diff --git a/2012/CVE-2012-2982.json b/2012/CVE-2012-2982.json
index 537364cc53..f00adc218d 100644
--- a/2012/CVE-2012-2982.json
+++ b/2012/CVE-2012-2982.json
@@ -133,19 +133,19 @@
"description": "A Python replicated exploit for Webmin 1.580 \/file\/show.cgi Remote Code Execution",
"fork": false,
"created_at": "2021-09-04T04:01:56Z",
- "updated_at": "2023-07-20T00:33:12Z",
+ "updated_at": "2023-07-21T09:27:16Z",
"pushed_at": "2021-09-28T16:14:13Z",
- "stargazers_count": 31,
- "watchers_count": 31,
+ "stargazers_count": 32,
+ "watchers_count": 32,
"has_discussions": false,
- "forks_count": 9,
+ "forks_count": 10,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
- "forks": 9,
- "watchers": 31,
+ "forks": 10,
+ "watchers": 32,
"score": 0,
"subscribers_count": 2
},
diff --git a/2016/CVE-2016-5195.json b/2016/CVE-2016-5195.json
index 47fd58f293..af5f0cb673 100644
--- a/2016/CVE-2016-5195.json
+++ b/2016/CVE-2016-5195.json
@@ -233,10 +233,10 @@
"description": "PoC for Dirty COW (CVE-2016-5195)",
"fork": false,
"created_at": "2016-10-22T15:25:34Z",
- "updated_at": "2023-07-20T03:30:22Z",
+ "updated_at": "2023-07-21T06:52:11Z",
"pushed_at": "2022-03-16T12:08:54Z",
- "stargazers_count": 444,
- "watchers_count": 444,
+ "stargazers_count": 445,
+ "watchers_count": 445,
"has_discussions": false,
"forks_count": 150,
"allow_forking": true,
@@ -245,7 +245,7 @@
"topics": [],
"visibility": "public",
"forks": 150,
- "watchers": 444,
+ "watchers": 445,
"score": 0,
"subscribers_count": 20
},
diff --git a/2017/CVE-2017-12615.json b/2017/CVE-2017-12615.json
index d5aad2cce1..7eb1b016ab 100644
--- a/2017/CVE-2017-12615.json
+++ b/2017/CVE-2017-12615.json
@@ -13,10 +13,10 @@
"description": "POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.",
"fork": false,
"created_at": "2017-09-23T06:15:48Z",
- "updated_at": "2023-06-12T20:57:43Z",
+ "updated_at": "2023-07-21T12:59:58Z",
"pushed_at": "2022-10-09T12:13:03Z",
- "stargazers_count": 101,
- "watchers_count": 101,
+ "stargazers_count": 100,
+ "watchers_count": 100,
"has_discussions": false,
"forks_count": 24,
"allow_forking": true,
@@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 24,
- "watchers": 101,
+ "watchers": 100,
"score": 0,
"subscribers_count": 5
},
diff --git a/2018/CVE-2018-8897.json b/2018/CVE-2018-8897.json
index 39c29aaeac..f08b53a8ae 100644
--- a/2018/CVE-2018-8897.json
+++ b/2018/CVE-2018-8897.json
@@ -73,10 +73,10 @@
"description": "Arbitrary code execution with kernel privileges using CVE-2018-8897.",
"fork": false,
"created_at": "2018-05-13T19:34:17Z",
- "updated_at": "2023-06-17T23:13:44Z",
+ "updated_at": "2023-07-21T10:03:25Z",
"pushed_at": "2018-05-18T12:26:53Z",
- "stargazers_count": 407,
- "watchers_count": 407,
+ "stargazers_count": 408,
+ "watchers_count": 408,
"has_discussions": false,
"forks_count": 112,
"allow_forking": true,
@@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 112,
