From af7fc50198be6278351f0d31225d3a37feb4268a Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Wed, 22 Jun 2022 09:16:17 +0900 Subject: [PATCH] Auto Update 2022/06/22 00:16:17 --- 2019/CVE-2019-11932.json | 8 ++++---- 2019/CVE-2019-17221.json | 8 ++++---- 2019/CVE-2019-20933.json | 8 ++++---- 2021/CVE-2021-3156.json | 12 ++++++------ 2021/CVE-2021-4034.json | 4 ++-- 2021/CVE-2021-42278.json | 12 ++++++------ 2021/CVE-2021-44228.json | 8 ++++---- 2022/CVE-2022-22965.json | 8 ++++---- 2022/CVE-2022-22980.json | 8 ++++---- 2022/CVE-2022-23648.json | 8 ++++---- 2022/CVE-2022-25949.json | 29 +++++++++++++++++++++++++++++ 2022/CVE-2022-29072.json | 4 ++-- README.md | 8 ++++++++ 13 files changed, 81 insertions(+), 44 deletions(-) create mode 100644 2022/CVE-2022-25949.json diff --git a/2019/CVE-2019-11932.json b/2019/CVE-2019-11932.json index 3db9e146cd..7a515d43e1 100644 --- a/2019/CVE-2019-11932.json +++ b/2019/CVE-2019-11932.json @@ -13,17 +13,17 @@ "description": " double-free bug in WhatsApp exploit poc", "fork": false, "created_at": "2019-10-03T09:26:24Z", - "updated_at": "2022-06-07T08:03:14Z", + "updated_at": "2022-06-21T23:28:12Z", "pushed_at": "2021-03-19T17:23:25Z", - "stargazers_count": 256, - "watchers_count": 256, + "stargazers_count": 257, + "watchers_count": 257, "forks_count": 77, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 77, - "watchers": 256, + "watchers": 257, "score": 0 }, { diff --git a/2019/CVE-2019-17221.json b/2019/CVE-2019-17221.json index 27dd0a0542..2e3b912a49 100644 --- a/2019/CVE-2019-17221.json +++ b/2019/CVE-2019-17221.json @@ -13,17 +13,17 @@ "description": "PhantomJS uses internal module: webpage, to open, close, render, and perform multiple actions on webpages, which suffers from an arbitrary file read vulnerability. The vulnerability exists in the page.open() function of the webpage module, which loads the specified URL and calls a given callback. When opening a HTML file, an attacker can supply specially crafted file content, which allows reading arbitrary files on the filesystem. The vulnerability is demonstrated by using page.render() as the function callback, resulting in the generation of a PDF or an image of the targeted file.", "fork": false, "created_at": "2020-01-16T18:07:07Z", - "updated_at": "2022-05-26T06:34:29Z", + "updated_at": "2022-06-21T22:32:09Z", "pushed_at": "2020-01-16T18:08:13Z", - "stargazers_count": 8, - "watchers_count": 8, + "stargazers_count": 9, + "watchers_count": 9, "forks_count": 3, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 3, - "watchers": 8, + "watchers": 9, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-20933.json b/2019/CVE-2019-20933.json index 8a246ccea6..3c8e0b7ecc 100644 --- a/2019/CVE-2019-20933.json +++ b/2019/CVE-2019-20933.json @@ -13,17 +13,17 @@ "description": "InfluxDB CVE-2019-20933 vulnerability exploit", "fork": false, "created_at": "2021-04-28T16:25:31Z", - "updated_at": "2022-05-25T19:20:48Z", + "updated_at": "2022-06-21T20:33:21Z", "pushed_at": "2022-02-16T21:48:20Z", - "stargazers_count": 24, - "watchers_count": 24, + "stargazers_count": 25, + "watchers_count": 25, "forks_count": 14, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 14, - "watchers": 24, + "watchers": 25, "score": 0 }, { diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index 035c03d83c..becad0cf2b 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -726,17 +726,17 @@ "description": "Root shell PoC for CVE-2021-3156", "fork": false, "created_at": "2021-02-03T19:57:56Z", - "updated_at": "2022-06-20T20:08:29Z", + "updated_at": "2022-06-21T19:13:52Z", "pushed_at": "2022-02-13T12:21:53Z", - "stargazers_count": 107, - "watchers_count": 107, - "forks_count": 43, + "stargazers_count": 108, + "watchers_count": 108, + "forks_count": 44, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 43, - "watchers": 107, + "forks": 44, + "watchers": 108, "score": 0 }, { diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index 954a8f8ab6..6fd086783c 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -158,7 +158,7 @@ "pushed_at": "2022-02-12T05:22:58Z", "stargazers_count": 868, "watchers_count": 868, - "forks_count": 281, + "forks_count": 280, "allow_forking": true, "is_template": false, "topics": [ @@ -167,7 +167,7 @@ "poc" ], "visibility": "public", - "forks": 281, + "forks": 280, "watchers": 868, "score": 0 }, diff --git a/2021/CVE-2021-42278.json b/2021/CVE-2021-42278.json index 5830b16956..c785d67c4e 100644 --- a/2021/CVE-2021-42278.json +++ b/2021/CVE-2021-42278.json @@ -45,17 +45,17 @@ "description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ", "fork": false, "created_at": "2021-12-13T10:28:12Z", - "updated_at": "2022-06-20T02:07:13Z", + "updated_at": "2022-06-21T18:41:00Z", "pushed_at": "2022-04-25T07:53:41Z", - "stargazers_count": 