-2021-29440 (2021-04-13) - - -Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11. - - +### CVE-2021-29440 - [CsEnox/CVE-2021-29440](https://github.com/CsEnox/CVE-2021-29440) -### CVE-2021-29441 (2021-04-27) - - -Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server. - - +### CVE-2021-29441 - [bysinks/CVE-2021-29441](https://github.com/bysinks/CVE-2021-29441) -### CVE-2021-29447 (2021-04-15) - - -Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. - - +### CVE-2021-29447 - [motikan2010/CVE-2021-29447](https://github.com/motikan2010/CVE-2021-29447) - [Vulnmachines/wordpress_cve-2021-29447](https://github.com/Vulnmachines/wordpress_cve-2021-29447) - [dnr6419/CVE-2021-29447](https://github.com/dnr6419/CVE-2021-29447) @@ -7217,159 +6941,64 @@ Wordpress is an open source CMS. A user with the ability to upload files (like a - [thomas-osgood/CVE-2021-29447](https://github.com/thomas-osgood/CVE-2021-29447) - [Abdulazizalsewedy/CVE-2021-29447](https://github.com/Abdulazizalsewedy/CVE-2021-29447) -### CVE-2021-29505 (2021-05-28) - - -XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17. - - +### CVE-2021-29505 - [MyBlackManba/CVE-2021-29505](https://github.com/MyBlackManba/CVE-2021-29505) -### CVE-2021-29627 (2021-04-07) - - -In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. - - +### CVE-2021-29627 - [raymontag/cve-2021-29627](https://github.com/raymontag/cve-2021-29627) -### CVE-2021-30005 (2021-05-11) - - -In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. - - +### CVE-2021-30005 - [atorralba/CVE-2021-30005-POC](https://github.com/atorralba/CVE-2021-30005-POC) -### CVE-2021-30109 (2021-04-05) - - -Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. - - +### CVE-2021-30109 - [Hackdwerg/CVE-2021-30109](https://github.com/Hackdwerg/CVE-2021-30109) -### CVE-2021-30128 (2021-04-27) - - -Apache OFBiz has unsafe deserialization prior to 17.12.07 version - - +### CVE-2021-30128 - [LioTree/CVE-2021-30128-EXP](https://github.com/LioTree/CVE-2021-30128-EXP) - [backlion/CVE-2021-30128](https://github.com/backlion/CVE-2021-30128) -### CVE-2021-30146 (2021-04-06) - - -Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." - - +### CVE-2021-30146 - [Security-AVS/CVE-2021-30146](https://github.com/Security-AVS/CVE-2021-30146) -### CVE-2021-30149 (2021-04-06) - - -Composr 10.0.36 allows upload and execution of PHP files. - - +### CVE-2021-30149 - [orionhridoy/CVE-2021-30149](https://github.com/orionhridoy/CVE-2021-30149) -### CVE-2021-30150 (2021-04-06) - - -Composr 10.0.36 allows XSS in an XML script. - - +### CVE-2021-30150 - [orionhridoy/CVE-2021-30150](https://github.com/orionhridoy/CVE-2021-30150) -### CVE-2021-30190 (2021-05-25) - - -CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. - - +### CVE-2021-30190 - [CyberTitus/Follina](https://github.com/CyberTitus/Follina) -### CVE-2021-30461 (2021-05-29) - - -A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php. - - +### CVE-2021-30461 - [daedalus/CVE-2021-30461](https://github.com/daedalus/CVE-2021-30461) - [Vulnmachines/CVE-2021-30461](https://github.com/Vulnmachines/CVE-2021-30461) - [Al1ex/CVE-2021-30461](https://github.com/Al1ex/CVE-2021-30461) -### CVE-2021-30481 (2021-04-10) - - -Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. - - +### CVE-2021-30481 - [floesen/CVE-2021-30481](https://github.com/floesen/CVE-2021-30481) -### CVE-2021-30682 (2021-09-08) - - -A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. - - +### CVE-2021-30682 - [threatnix/csp-playground](https://github.com/threatnix/csp-playground) -### CVE-2021-30731 (2021-09-08) - - -This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices. - - +### CVE-2021-30731 - [osy/WebcamViewer](https://github.com/osy/WebcamViewer) -### CVE-2021-30807 (2021-10-19) - - -A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. - - +### CVE-2021-30807 - [30440r/gex](https://github.com/30440r/gex) -### CVE-2021-30853 (2021-08-24) - - -This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6. A malicious application may bypass Gatekeeper checks. - - +### CVE-2021-30853 - [shubham0d/CVE-2021-30853](https://github.com/shubham0d/CVE-2021-30853) -### CVE-2021-30858 (2021-08-24) - - -A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. - - +### CVE-2021-30858 - [FitTerminator/PS4-CVE-202130858](https://github.com/FitTerminator/PS4-CVE-202130858) -### CVE-2021-30860 (2021-08-24) - - -An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. - - +### CVE-2021-30860 - [jeffssh/CVE-2021-30860](https://github.com/jeffssh/CVE-2021-30860) -### CVE-2021-30937 (2021-08-24) - - -A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges. - - +### CVE-2021-30937 - [realrodri/ExploiteameEsta](https://github.com/realrodri/ExploiteameEsta) -### CVE-2021-30955 (2021-08-24) - - -A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. - - +### CVE-2021-30955 - [timb-machine-mirrors/CVE-2021-30955](https://github.com/timb-machine-mirrors/CVE-2021-30955) - [nickorlow/CVE-2021-30955-POC](https://github.com/nickorlow/CVE-2021-30955-POC) - [verygenericname/CVE-2021-30955-POC-IPA](https://github.com/verygenericname/CVE-2021-30955-POC-IPA) @@ -7378,28 +7007,13 @@ A race condition was addressed with improved state handling. This issue is fixed - [Dylbin/desc_race](https://github.com/Dylbin/desc_race) - [GeoSn0w/Pentagram-exploit-tester](https://github.com/GeoSn0w/Pentagram-exploit-tester) -### CVE-2021-30956 (2021-08-24) - - -A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information. - - +### CVE-2021-30956 - [fordsham/CVE-2021-30956](https://github.com/fordsham/CVE-2021-30956) -### CVE-2021-31159 (2021-06-16) - - -Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. - - +### CVE-2021-31159 - [ricardojoserf/CVE-2021-31159](https://github.com/ricardojoserf/CVE-2021-31159) -### CVE-2021-31166 (2021-05-11) - - -HTTP Protocol Stack Remote Code Execution Vulnerability - - +### CVE-2021-31166 - [0vercl0k/CVE-2021-31166](https://github.com/0vercl0k/CVE-2021-31166) - [zha0gongz1/CVE-2021-31166](https://github.com/zha0gongz1/CVE-2021-31166) - [mvlnetdev/CVE-2021-31166-detection-rules](https://github.com/mvlnetdev/CVE-2021-31166-detection-rules) @@ -7410,87 +7024,37 @@ HTTP Protocol Stack Remote Code Execution Vulnerability - [mauricelambert/CVE-2021-31166](https://github.com/mauricelambert/CVE-2021-31166) - [0xmaximus/Home-Demolisher](https://github.com/0xmaximus/Home-Demolisher) -### CVE-2021-31184 (2021-05-11) - - -Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability - - +### CVE-2021-31184 - [waleedassar/CVE-2021-31184](https://github.com/waleedassar/CVE-2021-31184) -### CVE-2021-31702 (2021-05-29) - - -Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS. - - +### CVE-2021-31702 - [l00neyhacker/CVE-2021-31702](https://github.com/l00neyhacker/CVE-2021-31702) -### CVE-2021-31703 (2021-05-29) - - -Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user. - - +### CVE-2021-31703 - [l00neyhacker/CVE-2021-31703](https://github.com/l00neyhacker/CVE-2021-31703) -### CVE-2021-31728 (2021-05-17) - - -Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook with IOCTL 0x80002044 and execute the executable memory using this hook with IOCTL 0x80002014 or 0x80002018, this exposes ring 0 code execution in the context of the driver allowing the non-privileged process to elevate privileges. - - +### CVE-2021-31728 - [irql0/CVE-2021-31728](https://github.com/irql0/CVE-2021-31728) -### CVE-2021-31760 (2021-04-25) - - -Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. - - +### CVE-2021-31760 - [Mesh3l911/CVE-2021-31760](https://github.com/Mesh3l911/CVE-2021-31760) - [electronicbots/CVE-2021-31760](https://github.com/electronicbots/CVE-2021-31760) -### CVE-2021-31761 (2021-04-25) - - -Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. - - +### CVE-2021-31761 - [Mesh3l911/CVE-2021-31761](https://github.com/Mesh3l911/CVE-2021-31761) - [electronicbots/CVE-2021-31761](https://github.com/electronicbots/CVE-2021-31761) -### CVE-2021-31762 (2021-04-25) - - -Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. - - +### CVE-2021-31762 - [Mesh3l911/CVE-2021-31762](https://github.com/Mesh3l911/CVE-2021-31762) - [electronicbots/CVE-2021-31762](https://github.com/electronicbots/CVE-2021-31762) -### CVE-2021-31796 (2021-09-01) - - -An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. - - +### CVE-2021-31796 - [unmanarc/CACredDecoder](https://github.com/unmanarc/CACredDecoder) -### CVE-2021-31800 (2021-05-05) - - -Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. - - +### CVE-2021-31800 - [Louzogh/CVE-2021-31800](https://github.com/Louzogh/CVE-2021-31800) -### CVE-2021-31805 (2022-04-12) - - -The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. - - +### CVE-2021-31805 - [YanMu2020/s2-062](https://github.com/YanMu2020/s2-062) - [Wrin9/CVE-2021-31805](https://github.com/Wrin9/CVE-2021-31805) - [Axx8/Struts2_S2-062_CVE-2021-31805](https://github.com/Axx8/Struts2_S2-062_CVE-2021-31805) @@ -7499,788 +7063,328 @@ The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to - [fleabane1/CVE-2021-31805-POC](https://github.com/fleabane1/CVE-2021-31805-POC) - [z92g/CVE-2021-31805](https://github.com/z92g/CVE-2021-31805) -### CVE-2021-31856 (2021-04-28) - - -A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go). - - +### CVE-2021-31856 - [ssst0n3/CVE-2021-31856](https://github.com/ssst0n3/CVE-2021-31856) -### CVE-2021-31955 (2021-06-08) - - -Windows Kernel Information Disclosure Vulnerability - - +### CVE-2021-31955 - [freeide/CVE-2021-31955-POC](https://github.com/freeide/CVE-2021-31955-POC) -### CVE-2021-31956 (2021-06-08) - - -Windows NTFS Elevation of Privilege Vulnerability - - +### CVE-2021-31956 - [aazhuliang/CVE-2021-31956-EXP](https://github.com/aazhuliang/CVE-2021-31956-EXP) - [Y3A/CVE-2021-31956](https://github.com/Y3A/CVE-2021-31956) -### CVE-2021-32099 (2021-05-06) - - -A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. - - +### CVE-2021-32099 - [zjicmDarkWing/CVE-2021-32099](https://github.com/zjicmDarkWing/CVE-2021-32099) - [ibnuuby/CVE-2021-32099](https://github.com/ibnuuby/CVE-2021-32099) - [l3eol3eo/CVE-2021-32099_SQLi](https://github.com/l3eol3eo/CVE-2021-32099_SQLi) - [akr3ch/CVE-2021-32099](https://github.com/akr3ch/CVE-2021-32099) -### CVE-2021-32156 (2022-04-11) - - -A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. - - +### CVE-2021-32156 - [Mesh3l911/CVE-2021-32156](https://github.com/Mesh3l911/CVE-2021-32156) -### CVE-2021-32157 (2022-04-11) - - -A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. - - +### CVE-2021-32157 - [Mesh3l911/CVE-2021-32157](https://github.com/Mesh3l911/CVE-2021-32157) - [dnr6419/CVE-2021-32157](https://github.com/dnr6419/CVE-2021-32157) -### CVE-2021-32158 (2022-04-11) - - -A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. - - +### CVE-2021-32158 - [Mesh3l911/CVE-2021-32158](https://github.com/Mesh3l911/CVE-2021-32158) -### CVE-2021-32159 (2022-04-11) - - -A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. - - +### CVE-2021-32159 - [Mesh3l911/CVE-2021-32159](https://github.com/Mesh3l911/CVE-2021-32159) -### CVE-2021-32160 (2022-04-11) - - -A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. - - +### CVE-2021-32160 - [Mesh3l911/CVE-2021-32160](https://github.com/Mesh3l911/CVE-2021-32160) -### CVE-2021-32161 (2022-04-11) - - -A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. - - +### CVE-2021-32161 - [Mesh3l911/CVE-2021-32161](https://github.com/Mesh3l911/CVE-2021-32161) -### CVE-2021-32162 (2022-04-11) - - -A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. - - +### CVE-2021-32162 - [Mesh3l911/CVE-2021-32162](https://github.com/Mesh3l911/CVE-2021-32162) -### CVE-2021-32399 (2021-05-10) - - -net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. - - +### CVE-2021-32399 - [nanopathi/linux-4.19.72_CVE-2021-32399](https://github.com/nanopathi/linux-4.19.72_CVE-2021-32399) -### CVE-2021-32471 (2021-05-10) - - -Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications." - - +### CVE-2021-32471 - [intrinsic-propensity/turing-machine](https://github.com/intrinsic-propensity/turing-machine) -### CVE-2021-32537 (2021-07-07) - - -Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. - - +### CVE-2021-32537 - [0vercl0k/CVE-2021-32537](https://github.com/0vercl0k/CVE-2021-32537) -### CVE-2021-32648 (2021-08-26) - - -octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. - - +### CVE-2021-32648 - [Immersive-Labs-Sec/CVE-2021-32648](https://github.com/Immersive-Labs-Sec/CVE-2021-32648) - [daftspunk/CVE-2021-32648](https://github.com/daftspunk/CVE-2021-32648) -### CVE-2021-32819 (2021-05-14) - - -Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023. - - +### CVE-2021-32819 - [Abady0x1/CVE-2021-32819](https://github.com/Abady0x1/CVE-2021-32819) -### CVE-2021-32849 (2022-01-26) - - -Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds. - - +### CVE-2021-32849 - [lowkey0808/cve-2021-32849](https://github.com/lowkey0808/cve-2021-32849) -### CVE-2021-33034 (2021-05-14) - - -In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. - - +### CVE-2021-33034 - [Trinadh465/device_renesas_kernel_AOSP10_r33_CVE-2021-33034](https://github.com/Trinadh465/device_renesas_kernel_AOSP10_r33_CVE-2021-33034) -### CVE-2021-33044 (2021-09-15) - - -The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. - - +### CVE-2021-33044 - [dorkerdevil/CVE-2021-33044](https://github.com/dorkerdevil/CVE-2021-33044) - [Alonzozzz/alonzzzo](https://github.com/Alonzozzz/alonzzzo) -### CVE-2021-33558 (2021-05-27) - - -** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa. - - +### CVE-2021-33558 - [mdanzaruddin/CVE-2021-33558.](https://github.com/mdanzaruddin/CVE-2021-33558.) - [anldori/CVE-2021-33558](https://github.com/anldori/CVE-2021-33558) -### CVE-2021-33564 (2021-05-29) - - -An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility. - - +### CVE-2021-33564 - [mlr0p/CVE-2021-33564](https://github.com/mlr0p/CVE-2021-33564) - [dorkerdevil/CVE-2021-33564](https://github.com/dorkerdevil/CVE-2021-33564) -### CVE-2021-33624 (2021-06-23) - - -In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. - - +### CVE-2021-33624 - [benschlueter/CVE-2021-33624](https://github.com/benschlueter/CVE-2021-33624) -### CVE-2021-33739 (2021-06-08) - - -Microsoft DWM Core Library Elevation of Privilege Vulnerability - - +### CVE-2021-33739 - [freeide2017/CVE-2021-33739-POC](https://github.com/freeide2017/CVE-2021-33739-POC) - [giwon9977/CVE-2021-33739_PoC_Analysis](https://github.com/giwon9977/CVE-2021-33739_PoC_Analysis) -### CVE-2021-33879 (2021-06-06) - - -Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine. - - +### CVE-2021-33879 - [mmiszczyk/cve-2021-33879](https://github.com/mmiszczyk/cve-2021-33879) -### CVE-2021-34473 (2021-07-14) - - -Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. - - +### CVE-2021-34473 - [cyberheartmi9/Proxyshell-Scanner](https://github.com/cyberheartmi9/Proxyshell-Scanner) - [jrgdiaz/ProxyShell-CVE-2021-34473.py](https://github.com/jrgdiaz/ProxyShell-CVE-2021-34473.py) - [kh4sh3i/ProxyShell](https://github.com/kh4sh3i/ProxyShell) - [ipsBruno/CVE-2021-34473-NMAP-SCANNER](https://github.com/ipsBruno/CVE-2021-34473-NMAP-SCANNER) -### CVE-2021-34527 (2021-07-02) - - -Windows Print Spooler Remote Code Execution Vulnerability - - +### CVE-2021-34527 - [byt3bl33d3r/ItWasAllADream](https://github.com/byt3bl33d3r/ItWasAllADream) - [cyb3rpeace/CVE-2021-34527](https://github.com/cyb3rpeace/CVE-2021-34527) - [m8sec/CVE-2021-34527](https://github.com/m8sec/CVE-2021-34527) - [hackerhouse-opensource/cve-2021-34527](https://github.com/hackerhouse-opensource/cve-2021-34527) -### CVE-2021-34600 (2022-01-20) - - -Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation. - - +### CVE-2021-34600 - [x41sec/CVE-2021-34600](https://github.com/x41sec/CVE-2021-34600) -### CVE-2021-35042 (2021-07-02) - - -Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. - - +### CVE-2021-35042 - [r4vi/CVE-2021-35042](https://github.com/r4vi/CVE-2021-35042) - [n3utr1n00/CVE-2021-35042](https://github.com/n3utr1n00/CVE-2021-35042) -### CVE-2021-35064 (2021-07-12) - - -KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. - - +### CVE-2021-35064 - [Chocapikk/CVE-2021-35064](https://github.com/Chocapikk/CVE-2021-35064) - [trhacknon/CVE-2021-35064](https://github.com/trhacknon/CVE-2021-35064) -### CVE-2021-35211 (2021-07-14) - - -Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability. - - +### CVE-2021-35211 - [BishopFox/CVE-2021-35211](https://github.com/BishopFox/CVE-2021-35211) -### CVE-2021-35296 (2021-10-04) - - -An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. - - +### CVE-2021-35296 - [afaq1337/CVE-2021-35296](https://github.com/afaq1337/CVE-2021-35296) -### CVE-2021-35448 (2021-06-24) - - -Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections. - - +### CVE-2021-35448 - [deathflash1411/CVE-2021-35448](https://github.com/deathflash1411/CVE-2021-35448) -### CVE-2021-35475 (2021-06-25) - - -SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. - - +### CVE-2021-35475 - [saitamang/CVE-2021-35475](https://github.com/saitamang/CVE-2021-35475) -### CVE-2021-35576 (2021-10-20) - - -Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). - - +### CVE-2021-35576 - [emad-almousa/CVE-2021-35576](https://github.com/emad-almousa/CVE-2021-35576) -### CVE-2021-35587 (2022-01-19) - - -Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). - - +### CVE-2021-35587 - [antx-code/CVE-2021-35587](https://github.com/antx-code/CVE-2021-35587) ### CVE-2021-35975 - [trump88/CVE-2021-35975](https://github.com/trump88/CVE-2021-35975) -### CVE-2021-36260 (2021-09-22) - - -A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. - - +### CVE-2021-36260 - [rabbitsafe/CVE-2021-36260](https://github.com/rabbitsafe/CVE-2021-36260) - [tuntin9x/CheckHKRCE](https://github.com/tuntin9x/CheckHKRCE) - [Cuerz/CVE-2021-36260](https://github.com/Cuerz/CVE-2021-36260) -### CVE-2021-36460 (2022-04-25) - - -VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless. - - +### CVE-2021-36460 - [martinfrancois/CVE-2021-36460](https://github.com/martinfrancois/CVE-2021-36460) -### CVE-2021-36563 (2021-07-26) - - -The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session. - - +### CVE-2021-36563 - [Edgarloyola/CVE-2021-36563](https://github.com/Edgarloyola/CVE-2021-36563) -### CVE-2021-36749 (2021-09-24) - - -In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. - - +### CVE-2021-36749 - [Sma11New/PocList](https://github.com/Sma11New/PocList) - [dorkerdevil/CVE-2021-36749](https://github.com/dorkerdevil/CVE-2021-36749) - [hanch7274/CVE-2021-36749](https://github.com/hanch7274/CVE-2021-36749) -### CVE-2021-36798 (2021-08-09) - - -A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it. - - +### CVE-2021-36798 - [hariomenkel/CobaltSploit](https://github.com/hariomenkel/CobaltSploit) -### CVE-2021-36799 (2021-07-19) - - -** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. - - +### CVE-2021-36799 - [robertguetzkow/ets5-password-recovery](https://github.com/robertguetzkow/ets5-password-recovery) -### CVE-2021-36934 (2021-07-22) - - -Windows Elevation of Privilege Vulnerability - - +### CVE-2021-36934 - [HuskyHacks/ShadowSteal](https://github.com/HuskyHacks/ShadowSteal) - [WiredPulse/Invoke-HiveNightmare](https://github.com/WiredPulse/Invoke-HiveNightmare) -### CVE-2021-36955 (2021-09-15) - - -Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633. - - +### CVE-2021-36955 - [JiaJinRong12138/CVE-2021-36955-EXP](https://github.com/JiaJinRong12138/CVE-2021-36955-EXP) -### CVE-2021-37740 (2022-04-20) - - -A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until the device is rebooted, via a SESSION_REQUEST frame with a modified total length field. - - +### CVE-2021-37740 - [robertguetzkow/CVE-2021-37740](https://github.com/robertguetzkow/CVE-2021-37740) -### CVE-2021-37910 (2021-11-11) - - -ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. - - +### CVE-2021-37910 - [efchatz/easy-exploits](https://github.com/efchatz/easy-exploits) -### CVE-2021-38163 (2021-09-14) - - -SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. - - +### CVE-2021-38163 - [core1impact/CVE-2021-38163](https://github.com/core1impact/CVE-2021-38163) -### CVE-2021-38314 (2021-09-02) - - -The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. - - +### CVE-2021-38314 - [twseptian/cve-2021-38314](https://github.com/twseptian/cve-2021-38314) - [c0ff33b34n/CVE-2021-38314](https://github.com/c0ff33b34n/CVE-2021-38314) - [akhilkoradiya/CVE-2021-38314](https://github.com/akhilkoradiya/CVE-2021-38314) -### CVE-2021-38540 (2021-09-09) - - -The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3. - - +### CVE-2021-38540 - [Captain-v-hook/PoC-for-CVE-2021-38540-](https://github.com/Captain-v-hook/PoC-for-CVE-2021-38540-) -### CVE-2021-38560 (2022-02-01) - - -Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. - - +### CVE-2021-38560 - [os909/iVANTI-CVE-2021-38560](https://github.com/os909/iVANTI-CVE-2021-38560) -### CVE-2021-38647 (2021-09-15) - - -Open Management Infrastructure Remote Code Execution Vulnerability - - +### CVE-2021-38647 - [corelight/CVE-2021-38647](https://github.com/corelight/CVE-2021-38647) - [Vulnmachines/OMIGOD_cve-2021-38647](https://github.com/Vulnmachines/OMIGOD_cve-2021-38647) ### CVE-2021-38817 - [HuskyHacks/CVE-2021-38817-Remote-OS-Command-Injection](https://github.com/HuskyHacks/CVE-2021-38817-Remote-OS-Command-Injection) -### CVE-2021-38819 (2022-11-16) - - -A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page. - - +### CVE-2021-38819 - [m4sk0ff/CVE-2021-38819](https://github.com/m4sk0ff/CVE-2021-38819) -### CVE-2021-39165 (2021-08-26) - - -Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected. - - +### CVE-2021-39165 - [W0rty/CVE-2021-39165](https://github.com/W0rty/CVE-2021-39165) -### CVE-2021-39172 (2021-08-27) - - -Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. - - +### CVE-2021-39172 - [W1ngLess/CVE-2021-39172-RCE](https://github.com/W1ngLess/CVE-2021-39172-RCE) -### CVE-2021-39174 (2021-08-27) - - -Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email, database, etc). This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of nested variables in the resulting dotenv configuration file. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. - - +### CVE-2021-39174 - [n0kovo/CVE-2021-39174-PoC](https://github.com/n0kovo/CVE-2021-39174-PoC) -### CVE-2021-39408 (2022-06-24) - - -Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file - - +### CVE-2021-39408 - [StefanDorresteijn/CVE-2021-39408](https://github.com/StefanDorresteijn/CVE-2021-39408) -### CVE-2021-39409 (2022-06-24) - - -A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated. - - +### CVE-2021-39409 - [StefanDorresteijn/CVE-2021-39409](https://github.com/StefanDorresteijn/CVE-2021-39409) -### CVE-2021-39623 (2022-01-14) - - -In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-194105348 - - +### CVE-2021-39623 - [marcinguy/CVE-2021-39623](https://github.com/marcinguy/CVE-2021-39623) -### CVE-2021-39674 (2022-02-11) - - -In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201083442 - - +### CVE-2021-39674 - [nidhi7598/system_bt_AOSP_10_r33_CVE-2021-39674](https://github.com/nidhi7598/system_bt_AOSP_10_r33_CVE-2021-39674) -### CVE-2021-39685 (2022-03-16) - - -In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel - - +### CVE-2021-39685 - [szymonh/inspector-gadget](https://github.com/szymonh/inspector-gadget) -### CVE-2021-39692 (2022-03-16) - - -In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 - - +### CVE-2021-39692 - [nanopathi/packages_apps_ManagedProvisioning_CVE-2021-39692](https://github.com/nanopathi/packages_apps_ManagedProvisioning_CVE-2021-39692) -### CVE-2021-39696 (2022-08-09) - - -In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717 - - +### CVE-2021-39696 - [nidhi7598/frameworks_base_AOSP_10_r33_CVE-2021-39696](https://github.com/nidhi7598/frameworks_base_AOSP_10_r33_CVE-2021-39696) -### CVE-2021-39704 (2022-03-16) - - -In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 - - +### CVE-2021-39704 - [nanopathi/framework_base_AOSP10_r33_CVE-2021-39704](https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-39704) -### CVE-2021-39706 (2022-03-16) - - -In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 - - +### CVE-2021-39706 - [Trinadh465/packages_apps_Settings_AOSP10_r33_CVE-2021-39706](https://github.com/Trinadh465/packages_apps_Settings_AOSP10_r33_CVE-2021-39706) -### CVE-2021-39749 (2022-03-30) - - -In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205996115 - - +### CVE-2021-39749 - [michalbednarski/OrganizerTransaction](https://github.com/michalbednarski/OrganizerTransaction) -### CVE-2021-39863 (2021-09-29) - - -Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. - - +### CVE-2021-39863 - [lsw29475/CVE-2021-39863](https://github.com/lsw29475/CVE-2021-39863) -### CVE-2021-40303 (2022-11-08) - - -perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. - - +### CVE-2021-40303 - [zecopro/CVE-2021-40303](https://github.com/zecopro/CVE-2021-40303) -### CVE-2021-40345 (2021-10-26) - - -An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. - - +### CVE-2021-40345 - [ArianeBlow/NagiosXI-RCE-all-version-CVE-2021-40345](https://github.com/ArianeBlow/NagiosXI-RCE-all-version-CVE-2021-40345) -### CVE-2021-40346 (2021-09-08) - - -An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. - - +### CVE-2021-40346 - [Vulnmachines/HAProxy_CVE-2021-40346](https://github.com/Vulnmachines/HAProxy_CVE-2021-40346) - [alexOarga/CVE-2021-40346](https://github.com/alexOarga/CVE-2021-40346) -### CVE-2021-40373 (2021-09-10) - - -playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. - - +### CVE-2021-40373 - [maikroservice/CVE-2021-40373](https://github.com/maikroservice/CVE-2021-40373) -### CVE-2021-40438 (2021-09-16) - - -A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. - - +### CVE-2021-40438 - [Kashkovsky/CVE-2021-40438](https://github.com/Kashkovsky/CVE-2021-40438) - [gassara-kys/CVE-2021-40438](https://github.com/gassara-kys/CVE-2021-40438) -### CVE-2021-40444 (2021-09-15) - - -Microsoft MSHTML Remote Code Execution Vulnerability - - +### CVE-2021-40444 - [lockedbyte/CVE-2021-40444](https://github.com/lockedbyte/CVE-2021-40444) - [klezVirus/CVE-2021-40444](https://github.com/klezVirus/CVE-2021-40444) - [MRacumen/CVE-2021-40444](https://github.com/MRacumen/CVE-2021-40444) - [RedLeavesChilde/CVE-2021-40444](https://github.com/RedLeavesChilde/CVE-2021-40444) - [nvchungkma/CVE-2021-40444-Microsoft-Office-Word-Remote-Code-Execution-](https://github.com/nvchungkma/CVE-2021-40444-Microsoft-Office-Word-Remote-Code-Execution-) -### CVE-2021-40449 (2021-10-12) - - -Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357. - - +### CVE-2021-40449 - [BL0odz/CVE-2021-40449-NtGdiResetDC-UAF](https://github.com/BL0odz/CVE-2021-40449-NtGdiResetDC-UAF) - [SamuelTulach/voidmap](https://github.com/SamuelTulach/voidmap) -### CVE-2021-40649 (2022-06-14) - - -In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. - - +### CVE-2021-40649 - [l00neyhacker/CVE-2021-40649](https://github.com/l00neyhacker/CVE-2021-40649) -### CVE-2021-40650 (2022-06-14) - - -In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. - - +### CVE-2021-40650 - [l00neyhacker/CVE-2021-40650](https://github.com/l00neyhacker/CVE-2021-40650) -### CVE-2021-40822 (2022-05-01) - - -GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. - - +### CVE-2021-40822 - [phor3nsic/CVE-2021-40822](https://github.com/phor3nsic/CVE-2021-40822) -### CVE-2021-40859 (2021-12-07) - - -Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. - - +### CVE-2021-40859 - [dorkerdevil/CVE-2021-40859](https://github.com/dorkerdevil/CVE-2021-40859) - [419066074/CVE-2021-40859](https://github.com/419066074/CVE-2021-40859) - [pussycat0x/CVE-2021-40859](https://github.com/pussycat0x/CVE-2021-40859) -### CVE-2021-40870 (2021-09-13) - - -An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. - - +### CVE-2021-40870 - [JoyGhoshs/CVE-2021-40870](https://github.com/JoyGhoshs/CVE-2021-40870) -### CVE-2021-40875 (2021-09-22) - - -Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data. - - +### CVE-2021-40875 - [Lul/TestRail-files.md5-IAC-scanner](https://github.com/Lul/TestRail-files.md5-IAC-scanner) -### CVE-2021-40903 (2022-06-17) - - -A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static. - - +### CVE-2021-40903 - [vulnz/CVE-2021-40903](https://github.com/vulnz/CVE-2021-40903) -### CVE-2021-40904 (2022-03-25) - - -The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. - - +### CVE-2021-40904 - [Edgarloyola/CVE-2021-40904](https://github.com/Edgarloyola/CVE-2021-40904) -### CVE-2021-40905 (2022-03-25) - - -** DISPUTED ** The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute code in this manner. - - +### CVE-2021-40905 - [Edgarloyola/CVE-2021-40905](https://github.com/Edgarloyola/CVE-2021-40905) -### CVE-2021-40906 (2022-03-25) - - -CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication. - - +### CVE-2021-40906 - [Edgarloyola/CVE-2021-40906](https://github.com/Edgarloyola/CVE-2021-40906) -### CVE-2021-40978 (2021-10-07) - - -** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1. - - +### CVE-2021-40978 - [nisdn/CVE-2021-40978](https://github.com/nisdn/CVE-2021-40978) -### CVE-2021-41073 (2021-09-19) - - -loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. - - +### CVE-2021-41073 - [chompie1337/Linux_LPE_io_uring_CVE-2021-41073](https://github.com/chompie1337/Linux_LPE_io_uring_CVE-2021-41073) -### CVE-2021-41078 (2021-10-26) - - -Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. - - +### CVE-2021-41078 - [s-index/CVE-2021-41078](https://github.com/s-index/CVE-2021-41078) -### CVE-2021-41117 (2021-10-11) - - -keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output. Issue 1: Poor random number generation (`GHSL-2021-1012`). The library does not rely entirely on a platform provided CSPRNG, rather, it uses it's own counter-based CMAC approach. Where things go wrong is seeding the CMAC implementation with "true" random data in the function `defaultSeedFile`. In order to seed the AES-CMAC generator, the library will take two different approaches depending on the JavaScript execution environment. In a browser, the library will use [`window.crypto.getRandomValues()`](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L971). However, in a nodeJS execution environment, the `window` object is not defined, so it goes down a much less secure solution, also of which has a bug in it. It does look like the library tries to use node's CSPRNG when possible unfortunately, it looks like the `crypto` object is null because a variable was declared with the same name, and set to `null`. So the node CSPRNG path is never taken. However, when `window.crypto.getRandomValues()` is not available, a Lehmer LCG random number generator is used to seed the CMAC counter, and the LCG is seeded with `Math.random`. While this is poor and would likely qualify in a security bug in itself, it does not explain the extreme frequency in which duplicate keys occur. The main flaw: The output from the Lehmer LCG is encoded incorrectly. The specific [line][https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L1008] with the flaw is: `b.putByte(String.fromCharCode(next & 0xFF))` The [definition](https://github.com/juliangruber/keypair/blob/87c62f255baa12c1ec4f98a91600f82af80be6db/index.js#L350-L352) of `putByte` is `util.ByteBuffer.prototype.putByte = function(b) {this.data += String.fromCharCode(b);};`. Simplified, this is `String.fromCharCode(String.fromCharCode(next & 0xFF))`. The double `String.fromCharCode` is almost certainly unintentional and the source of weak seeding. Unfortunately, this does not result in an error. Rather, it results most of the buffer containing zeros. Since we are masking with 0xFF, we can determine that 97% of the output from the LCG are converted to zeros. The only outputs that result in meaningful values are outputs 48 through 57, inclusive. The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9. In summary, there are three immediate concerns: 1. The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and `Math.random`. 2. The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available. 3. The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero. Due to the poor random number generation, keypair generates RSA keys that are relatively easy to guess. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. - - +### CVE-2021-41117 - [badkeys/keypairvuln](https://github.com/badkeys/keypairvuln) -### CVE-2021-41184 (2021-10-26) - - -jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. - - +### CVE-2021-41184 - [gabrielolivra/Exploit-Medium-CVE-2021-41184](https://github.com/gabrielolivra/Exploit-Medium-CVE-2021-41184) -### CVE-2021-41277 (2021-11-17) - - -Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. - - +### CVE-2021-41277 - [Vulnmachines/Metabase_CVE-2021-41277](https://github.com/Vulnmachines/Metabase_CVE-2021-41277) - [sasukeourad/CVE-2021-41277_SSRF](https://github.com/sasukeourad/CVE-2021-41277_SSRF) - [frknktlca/Metabase_Nmap_Script](https://github.com/frknktlca/Metabase_Nmap_Script) - [Chen-ling-afk/CVE-2021-41277](https://github.com/Chen-ling-afk/CVE-2021-41277) -### CVE-2021-41338 (2021-10-12) - - -Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability - - +### CVE-2021-41338 - [Mario-Kart-Felix/firewall-cve](https://github.com/Mario-Kart-Felix/firewall-cve) -### CVE-2021-41349 (2021-11-09) - - -Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305. - - +### CVE-2021-41349 - [exploit-io/CVE-2021-41349](https://github.com/exploit-io/CVE-2021-41349) - [0xrobiul/CVE-2021-41349](https://github.com/0xrobiul/CVE-2021-41349) -### CVE-2021-41652 (2022-03-01) - - -Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. - - +### CVE-2021-41652 - [deathflash1411/CVE-2021-41652](https://github.com/deathflash1411/CVE-2021-41652) ### CVE-2021-41730 - [IBUILI/CVE-2021-41730](https://github.com/IBUILI/CVE-2021-41730) -### CVE-2021-41773 (2021-10-05) - - -A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. - - +### CVE-2021-41773 - [Vulnmachines/cve-2021-41773](https://github.com/Vulnmachines/cve-2021-41773) - [Ls4ss/CVE-2021-41773_CVE-2021-42013](https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013) - [itsecurityco/CVE-2021-41773](https://github.com/itsecurityco/CVE-2021-41773) @@ -8328,36 +7432,16 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - [blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution](https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution) - [TheKernelPanic/exploit-apache2-cve-2021-41773](https://github.com/TheKernelPanic/exploit-apache2-cve-2021-41773) -### CVE-2021-41805 (2021-12-11) - - -HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace. - - +### CVE-2021-41805 - [I-Am-Nelson/CVE-2021-41805](https://github.com/I-Am-Nelson/CVE-2021-41805) -### CVE-2021-41946 (2022-05-18) - - -In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS. - - +### CVE-2021-41946 - [afaq1337/CVE-2021-41946](https://github.com/afaq1337/CVE-2021-41946) -### CVE-2021-42008 (2021-10-04) - - -The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. - - +### CVE-2021-42008 - [0xdevil/CVE-2021-42008](https://github.com/0xdevil/CVE-2021-42008) -### CVE-2021-42013 (2021-10-07) - - -It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. - - +### CVE-2021-42013 - [Vulnmachines/cve-2021-42013](https://github.com/Vulnmachines/cve-2021-42013) - [twseptian/cve-2021-42013-docker-lab](https://github.com/twseptian/cve-2021-42013-docker-lab) - [walnutsecurity/cve-2021-42013](https://github.com/walnutsecurity/cve-2021-42013) @@ -8375,356 +7459,146 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - [mightysai1997/cve-2021-42013.get](https://github.com/mightysai1997/cve-2021-42013.get) - [12345qwert123456/CVE-2021-42013](https://github.com/12345qwert123456/CVE-2021-42013) -### CVE-2021-42056 (2022-06-24) - - -Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. - - +### CVE-2021-42056 - [z00z00z00/Safenet_SAC_CVE-2021-42056](https://github.com/z00z00z00/Safenet_SAC_CVE-2021-42056) -### CVE-2021-42171 (2022-03-14) - - -Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. - - +### CVE-2021-42171 - [minhnq22/CVE-2021-42171](https://github.com/minhnq22/CVE-2021-42171) -### CVE-2021-42183 (2022-05-05) - - -MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. - - +### CVE-2021-42183 - [0xRaw/CVE-2021-42183](https://github.com/0xRaw/CVE-2021-42183) -### CVE-2021-42230 (2022-04-15) - - -Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter. - - +### CVE-2021-42230 - [TAPESH-TEAM/CVE-2021-42230-Seowon-130-SLC-router-queriesCnt-Remote-Code-Execution-Unauthenticated](https://github.com/TAPESH-TEAM/CVE-2021-42230-Seowon-130-SLC-router-queriesCnt-Remote-Code-Execution-Unauthenticated) -### CVE-2021-42237 (2021-11-05) - - -Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. - - +### CVE-2021-42237 - [ItsIgnacioPortal/CVE-2021-42237](https://github.com/ItsIgnacioPortal/CVE-2021-42237) - [vesperp/CVE-2021-42237-SiteCore-XP](https://github.com/vesperp/CVE-2021-42237-SiteCore-XP) - [crankyyash/SiteCore-RCE-Detection](https://github.com/crankyyash/SiteCore-RCE-Detection) -### CVE-2021-42278 (2021-11-09) - - -Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291. - - +### CVE-2021-42278 - [WazeHell/sam-the-admin](https://github.com/WazeHell/sam-the-admin) - [Ridter/noPac](https://github.com/Ridter/noPac) - [ly4k/Pachine](https://github.com/ly4k/Pachine) - [cybersecurityworks553/noPac-detection](https://github.com/cybersecurityworks553/noPac-detection) -### CVE-2021-42287 (2021-11-09) - - -Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291. - - +### CVE-2021-42287 - [knightswd/NoPacScan](https://github.com/knightswd/NoPacScan) - [XiaoliChan/Invoke-sAMSpoofing](https://github.com/XiaoliChan/Invoke-sAMSpoofing) -### CVE-2021-42321 (2021-11-09) - - -Microsoft Exchange Server Remote Code Execution Vulnerability - - +### CVE-2021-42321 - [timb-machine-mirrors/CVE-2021-42321_poc](https://github.com/timb-machine-mirrors/CVE-2021-42321_poc) - [xnyuq/cve-2021-42321](https://github.com/xnyuq/cve-2021-42321) - [7BitsTeam/exch_CVE-2021-42321](https://github.com/7BitsTeam/exch_CVE-2021-42321) -### CVE-2021-42327 (2021-10-21) - - -dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. - - +### CVE-2021-42327 - [docfate111/CVE-2021-42327](https://github.com/docfate111/CVE-2021-42327) -### CVE-2021-42342 (2021-10-14) - - -An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts. - - +### CVE-2021-42342 - [Mr-xn/CVE-2021-42342](https://github.com/Mr-xn/CVE-2021-42342) -### CVE-2021-42392 (2022-01-07) - - -The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. - - +### CVE-2021-42392 - [cybersecurityworks553/CVE-2021-42392-Detect](https://github.com/cybersecurityworks553/CVE-2021-42392-Detect) -### CVE-2021-42574 (2021-10-31) - - -** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm. - - +### CVE-2021-42574 - [maweil/bidi_char_detector](https://github.com/maweil/bidi_char_detector) - [pierDipi/unicode-control-characters-action](https://github.com/pierDipi/unicode-control-characters-action) -### CVE-2021-42662 (2021-11-05) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. - - +### CVE-2021-42662 - [0xDeku/CVE-2021-42662](https://github.com/0xDeku/CVE-2021-42662) -### CVE-2021-42663 (2021-11-05) - - -An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice. - - +### CVE-2021-42663 - [0xDeku/CVE-2021-42663](https://github.com/0xDeku/CVE-2021-42663) -### CVE-2021-42664 (2021-11-05) - - -A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. - - +### CVE-2021-42664 - [0xDeku/CVE-2021-42664](https://github.com/0xDeku/CVE-2021-42664) -### CVE-2021-42665 (2021-11-05) - - -An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. - - +### CVE-2021-42665 - [0xDeku/CVE-2021-42665](https://github.com/0xDeku/CVE-2021-42665) -### CVE-2021-42666 (2021-11-05) - - -A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. - - +### CVE-2021-42666 - [0xDeku/CVE-2021-42666](https://github.com/0xDeku/CVE-2021-42666) -### CVE-2021-42667 (2021-11-05) - - -A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. - - +### CVE-2021-42667 - [0xDeku/CVE-2021-42667](https://github.com/0xDeku/CVE-2021-42667) -### CVE-2021-42668 (2021-11-05) - - -A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server. - - +### CVE-2021-42668 - [0xDeku/CVE-2021-42668](https://github.com/0xDeku/CVE-2021-42668) -### CVE-2021-42669 (2021-11-05) - - -A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id. - - +### CVE-2021-42669 - [0xDeku/CVE-2021-42669](https://github.com/0xDeku/CVE-2021-42669) -### CVE-2021-42670 (2021-11-05) - - -A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server. - - +### CVE-2021-42670 - [0xDeku/CVE-2021-42670](https://github.com/0xDeku/CVE-2021-42670) -### CVE-2021-42671 (2021-11-05) - - -An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization. - - +### CVE-2021-42671 - [0xDeku/CVE-2021-42671](https://github.com/0xDeku/CVE-2021-42671) -### CVE-2021-42697 (2021-11-02) - - -Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. - - +### CVE-2021-42697 - [cxosmo/CVE-2021-42697](https://github.com/cxosmo/CVE-2021-42697) -### CVE-2021-42717 (2021-12-07) - - -ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. - - +### CVE-2021-42717 - [EkamSinghWalia/Detection-and-Mitigation-script-for-CVE-2021-42717](https://github.com/EkamSinghWalia/Detection-and-Mitigation-script-for-CVE-2021-42717) -### CVE-2021-42835 (2021-12-08) - - -An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). - - +### CVE-2021-42835 - [netanelc305/PlEXcalaison](https://github.com/netanelc305/PlEXcalaison) -### CVE-2021-42913 (2021-12-20) - - -The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required. - - +### CVE-2021-42913 - [kernel-cyber/CVE-2021-42913](https://github.com/kernel-cyber/CVE-2021-42913) -### CVE-2021-42948 (2022-09-16) - - -HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. - - +### CVE-2021-42948 - [dhammon/HotelDruid-CVE-2021-42948](https://github.com/dhammon/HotelDruid-CVE-2021-42948) -### CVE-2021-42949 (2022-09-16) - - -The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. - - +### CVE-2021-42949 - [dhammon/HotelDruid-CVE-2021-42949](https://github.com/dhammon/HotelDruid-CVE-2021-42949) -### CVE-2021-43008 (2022-04-04) - - -Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database. - - +### CVE-2021-43008 - [p0dalirius/CVE-2021-43008-AdminerRead](https://github.com/p0dalirius/CVE-2021-43008-AdminerRead) -### CVE-2021-43129 (2022-04-19) - - -A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz. - - +### CVE-2021-43129 - [Skotizo/CVE-2021-43129](https://github.com/Skotizo/CVE-2021-43129) -### CVE-2021-43224 (2021-12-15) - - -Windows Common Log File System Driver Information Disclosure Vulnerability - - +### CVE-2021-43224 - [KaLendsi/CVE-2021-43224-POC](https://github.com/KaLendsi/CVE-2021-43224-POC) -### CVE-2021-43229 (2021-12-15) - - -Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231. - - +### CVE-2021-43229 - [Citizen13X/CVE-2021-43229](https://github.com/Citizen13X/CVE-2021-43229) -### CVE-2021-43258 (2022-11-23) - - -CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server. - - +### CVE-2021-43258 - [MRvirusIR/CVE-2021-43258](https://github.com/MRvirusIR/CVE-2021-43258) -### CVE-2021-43287 (2022-04-14) - - -An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers. - - +### CVE-2021-43287 - [Wrin9/CVE-2021-43287](https://github.com/Wrin9/CVE-2021-43287) -### CVE-2021-43297 (2022-01-10) - - -A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5. - - +### CVE-2021-43297 - [bitterzzZZ/CVE-2021-43297-POC](https://github.com/bitterzzZZ/CVE-2021-43297-POC) - [longofo/Apache-Dubbo-Hessian2-CVE-2021-43297](https://github.com/longofo/Apache-Dubbo-Hessian2-CVE-2021-43297) -### CVE-2021-43326 (2021-12-15) - - -Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. - - +### CVE-2021-43326 - [gfoss/CVE-2021-43326_Exploit](https://github.com/gfoss/CVE-2021-43326_Exploit) -### CVE-2021-43408 (2021-11-19) - - -The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles. - - +### CVE-2021-43408 - [tuannq2299/CVE-2021-43408](https://github.com/tuannq2299/CVE-2021-43408) ### CVE-2021-43503 - [kang8/CVE-2021-43503](https://github.com/kang8/CVE-2021-43503) -### CVE-2021-43515 (2022-04-08) - - -CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. - - +### CVE-2021-43515 - [ixSly/CVE-2021-43515](https://github.com/ixSly/CVE-2021-43515) -### CVE-2021-43530 (2021-12-08) - - -A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. - - +### CVE-2021-43530 - [hfh86/CVE-2021-43530-UXSS-On-QRcode-Reader-](https://github.com/hfh86/CVE-2021-43530-UXSS-On-QRcode-Reader-) -### CVE-2021-43617 (2021-11-14) - - -Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload. - - +### CVE-2021-43617 - [aweiiy/CVE-2021-43617](https://github.com/aweiiy/CVE-2021-43617) ### CVE-2021-43657 - [c0n5n3d/CVE-2021-43657](https://github.com/c0n5n3d/CVE-2021-43657) -### CVE-2021-43789 (2021-12-07) - - -PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with `orderBy` and `sortOrder` parameters. The problem is fixed in version 1.7.8.2. - - +### CVE-2021-43789 - [numanturle/CVE-2021-43789](https://github.com/numanturle/CVE-2021-43789) -### CVE-2021-43798 (2021-12-07) - - -Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. - - +### CVE-2021-43798 - [asaotomo/CVE-2021-43798-Grafana-Exp](https://github.com/asaotomo/CVE-2021-43798-Grafana-Exp) - [j-jasson/CVE-2021-43798-grafana_fileread](https://github.com/j-jasson/CVE-2021-43798-grafana_fileread) - [LongWayHomie/CVE-2021-43798](https://github.com/LongWayHomie/CVE-2021-43798) @@ -8740,130 +7614,55 @@ Grafana is an open-source platform for monitoring and observability. Grafana ver - [hupe1980/CVE-2021-43798](https://github.com/hupe1980/CVE-2021-43798) - [trhacknon/exploit-grafana-CVE-2021-43798](https://github.com/trhacknon/exploit-grafana-CVE-2021-43798) -### CVE-2021-43811 (2021-12-08) - - -Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. - - +### CVE-2021-43811 - [s-index/CVE-2021-43811](https://github.com/s-index/CVE-2021-43811) -### CVE-2021-43821 (2021-12-14) - - -Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating. - - +### CVE-2021-43821 - [Jackey0/opencast-CVE-2021-43821-env](https://github.com/Jackey0/opencast-CVE-2021-43821-env) -### CVE-2021-43848 (2022-02-01) - - -h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. When h2o is used as a reverse proxy, an attacker can abuse this vulnerability to send internal state of h2o to backend servers controlled by the attacker or third party. Also, if there is an HTTP endpoint that reflects the traffic sent from the client, an attacker can use that reflector to obtain internal state of h2o. This internal state includes traffic of other connections in unencrypted form and TLS session tickets. This vulnerability exists in h2o server with HTTP/3 support, between commit 93af138 and d1f0f65. None of the released versions of h2o are affected by this vulnerability. There are no known workarounds. Users of unreleased versions of h2o using HTTP/3 are advised to upgrade immediately. - - +### CVE-2021-43848 - [neex/hui2ochko](https://github.com/neex/hui2ochko) -### CVE-2021-43857 (2021-12-27) - - -Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8. - - +### CVE-2021-43857 - [LongWayHomie/CVE-2021-43857](https://github.com/LongWayHomie/CVE-2021-43857) - [lowkey0808/CVE-2021-43857](https://github.com/lowkey0808/CVE-2021-43857) -### CVE-2021-43858 (2021-12-27) - - -MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users. - - +### CVE-2021-43858 - [0rx1/cve-2021-43858](https://github.com/0rx1/cve-2021-43858) -### CVE-2021-43890 (2021-12-15) - - -Windows AppX Installer Spoofing Vulnerability - - +### CVE-2021-43890 - [yonggui-li/CVE-2021-43890_poc](https://github.com/yonggui-li/CVE-2021-43890_poc) -### CVE-2021-43891 (2021-12-15) - - -Visual Studio Code Remote Code Execution Vulnerability - - +### CVE-2021-43891 - [parsiya/code-wsl-rce](https://github.com/parsiya/code-wsl-rce) -### CVE-2021-43893 (2021-12-15) - - -Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability - - +### CVE-2021-43893 - [jbaines-r7/blankspace](https://github.com/jbaines-r7/blankspace) -### CVE-2021-43908 (2021-12-15) - - -Visual Studio Code Spoofing Vulnerability - - +### CVE-2021-43908 - [Sudistark/vscode-rce-electrovolt](https://github.com/Sudistark/vscode-rce-electrovolt) -### CVE-2021-43936 (2021-12-06) - - -The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution. - - +### CVE-2021-43936 - [LongWayHomie/CVE-2021-43936](https://github.com/LongWayHomie/CVE-2021-43936) ### CVE-2021-44103 - [paulotrindadec/CVE-2021-44103](https://github.com/paulotrindadec/CVE-2021-44103) -### CVE-2021-44117 (2022-06-10) - - -A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. - - +### CVE-2021-44117 - [warmachine-57/CVE-2021-44117](https://github.com/warmachine-57/CVE-2021-44117) -### CVE-2021-44132 (2022-02-25) - - -A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. - - +### CVE-2021-44132 - [exploitwritter/CVE-2021-44132](https://github.com/exploitwritter/CVE-2021-44132) -### CVE-2021-44142 (2022-02-21) - - -The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. - - +### CVE-2021-44142 - [hrsman/Samba-CVE-2021-44142](https://github.com/hrsman/Samba-CVE-2021-44142) - [horizon3ai/CVE-2021-44142](https://github.com/horizon3ai/CVE-2021-44142) - [gudyrmik/CVE-2021-44142](https://github.com/gudyrmik/CVE-2021-44142) -### CVE-2021-44217 (2022-01-18) - - -In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API. - - +### CVE-2021-44217 - [Hyperkopite/CVE-2021-44217](https://github.com/Hyperkopite/CVE-2021-44217) -### CVE-2021-44228 (2021-12-10) - - -Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. - - +### CVE-2021-44228 - [tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce](https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce) - [Glease/Healer](https://github.com/Glease/Healer) - [jas502n/Log4j2-CVE-2021-44228](https://github.com/jas502n/Log4j2-CVE-2021-44228) @@ -9068,130 +7867,55 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - [srcporter/CVE-2021-44228](https://github.com/srcporter/CVE-2021-44228) - [trhacknon/CVE-2021-44228-Scanner](https://github.com/trhacknon/CVE-2021-44228-Scanner) -### CVE-2021-44255 (2022-01-31) - - -Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. - - +### CVE-2021-44255 - [pizza-power/motioneye-authenticated-RCE](https://github.com/pizza-power/motioneye-authenticated-RCE) ### CVE-2021-44270 - [pinpinsec/Anviz-Access-Control-Authentication-Bypass](https://github.com/pinpinsec/Anviz-Access-Control-Authentication-Bypass) -### CVE-2021-44428 (2021-11-29) - - -Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1. - - +### CVE-2021-44428 - [z3bul0n/log4jtest](https://github.com/z3bul0n/log4jtest) -### CVE-2021-44521 (2022-02-11) - - -When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. - - +### CVE-2021-44521 - [WoodenKlaas/CVE-2021-44521](https://github.com/WoodenKlaas/CVE-2021-44521) - [Yeyvo/poc-CVE-2021-44521](https://github.com/Yeyvo/poc-CVE-2021-44521) -### CVE-2021-44529 (2021-12-08) - - -A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). - - +### CVE-2021-44529 - [jkana/CVE-2021-44529](https://github.com/jkana/CVE-2021-44529) - [jax7sec/CVE-2021-44529](https://github.com/jax7sec/CVE-2021-44529) -### CVE-2021-44582 (2022-06-10) - - -A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. - - +### CVE-2021-44582 - [warmachine-57/CVE-2021-44582](https://github.com/warmachine-57/CVE-2021-44582) -### CVE-2021-44593 (2022-01-21) - - -Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. - - +### CVE-2021-44593 - [Mister-Joe/CVE-2021-44593](https://github.com/Mister-Joe/CVE-2021-44593) -### CVE-2021-44733 (2021-12-22) - - -A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. - - +### CVE-2021-44733 - [pjlantz/optee-qemu](https://github.com/pjlantz/optee-qemu) -### CVE-2021-44827 (2022-03-04) - - -There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. - - +### CVE-2021-44827 - [full-disclosure/CVE-2021-44827](https://github.com/full-disclosure/CVE-2021-44827) -### CVE-2021-44832 (2021-12-28) - - -Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. - - +### CVE-2021-44832 - [cckuailong/log4j_RCE_CVE-2021-44832](https://github.com/cckuailong/log4j_RCE_CVE-2021-44832) - [name/log4j](https://github.com/name/log4j) -### CVE-2021-44852 (2022-01-01) - - -An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000. - - +### CVE-2021-44852 - [Exploitables/CVE-2021-44852](https://github.com/Exploitables/CVE-2021-44852) -### CVE-2021-45007 (2022-02-20) - - -** DISPUTED ** Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. - - +### CVE-2021-45007 - [AS4mir/CVE-2021-45007](https://github.com/AS4mir/CVE-2021-45007) -### CVE-2021-45008 (2022-02-21) - - -** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. - - +### CVE-2021-45008 - [AS4mir/CVE-2021-45008](https://github.com/AS4mir/CVE-2021-45008) -### CVE-2021-45010 (2022-03-15) - - -A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. - - +### CVE-2021-45010 - [febinrev/CVE-2021-45010-TinyFileManager-Exploit](https://github.com/febinrev/CVE-2021-45010-TinyFileManager-Exploit) -### CVE-2021-45041 (2021-12-19) - - -SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date. - - +### CVE-2021-45041 - [manuelz120/CVE-2021-45041](https://github.com/manuelz120/CVE-2021-45041) -### CVE-2021-45046 (2021-12-14) - - -It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. - - +### CVE-2021-45046 - [cckuailong/Log4j_CVE-2021-45046](https://github.com/cckuailong/Log4j_CVE-2021-45046) - [BobTheShoplifter/CVE-2021-45046-Info](https://github.com/BobTheShoplifter/CVE-2021-45046-Info) - [mergebase/log4j-samples](https://github.com/mergebase/log4j-samples) @@ -9200,20 +7924,10 @@ It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was i - [CaptanMoss/Log4Shell-Sandbox-Signature](https://github.com/CaptanMoss/Log4Shell-Sandbox-Signature) - [taise-hub/log4j-poc](https://github.com/taise-hub/log4j-poc) -### CVE-2021-45067 (2022-01-14) - - -Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. - - +### CVE-2021-45067 - [hacksysteam/CVE-2021-45067](https://github.com/hacksysteam/CVE-2021-45067) -### CVE-2021-45105 (2021-12-18) - - -Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. - - +### CVE-2021-45105 - [tejas-nagchandi/CVE-2021-45105](https://github.com/tejas-nagchandi/CVE-2021-45105) - [iAmSOScArEd/log4j2_dos_exploit](https://github.com/iAmSOScArEd/log4j2_dos_exploit) - [dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105](https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105) @@ -9222,12 +7936,7 @@ Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) di - [dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1](https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1) - [sakuraji-labs/log4j-remediation](https://github.com/sakuraji-labs/log4j-remediation) -### CVE-2021-45232 (2021-12-27) - - -In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication. - - +### CVE-2021-45232 - [Osyanina/westone-CVE-2021-45232-scanner](https://github.com/Osyanina/westone-CVE-2021-45232-scanner) - [badboycxcc/CVE-2021-45232-POC](https://github.com/badboycxcc/CVE-2021-45232-POC) - [LTiDi2000/CVE-2021-45232](https://github.com/LTiDi2000/CVE-2021-45232) @@ -9242,237 +7951,102 @@ In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks an - [yggcwhat/CVE-2021-45232](https://github.com/yggcwhat/CVE-2021-45232) - [YutuSec/Apisix_Crack](https://github.com/YutuSec/Apisix_Crack) -### CVE-2021-45416 (2022-02-01) - - -Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. - - +### CVE-2021-45416 - [86x/CVE-2021-45416](https://github.com/86x/CVE-2021-45416) - [dnr6419/CVE-2021-45416](https://github.com/dnr6419/CVE-2021-45416) -### CVE-2021-45485 (2021-12-24) - - -In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. - - +### CVE-2021-45485 - [Satheesh575555/linux-4.19.72_CVE-2021-45485](https://github.com/Satheesh575555/linux-4.19.72_CVE-2021-45485) -### CVE-2021-45744 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. - - +### CVE-2021-45744 - [plsanu/Bludit-3.13.1-TAGS-Field-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Bludit-3.13.1-TAGS-Field-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-45744](https://github.com/plsanu/CVE-2021-45744) -### CVE-2021-45745 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. - - +### CVE-2021-45745 - [plsanu/Bludit-3.13.1-About-Plugin-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Bludit-3.13.1-About-Plugin-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-45745](https://github.com/plsanu/CVE-2021-45745) -### CVE-2021-45897 (2022-01-28) - - -SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. - - +### CVE-2021-45897 - [manuelz120/CVE-2021-45897](https://github.com/manuelz120/CVE-2021-45897) -### CVE-2021-45901 (2022-02-10) - - -The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. - - +### CVE-2021-45901 - [9lyph/CVE-2021-45901](https://github.com/9lyph/CVE-2021-45901) -### CVE-2021-45960 (2022-01-01) - - -In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). - - +### CVE-2021-45960 - [nanopathi/external_expat_AOSP10_r33_CVE-2021-45960](https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-45960) - [Trinadh465/external_lib_AOSP10_r33_CVE-2021-45960_CVE-2021-46143-](https://github.com/Trinadh465/external_lib_AOSP10_r33_CVE-2021-45960_CVE-2021-46143-) -### CVE-2021-46005 (2022-01-18) - - -Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter. - - +### CVE-2021-46005 - [nawed20002/CVE-2021-46005](https://github.com/nawed20002/CVE-2021-46005) -### CVE-2021-46067 (2022-01-06) - - -In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. - - +### CVE-2021-46067 - [plsanu/Vehicle-Service-Management-System-Multiple-Cookie-Stealing-Leads-to-Full-Account-Takeover](https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Cookie-Stealing-Leads-to-Full-Account-Takeover) - [plsanu/CVE-2021-46067](https://github.com/plsanu/CVE-2021-46067) -### CVE-2021-46068 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel. - - +### CVE-2021-46068 - [plsanu/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-46068](https://github.com/plsanu/CVE-2021-46068) -### CVE-2021-46069 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel. - - +### CVE-2021-46069 - [plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-46069](https://github.com/plsanu/CVE-2021-46069) -### CVE-2021-46070 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel. - - +### CVE-2021-46070 - [plsanu/Vehicle-Service-Management-System-Service-Requests-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-Service-Requests-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-46070](https://github.com/plsanu/CVE-2021-46070) -### CVE-2021-46071 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. - - +### CVE-2021-46071 - [plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-46071](https://github.com/plsanu/CVE-2021-46071) -### CVE-2021-46072 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. - - +### CVE-2021-46072 - [plsanu/Vehicle-Service-Management-System-Service-List-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-Service-List-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-46072](https://github.com/plsanu/CVE-2021-46072) -### CVE-2021-46073 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. - - +### CVE-2021-46073 - [plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-46073](https://github.com/plsanu/CVE-2021-46073) -### CVE-2021-46074 (2022-01-06) - - -A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. - - +### CVE-2021-46074 - [plsanu/Vehicle-Service-Management-System-Settings-Stored-Cross-Site-Scripting-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-Settings-Stored-Cross-Site-Scripting-XSS) - [plsanu/CVE-2021-46074](https://github.com/plsanu/CVE-2021-46074) -### CVE-2021-46075 (2022-01-06) - - -A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations. - - +### CVE-2021-46075 - [plsanu/Vehicle-Service-Management-System-Multiple-Privilege-Escalation-Leads-to-CRUD-Operations](https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Privilege-Escalation-Leads-to-CRUD-Operations) - [plsanu/CVE-2021-46075](https://github.com/plsanu/CVE-2021-46075) -### CVE-2021-46076 (2022-01-06) - - -Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. - - +### CVE-2021-46076 - [plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Code-Execution](https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Code-Execution) - [plsanu/CVE-2021-46076](https://github.com/plsanu/CVE-2021-46076) -### CVE-2021-46078 (2022-01-06) - - -An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. - - +### CVE-2021-46078 - [plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Stored-Cross-Site-Scripting](https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Stored-Cross-Site-Scripting) - [plsanu/CVE-2021-46078](https://github.com/plsanu/CVE-2021-46078) -### CVE-2021-46079 (2022-01-06) - - -An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection. - - +### CVE-2021-46079 - [plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Html-Injection](https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Html-Injection) - [plsanu/CVE-2021-46079](https://github.com/plsanu/CVE-2021-46079) -### CVE-2021-46080 (2022-01-06) - - -A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. - - +### CVE-2021-46080 - [plsanu/Vehicle-Service-Management-System-Multiple-Cross-Site-Request-Forgery-CSRF-Leads-to-XSS](https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Cross-Site-Request-Forgery-CSRF-Leads-to-XSS) - [plsanu/CVE-2021-46080](https://github.com/plsanu/CVE-2021-46080) -### CVE-2021-46108 (2022-02-17) - - -D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. - - +### CVE-2021-46108 - [g-rubert/CVE-2021-46108](https://github.com/g-rubert/CVE-2021-46108) -### CVE-2021-46143 (2022-01-05) - - -In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. - - +### CVE-2021-46143 - [nanopathi/external_expat_AOSP10_r33_CVE-2021-46143](https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-46143) -### CVE-2021-46381 (2022-03-04) - - -Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. - - +### CVE-2021-46381 - [JCPpeiqi/-cve-2021-46381](https://github.com/JCPpeiqi/-cve-2021-46381) -### CVE-2021-46398 (2022-02-04) - - -A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. - - +### CVE-2021-46398 - [febinrev/CVE-2021-46398_Chamilo-LMS-RCE](https://github.com/febinrev/CVE-2021-46398_Chamilo-LMS-RCE) -### CVE-2021-46417 (2022-04-07) - - -Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. - - +### CVE-2021-46417 - [Henry4E36/CVE-2021-46417](https://github.com/Henry4E36/CVE-2021-46417) -### CVE-2021-46422 (2022-04-27) - - -Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. - - +### CVE-2021-46422 - [nobodyatall648/CVE-2021-46422](https://github.com/nobodyatall648/CVE-2021-46422) - [Chocapikk/CVE-2021-46422](https://github.com/Chocapikk/CVE-2021-46422) - [twoning/CVE-2021-46422_PoC](https://github.com/twoning/CVE-2021-46422_PoC) @@ -9487,12 +8061,7 @@ Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability - [polerstar/CVE-2021-46422-poc](https://github.com/polerstar/CVE-2021-46422-poc) - [kailing0220/CVE-2021-46422](https://github.com/kailing0220/CVE-2021-46422) -### CVE-2021-46702 (2022-02-25) - - -Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory. - - +### CVE-2021-46702 - [malakkf/CVE-2021-46702](https://github.com/malakkf/CVE-2021-46702) @@ -11033,7 +9602,6 @@ In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12. - [r0ttenbeef/cve-2020-5902](https://github.com/r0ttenbeef/cve-2020-5902) - [lijiaxing1997/CVE-2020-5902-POC-EXP](https://github.com/lijiaxing1997/CVE-2020-5902-POC-EXP) - [0xAbdullah/CVE-2020-5902](https://github.com/0xAbdullah/CVE-2020-5902) -- [GoodiesHQ/F5-Patch](https://github.com/GoodiesHQ/F5-Patch) - [jiansiting/CVE-2020-5902](https://github.com/jiansiting/CVE-2020-5902) - [wdlid/CVE-2020-5902-fix](https://github.com/wdlid/CVE-2020-5902-fix) - [Any3ite/CVE-2020-5902-F5BIG](https://github.com/Any3ite/CVE-2020-5902-F5BIG) @@ -11069,6 +9637,7 @@ In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12. - [haisenberg/CVE-2020-5902](https://github.com/haisenberg/CVE-2020-5902) - [west9b/F5-BIG-IP-POC](https://github.com/west9b/F5-BIG-IP-POC) - [z3n70/CVE-2020-5902](https://github.com/z3n70/CVE-2020-5902) +- [trhacknon/CVE-2020-5902-Scanner](https://github.com/trhacknon/CVE-2020-5902-Scanner) ### CVE-2020-5903 (2020-07-01) @@ -16971,6 +15540,7 @@ In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7 - [cisagov/check-your-pulse](https://github.com/cisagov/check-your-pulse) - [andripwn/pulse-exploit](https://github.com/andripwn/pulse-exploit) - [pwn3z/CVE-2019-11510-PulseVPN](https://github.com/pwn3z/CVE-2019-11510-PulseVPN) +- [trhacknon/CVE-2019-11510](https://github.com/trhacknon/CVE-2019-11510) ### CVE-2019-11523 (2019-06-06) @@ -18806,6 +17376,7 @@ An issue was discovered in Citrix Application Delivery Controller (ADC) and Gate - [pwn3z/CVE-2019-19781-Citrix](https://github.com/pwn3z/CVE-2019-19781-Citrix) - [Vulnmachines/Ctirix_RCE-CVE-2019-19781](https://github.com/Vulnmachines/Ctirix_RCE-CVE-2019-19781) - [k-fire/CVE-2019-19781-exploit](https://github.com/k-fire/CVE-2019-19781-exploit) +- [trhacknon/CVE-2019-19781](https://github.com/trhacknon/CVE-2019-19781) ### CVE-2019-19844 (2019-12-18)