- "watchers": 407,
+ "watchers": 408,
"score": 0,
"subscribers_count": 16
},
diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json
index 39545012b2..8cc751121a 100644
--- a/2019/CVE-2019-0708.json
+++ b/2019/CVE-2019-0708.json
@@ -2944,10 +2944,10 @@
"description": "ispy V1.0 - Eternalblue(ms17-010)\/Bluekeep(CVE-2019-0708) Scanner and exploit ( Metasploit automation )",
"fork": false,
"created_at": "2019-09-30T19:46:21Z",
- "updated_at": "2023-07-06T12:19:05Z",
+ "updated_at": "2023-07-21T06:54:12Z",
"pushed_at": "2021-02-06T00:24:21Z",
- "stargazers_count": 226,
- "watchers_count": 226,
+ "stargazers_count": 227,
+ "watchers_count": 227,
"has_discussions": false,
"forks_count": 77,
"allow_forking": true,
@@ -2956,7 +2956,7 @@
"topics": [],
"visibility": "public",
"forks": 77,
- "watchers": 226,
+ "watchers": 227,
"score": 0,
"subscribers_count": 22
},
@@ -3154,10 +3154,10 @@
"description": "CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7",
"fork": false,
"created_at": "2020-03-15T19:33:53Z",
- "updated_at": "2023-07-19T15:46:22Z",
+ "updated_at": "2023-07-21T10:41:56Z",
"pushed_at": "2022-03-28T04:10:20Z",
- "stargazers_count": 104,
- "watchers_count": 104,
+ "stargazers_count": 105,
+ "watchers_count": 105,
"has_discussions": false,
"forks_count": 18,
"allow_forking": true,
@@ -3166,7 +3166,7 @@
"topics": [],
"visibility": "public",
"forks": 18,
- "watchers": 104,
+ "watchers": 105,
"score": 0,
"subscribers_count": 3
},
diff --git a/2019/CVE-2019-10915.json b/2019/CVE-2019-10915.json
new file mode 100644
index 0000000000..0c2fd17987
--- /dev/null
+++ b/2019/CVE-2019-10915.json
@@ -0,0 +1,32 @@
+[
+ {
+ "id": 198133475,
+ "name": "CVE-2019-10915",
+ "full_name": "jiansiting\/CVE-2019-10915",
+ "owner": {
+ "login": "jiansiting",
+ "id": 28823754,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/28823754?v=4",
+ "html_url": "https:\/\/github.com\/jiansiting"
+ },
+ "html_url": "https:\/\/github.com\/jiansiting\/CVE-2019-10915",
+ "description": "Siemens TIA administrator Tool RCE",
+ "fork": false,
+ "created_at": "2019-07-22T02:38:54Z",
+ "updated_at": "2022-03-17T11:43:58Z",
+ "pushed_at": "2019-07-22T11:48:39Z",
+ "stargazers_count": 4,
+ "watchers_count": 4,
+ "has_discussions": false,
+ "forks_count": 4,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [],
+ "visibility": "public",
+ "forks": 4,
+ "watchers": 4,
+ "score": 0,
+ "subscribers_count": 1
+ }
+]
\ No newline at end of file
diff --git a/2019/CVE-2019-11581.json b/2019/CVE-2019-11581.json
index bda6ba862b..fd7393c51e 100644
--- a/2019/CVE-2019-11581.json
+++ b/2019/CVE-2019-11581.json
@@ -1,4 +1,34 @@
[
+ {
+ "id": 197105656,
+ "name": "CVE-2019-11581",
+ "full_name": "jas502n\/CVE-2019-11581",
+ "owner": {
+ "login": "jas502n",
+ "id": 16593068,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4",
+ "html_url": "https:\/\/github.com\/jas502n"
+ },