361, - "watchers_count": 361, - "forks_count": 71, + "stargazers_count": 362, + "watchers_count": 362, + "forks_count": 72, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 71, - "watchers": 361, + "forks": 72, + "watchers": 362, "score": 0 }, { diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 566da09a2f..ea49bde122 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -125,7 +125,7 @@ "pushed_at": "2021-12-16T01:33:48Z", "stargazers_count": 181, "watchers_count": 181, - "forks_count": 34, + "forks_count": 33, "allow_forking": true, "is_template": false, "topics": [ @@ -138,7 +138,7 @@ "minecraft" ], "visibility": "public", - "forks": 34, + "forks": 33, "watchers": 181, "score": 0 }, @@ -246,14 +246,14 @@ "pushed_at": "2022-02-24T12:04:51Z", "stargazers_count": 990, "watchers_count": 990, - "forks_count": 440, + "forks_count": 439, "allow_forking": true, "is_template": false, "topics": [ "log4shell" ], "visibility": "public", - "forks": 440, + "forks": 439, "watchers": 990, "score": 0 }, diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index fb3d773174..ac552afdee 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -119,17 +119,17 @@ "description": "Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit", "fork": false, "created_at": "2022-03-31T00:24:28Z", - "updated_at": "2022-06-19T09:28:12Z", + "updated_at": "2022-06-21T20:50:25Z", "pushed_at": "2022-06-10T17:34:08Z", - "stargazers_count": 253, - "watchers_count": 253, + "stargazers_count": 254, + "watchers_count": 254, "forks_count": 203, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 203, - "watchers": 253, + "watchers": 254, "score": 0 }, { diff --git a/2022/CVE-2022-22980.json b/2022/CVE-2022-22980.json index df51b443b4..ae06f85d0e 100644 --- a/2022/CVE-2022-22980.json +++ b/2022/CVE-2022-22980.json @@ -13,17 +13,17 @@ "description": "Poc of CVE-2022-22980", "fork": false, "created_at": "2022-06-21T11:39:13Z", - "updated_at": "2022-06-21T16:16:32Z", + "updated_at": "2022-06-21T23:52:13Z", "pushed_at": "2022-06-21T12:01:32Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 4, + "watchers_count": 4, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 4, "score": 0 }, { diff --git a/2022/CVE-2022-23648.json b/2022/CVE-2022-23648.json index 23e9596d39..cca9a3569a 100644 --- a/2022/CVE-2022-23648.json +++ b/2022/CVE-2022-23648.json @@ -13,17 +13,17 @@ "description": "POC for CVE-2022-23648", "fork": false, "created_at": "2022-03-25T19:43:59Z", - "updated_at": "2022-06-08T09:21:02Z", + "updated_at": "2022-06-21T19:05:54Z", "pushed_at": "2022-03-29T09:55:15Z", - "stargazers_count": 31, - "watchers_count": 31, + "stargazers_count": 30, + "watchers_count": 30, "forks_count": 16, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 16, - "watchers": 31, + "watchers": 30, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-25949.json b/2022/CVE-2022-25949.json new file mode 100644 index 0000000000..ab074247e9 --- /dev/null +++ b/2022/CVE-2022-25949.json @@ -0,0 +1,29 @@ +[ + { + "id": 470624137, + "name": "CVE-2022-25949", + "full_name": "tandasat\/CVE-2022-25949", + "owner": { + "login": "tandasat", + "id": 1620923, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1620923?v=4", + "html_url": "https:\/\/github.com\/tandasat" + }, + "html_url": "https:\/\/github.com\/tandasat\/CVE-2022-25949", + "description": "A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.", + "fork": false, + "created_at": "2022-03-16T14:42:21Z", + "updated_at": "2022-06-21T19:05:54Z", + "pushed_at": "2022-03-16T19:51:30Z", + "stargazers_count": 31, + "watchers_count": 31, + "forks_count": 9, + "allow_forking": true, + "is_template": false, + "topics": [], + "visibility": "public", + "forks": 9, + "watchers": 31, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-29072.json b/2022/CVE-2022-29072.json index 970f957db3..a6d8354203 100644 --- a/2022/CVE-2022-29072.json +++ b/2022/CVE-2022-29072.json @@ -17,12 +17,12 @@ "pushed_at": "2022-04-22T11:26:31Z", "stargazers_count": 670, "watchers_count": 670, - "forks_count": 107, + "forks_count": 108, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 107, + "forks": 108, "watchers": 670, "score": 0 }, diff --git a/README.md b/README.md index 010456ec09..1b0f97b7b3 100644 --- a/README.md +++ b/README.md @@ -1531,6 +1531,14 @@ The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to - [HadiMed/KINGSOFT-WPS-Office-LPE](https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE) - [webraybtl/CVE-2022-25943](https://github.com/webraybtl/CVE-2022-25943) +### CVE-2022-25949 (2022-03-17) + + +The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. + + +- [tandasat/CVE-2022-25949](https://github.com/tandasat/CVE-2022-25949) + ### CVE-2022-26133 (2022-04-20)