+ "html_url": "https:\/\/github.com\/jas502n\/CVE-2019-11581",
+ "description": "Atlassian JIRA Template injection vulnerability RCE",
+ "fork": false,
+ "created_at": "2019-07-16T02:27:00Z",
+ "updated_at": "2023-07-15T07:32:37Z",
+ "pushed_at": "2019-07-22T06:47:52Z",
+ "stargazers_count": 92,
+ "watchers_count": 92,
+ "has_discussions": false,
+ "forks_count": 30,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [],
+ "visibility": "public",
+ "forks": 30,
+ "watchers": 92,
+ "score": 0,
+ "subscribers_count": 3
+ },
{
"id": 198763431,
"name": "CVE-2019-11581",
diff --git a/2020/CVE-2020-0069.json b/2020/CVE-2020-0069.json
index b49eafa011..c9a4505ab7 100644
--- a/2020/CVE-2020-0069.json
+++ b/2020/CVE-2020-0069.json
@@ -13,10 +13,10 @@
"description": "Root your MediaTek device with CVE-2020-0069",
"fork": false,
"created_at": "2019-09-06T12:12:48Z",
- "updated_at": "2023-06-28T13:53:16Z",
+ "updated_at": "2023-07-21T08:59:42Z",
"pushed_at": "2023-02-06T19:18:56Z",
- "stargazers_count": 116,
- "watchers_count": 116,
+ "stargazers_count": 118,
+ "watchers_count": 118,
"has_discussions": false,
"forks_count": 22,
"allow_forking": true,
@@ -30,7 +30,7 @@
],
"visibility": "public",
"forks": 22,
- "watchers": 116,
+ "watchers": 118,
"score": 0,
"subscribers_count": 9
},
diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json
index efd335ae09..e3103735b1 100644
--- a/2020/CVE-2020-1472.json
+++ b/2020/CVE-2020-1472.json
@@ -43,10 +43,10 @@
"description": "Test tool for CVE-2020-1472",
"fork": false,
"created_at": "2020-09-08T08:58:37Z",
- "updated_at": "2023-07-21T06:07:49Z",
+ "updated_at": "2023-07-21T13:22:22Z",
"pushed_at": "2023-07-20T10:51:42Z",
- "stargazers_count": 1612,
- "watchers_count": 1612,
+ "stargazers_count": 1613,
+ "watchers_count": 1613,
"has_discussions": false,
"forks_count": 358,
"allow_forking": true,
@@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 358,
- "watchers": 1612,
+ "watchers": 1613,
"score": 0,
"subscribers_count": 90
},
@@ -170,10 +170,10 @@
"description": "Exploit for zerologon cve-2020-1472",
"fork": false,
"created_at": "2020-09-14T19:19:07Z",
- "updated_at": "2023-07-21T06:04:56Z",
+ "updated_at": "2023-07-21T10:40:00Z",
"pushed_at": "2020-10-15T18:31:15Z",
- "stargazers_count": 544,
- "watchers_count": 544,
+ "stargazers_count": 545,
+ "watchers_count": 545,
"has_discussions": false,
"forks_count": 142,
"allow_forking": true,
@@ -182,7 +182,7 @@
"topics": [],
"visibility": "public",
"forks": 142,
- "watchers": 544,
+ "watchers": 545,
"score": 0,
"subscribers_count": 13
},
diff --git a/2020/CVE-2020-14883.json b/2020/CVE-2020-14883.json
index 5e1a92429d..3e82309b0b 100644
--- a/2020/CVE-2020-14883.json
+++ b/2020/CVE-2020-14883.json
@@ -133,10 +133,10 @@
"description": "Alibaba-Nacos-Unauthorized\/ApacheDruid-RCE_CVE-2021-25646\/MS-Exchange-SSRF-CVE-2021-26885\/Oracle-WebLogic-CVE-2021-2109_RCE\/RG-CNVD-2021-14536\/RJ-SSL-VPN-UltraVires\/Redis-Unauthorized-RCE\/TDOA-V11.7-GetOnlineCookie\/VMware-vCenter-GetAnyFile\/yongyou-GRP-U8-XXE\/Oracle-WebLogic-CVE-2020-14883\/Oracle-WebLogic-CVE-2020-14882\/Apache-Solr-GetAnyFile\/F5-BIG-IP-CVE-2021-22986\/Sonicwall-SSL-VPN-RCE\/GitLab-Graphql-CNVD-2021-14193\/D-Link-DCS-CVE-2020-25078\/WLAN-AP-WEA453e-RCE\/360TianQing-Unauthorized\/360TianQing-SQLinjection\/FanWeiOA-V8-SQLinjection\/QiZhiBaoLeiJi-AnyUserLogin\/QiAnXin-WangKangFirewall-RCE\/金山-V8-终端安全系统\/NCCloud-SQLinjection\/ShowDoc-RCE",
"fork": false,
"created_at": "2021-03-11T22:49:17Z",
- "updated_at": "2023-07-19T14:45:41Z",
+ "updated_at": "2023-07-21T06:46:24Z",
"pushed_at": "2023-05-11T14:36:58Z",
- "stargazers_count": 1054,
- "watchers_count": 1054,
+ "stargazers_count": 1055,
+ "watchers_count": 1055,
"has_discussions": false,
"forks_count": 327,
"allow_forking": true,
@@ -149,7 +149,7 @@
],
"visibility": "public",
"forks": 327,
- "watchers": 1054,
+ "watchers": 1055,
"score": 0,
"subscribers_count": 37
}
diff --git a/2021/CVE-2021-1675.json b/2021/CVE-2021-1675.json
index 4bc7a741ae..934a2cae95 100644
--- a/2021/CVE-2021-1675.json
+++ b/2021/CVE-2021-1675.json
@@ -301,10 +301,10 @@
"description": "Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)",
"fork": false,
"created_at": "2021-07-01T23:45:58Z",
- "updated_at": "2023-07-20T02:59:46Z",
+ "updated_at": "2023-07-21T07:44:00Z",
"pushed_at": "2021-07-05T08:54:06Z",
- "stargazers_count": 924,
- "watchers_count": 924,
+ "stargazers_count": 925,
+ "watchers_count": 925,
"has_discussions": false,
"forks_count": 228,
"allow_forking": true,
@@ -313,7 +313,7 @@
"topics": [],
"visibility": "public",
"forks": 228,
- "watchers": 924,
+ "watchers": 925,
"score": 0,
"subscribers_count": 25
},
diff --git a/2021/CVE-2021-25646.json b/2021/CVE-2021-25646.json
index 4e35a9de8e..4ead984938 100644
--- a/2021/CVE-2021-25646.json
+++ b/2021/CVE-2021-25646.json
@@ -133,10 +133,10 @@
"description": "Alibaba-Nacos-Unauthorized\/ApacheDruid-RCE_CVE-2021-25646\/MS-Exchange-SSRF-CVE-2021-26885\/Oracle-WebLogic-CVE-2021-2109_RCE\/RG-CNVD-2021-14536\/RJ-SSL-VPN-UltraVires\/Redis-Unauthorized-RCE\/TDOA-V11.7-GetOnlineCookie\/VMware-vCenter-GetAnyFile\/yongyou-GRP-U8-XXE\/Oracle-WebLogic-CVE-2020-14883\/Oracle-WebLogic-CVE-2020-14882\/Apache-Solr-GetAnyFile\/F5-BIG-IP-CVE-2021-22986\/Sonicwall-SSL-VPN-RCE\/GitLab-Graphql-CNVD-2021-14193\/D-Link-DCS-CVE-2020-25078\/WLAN-AP-WEA453e-RCE\/360TianQing-Unauthorized\/360TianQing-SQLinjection\/FanWeiOA-V8-SQLinjection\/QiZhiBaoLeiJi-AnyUserLogin\/QiAnXin-WangKangFirewall-RCE\/金山-V8-终端安全系统\/NCCloud-SQLinjection\/ShowDoc-RCE",
"fork": false,
"created_at": "2021-03-11T22:49:17Z",
- "updated_at": "2023-07-19T14:45:41Z",
+ "updated_at": "2023-07-21T06:46:24Z",
"pushed_at": "2023-05-11T14:36:58Z",
- "stargazers_count": 1054,
- "watchers_count": 1054,
+ "stargazers_count": 1055,
+ "watchers_count": 1055,
"has_discussions": false,
"forks_count": 327,
"allow_forking": true,
@@ -149,7 +149,7 @@
],
"visibility": "public",
"forks": 327,
- "watchers": 1054,
+ "watchers": 1055,
"score": 0,
"subscribers_count": 37
},
diff --git a/2021/CVE-2021-31805.json b/2021/CVE-2021-31805.json
index df508f1c64..a3c427553d 100644
--- a/2021/CVE-2021-31805.json
+++ b/2021/CVE-2021-31805.json
@@ -13,10 +13,10 @@
"description": "远程代码执行S2-062 CVE-2021-31805验证POC",
"fork": false,
"created_at": "2022-04-15T01:50:14Z",
- "updated_at": "2023-06-02T15:24:53Z",
+ "updated_at": "2023-07-21T10:35:09Z",
"pushed_at": "2022-04-17T08:19:59Z",
- "stargazers_count": 129,
- "watchers_count": 129,
+ "stargazers_count": 128,
+ "watchers_count": 128,
"has_discussions": false,
"forks_count": 57,
"allow_forking": true,
@@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 57,
- "watchers": 129,
+ "watchers": 128,
"score": 0,
"subscribers_count": 4
},
diff --git a/2021/CVE-2021-3560.json b/2021/CVE-2021-3560.json
index 5637eea35e..a7d3b814ee 100644
--- a/2021/CVE-2021-3560.json
+++ b/2021/CVE-2021-3560.json
@@ -202,10 +202,10 @@
"description": "Privilege escalation with polkit - CVE-2021-3560",
"fork": false,
"created_at": "2021-06-19T08:15:17Z",
- "updated_at": "2023-07-20T11:44:36Z",
+ "updated_at": "2023-07-21T08:49:35Z",
"pushed_at": "2021-06-20T07:38:13Z",
- "stargazers_count": 110,
- "watchers_count": 110,
+ "stargazers_count": 111,
+ "watchers_count": 111,
"has_discussions": false,
"forks_count": 58,
"allow_forking": true,
@@ -214,7 +214,7 @@
"topics": [],
"visibility": "public",
"forks": 58,
- "watchers": 110,
+ "watchers": 111,
"score": 0,
"subscribers_count": 3
},
diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json
index 12a850269b..7e7f075126 100644
--- a/2021/CVE-2021-4034.json
+++ b/2021/CVE-2021-4034.json
@@ -1982,10 +1982,10 @@
"description": "Proof of concept for pwnkit vulnerability",
"fork": false,
"created_at": "2022-01-27T14:43:57Z",
- "updated_at": "2023-06-02T15:24:48Z",
+ "updated_at": "2023-07-21T08:33:28Z",
"pushed_at": "2023-01-12T19:23:29Z",
- "stargazers_count": 331,
- "watchers_count": 331,
+ "stargazers_count": 330,
+ "watchers_count": 330,
"has_discussions": false,
"forks_count": 41,
"allow_forking": true,
@@ -1994,7 +1994,7 @@
"topics": [],
"visibility": "public",
"forks": 41,
- "watchers": 331,
+ "watchers": 330,
"score": 0,
"subscribers_count": 6
},
diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json
index f631a149cd..14b3930c72 100644
--- a/2021/CVE-2021-44228.json
+++ b/2021/CVE-2021-44228.json
@@ -103,10 +103,10 @@
"description": "Remote Code Injection In Log4j",
"fork": false,
"created_at": "2021-12-10T05:23:44Z",
- "updated_at": "2023-07-07T19:11:15Z",
+ "updated_at": "2023-07-21T11:39:16Z",
"pushed_at": "2022-01-18T12:01:52Z",
- "stargazers_count": 440,
- "watchers_count": 440,
+ "stargazers_count": 441,
+ "watchers_count": 441,
"has_discussions": false,
"forks_count": 127,
"allow_forking": true,
@@ -115,7 +115,7 @@
"topics": [],
"visibility": "public",
"forks": 127,
- "watchers": 440,
+ "watchers": 441,
"score": 0,
"subscribers_count": 7
},
@@ -3703,10 +3703,10 @@
"description": "A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 ",
"fork": false,
"created_at": "2021-12-13T03:57:50Z",
- "updated_at": "2023-07-19T08:48:59Z",
+ "updated_at": "2023-07-21T10:49:07Z",
"pushed_at": "2022-11-23T18:23:24Z",
- "stargazers_count": 3274,
- "watchers_count": 3274,
+ "stargazers_count": 3273,
+ "watchers_count": 3273,
"has_discussions": true,
"forks_count": 745,
"allow_forking": true,
@@ -3715,7 +3715,7 @@
"topics": [],
"visibility": "public",
"forks": 745,
- "watchers": 3274,
+ "watchers": 3273,
"score": 0,
"subscribers_count": 60
},
diff --git a/2022/CVE-2022-0540.json b/2022/CVE-2022-0540.json
index 005da5ca32..4943d71104 100644
--- a/2022/CVE-2022-0540.json
+++ b/2022/CVE-2022-0540.json
@@ -13,10 +13,10 @@
"description": "Atlassian Jira Seraph Authentication Bypass RCE(CVE-2022-0540)",
"fork": false,
"created_at": "2022-05-25T10:47:04Z",
- "updated_at": "2023-07-15T23:31:45Z",
+ "updated_at": "2023-07-21T08:20:33Z",
"pushed_at": "2022-05-25T13:43:16Z",
- "stargazers_count": 64,
- "watchers_count": 64,
+ "stargazers_count": 65,
+ "watchers_count": 65,
"has_discussions": false,
"forks_count": 16,
"allow_forking": true,
@@ -28,7 +28,7 @@
],
"visibility": "public",
"forks": 16,
- "watchers": 64,
+ "watchers": 65,
"score": 0,
"subscribers_count": 1
}
diff --git a/2022/CVE-2022-0847.json b/2022/CVE-2022-0847.json
index 2b2db4909d..81a7168b5c 100644
--- a/2022/CVE-2022-0847.json
+++ b/2022/CVE-2022-0847.json
@@ -133,10 +133,10 @@
"description": "A root exploit for CVE-2022-0847 (Dirty Pipe)",
"fork": false,
"created_at": "2022-03-07T18:55:20Z",
- "updated_at": "2023-07-19T13:09:57Z",
+ "updated_at": "2023-07-21T08:33:50Z",
"pushed_at": "2022-03-08T06:20:05Z",
- "stargazers_count": 1044,
- "watchers_count": 1044,
+ "stargazers_count": 1043,
+ "watchers_count": 1043,
"has_discussions": false,
"forks_count": 220,
"allow_forking": true,
@@ -145,7 +145,7 @@
"topics": [],
"visibility": "public",
"forks": 220,
- "watchers": 1044,
+ "watchers": 1043,
"score": 0,
"subscribers_count": 17
},
diff --git a/2022/CVE-2022-28368.json b/2022/CVE-2022-28368.json
index 926426da66..c7cefd9205 100644
--- a/2022/CVE-2022-28368.json
+++ b/2022/CVE-2022-28368.json
@@ -13,10 +13,10 @@
"description": "Dompdf RCE PoC Exploit - CVE-2022-28368",
"fork": false,
"created_at": "2023-02-13T08:10:00Z",
- "updated_at": "2023-07-17T12:36:06Z",
+ "updated_at": "2023-07-21T10:16:06Z",
"pushed_at": "2023-06-03T10:00:01Z",
- "stargazers_count": 11,
- "watchers_count": 11,
+ "stargazers_count": 10,
+ "watchers_count": 10,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@@ -30,7 +30,7 @@
],
"visibility": "public",
"forks": 1,
- "watchers": 11,
+ "watchers": 10,
"score": 0,
"subscribers_count": 1
},
diff --git a/2022/CVE-2022-40127.json b/2022/CVE-2022-40127.json
index 2a0bb18f09..b9e6c6fa8a 100644
--- a/2022/CVE-2022-40127.json
+++ b/2022/CVE-2022-40127.json
@@ -33,5 +33,35 @@
"watchers": 38,
"score": 0,
"subscribers_count": 3
+ },
+ {
+ "id": 669143228,
+ "name": "CVE-2022-40127",
+ "full_name": "jakabakos\/CVE-2022-40127",
+ "owner": {
+ "login": "jakabakos",
+ "id": 42498816,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42498816?v=4",
+ "html_url": "https:\/\/github.com\/jakabakos"
+ },
+ "html_url": "https:\/\/github.com\/jakabakos\/CVE-2022-40127",
+ "description": "CVE-2022-40127 PoC and exploit",
+ "fork": false,
+ "created_at": "2023-07-21T12:55:16Z",
+ "updated_at": "2023-07-21T12:55:16Z",
+ "pushed_at": "2023-07-21T12:55:16Z",
+ "stargazers_count": 0,
+ "watchers_count": 0,
+ "has_discussions": false,
+ "forks_count": 1,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [],
+ "visibility": "public",
+ "forks": 1,
+ "watchers": 0,
+ "score": 0,
+ "subscribers_count": 0
}
]
\ No newline at end of file
diff --git a/2022/CVE-2022-42046.json b/2022/CVE-2022-42046.json
index d93ae1529e..0179b2084a 100644
--- a/2022/CVE-2022-42046.json
+++ b/2022/CVE-2022-42046.json
@@ -13,10 +13,10 @@
"description": "CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM",
"fork": false,
"created_at": "2022-08-17T16:45:13Z",
- "updated_at": "2023-06-28T23:25:14Z",
+ "updated_at": "2023-07-21T10:23:42Z",
"pushed_at": "2022-12-24T10:29:08Z",
- "stargazers_count": 156,
- "watchers_count": 156,
+ "stargazers_count": 157,
+ "watchers_count": 157,
"has_discussions": true,
"forks_count": 22,
"allow_forking": true,
@@ -28,7 +28,7 @@
],
"visibility": "public",
"forks": 22,
- "watchers": 156,
+ "watchers": 157,
"score": 0,
"subscribers_count": 5
}
diff --git a/2022/CVE-2022-44875.json b/2022/CVE-2022-44875.json
index 9969aef773..82211b6c25 100644
--- a/2022/CVE-2022-44875.json
+++ b/2022/CVE-2022-44875.json
@@ -13,10 +13,10 @@
"description": "Testing CVE-2022-44875",
"fork": false,
"created_at": "2023-07-20T14:30:58Z",
- "updated_at": "2023-07-20T14:30:59Z",
+ "updated_at": "2023-07-21T13:22:12Z",
"pushed_at": "2023-07-20T14:37:46Z",
- "stargazers_count": 0,
- "watchers_count": 0,
+ "stargazers_count": 1,
+ "watchers_count": 1,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
- "watchers": 0,
+ "watchers": 1,
"score": 0,
"subscribers_count": 1
}
diff --git a/2022/CVE-2022-46689.json b/2022/CVE-2022-46689.json
index ca604c84e7..8b719b21a2 100644
--- a/2022/CVE-2022-46689.json
+++ b/2022/CVE-2022-46689.json
@@ -73,10 +73,10 @@
"description": "Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.",
"fork": false,
"created_at": "2022-12-26T06:56:35Z",
- "updated_at": "2023-07-15T05:16:56Z",
+ "updated_at": "2023-07-21T11:08:56Z",
"pushed_at": "2023-02-21T04:16:19Z",
- "stargazers_count": 814,
- "watchers_count": 814,
+ "stargazers_count": 815,
+ "watchers_count": 815,
"has_discussions": false,
"forks_count": 55,
"allow_forking": true,
@@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 55,
- "watchers": 814,
+ "watchers": 815,
"score": 0,
"subscribers_count": 25
},
diff --git a/2023/CVE-2023-0386.json b/2023/CVE-2023-0386.json
index a4370d9548..92795869a4 100644
--- a/2023/CVE-2023-0386.json
+++ b/2023/CVE-2023-0386.json
@@ -73,10 +73,10 @@
"description": "CVE-2023-0386在ubuntu22.04上的提权",
"fork": false,
"created_at": "2023-05-05T03:02:13Z",
- "updated_at": "2023-07-21T01:57:11Z",
+ "updated_at": "2023-07-21T09:40:56Z",
"pushed_at": "2023-06-13T08:58:53Z",
- "stargazers_count": 346,
- "watchers_count": 346,
+ "stargazers_count": 348,
+ "watchers_count": 348,
"has_discussions": false,
"forks_count": 60,
"allow_forking": true,
@@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 60,
- "watchers": 346,
+ "watchers": 348,
"score": 0,
"subscribers_count": 4
},
@@ -193,10 +193,10 @@
"description": "Vulnerabilities Exploitation On Ubuntu 22.04",
"fork": false,
"created_at": "2023-05-16T10:26:10Z",
- "updated_at": "2023-07-13T14:35:33Z",
+ "updated_at": "2023-07-21T09:15:40Z",
"pushed_at": "2023-05-16T10:49:19Z",
- "stargazers_count": 6,
- "watchers_count": 6,
+ "stargazers_count": 7,
+ "watchers_count": 7,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@@ -207,7 +207,7 @@
],
"visibility": "public",
"forks": 1,
- "watchers": 6,
+ "watchers": 7,
"score": 0,
"subscribers_count": 1
},
diff --git a/2023/CVE-2023-20126.json b/2023/CVE-2023-20126.json
new file mode 100644
index 0000000000..9e3920b402
--- /dev/null
+++ b/2023/CVE-2023-20126.json
@@ -0,0 +1,32 @@
+[
+ {
+ "id": 641832121,
+ "name": "RancidCrisco",
+ "full_name": "fullspectrumdev\/RancidCrisco",
+ "owner": {
+ "login": "fullspectrumdev",
+ "id": 132891614,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/132891614?v=4",
+ "html_url": "https:\/\/github.com\/fullspectrumdev"
+ },
+ "html_url": "https:\/\/github.com\/fullspectrumdev\/RancidCrisco",
+ "description": "PoC for CVE-2023-20126",
+ "fork": false,
+ "created_at": "2023-05-17T08:59:40Z",
+ "updated_at": "2023-07-21T13:24:20Z",
+ "pushed_at": "2023-06-20T12:45:45Z",
+ "stargazers_count": 2,
+ "watchers_count": 2,
+ "has_discussions": false,
+ "forks_count": 0,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [],
+ "visibility": "public",
+ "forks": 0,
+ "watchers": 2,
+ "score": 0,
+ "subscribers_count": 0
+ }
+]
\ No newline at end of file
diff --git a/2023/CVE-2023-23397.json b/2023/CVE-2023-23397.json
index 87fe83a488..51a5483ffa 100644
--- a/2023/CVE-2023-23397.json
+++ b/2023/CVE-2023-23397.json
@@ -173,10 +173,10 @@
"description": null,
"fork": false,
"created_at": "2023-03-16T19:43:39Z",
- "updated_at": "2023-07-17T23:46:40Z",
+ "updated_at": "2023-07-21T13:31:37Z",
"pushed_at": "2023-03-17T07:47:40Z",
- "stargazers_count": 334,
- "watchers_count": 334,
+ "stargazers_count": 333,
+ "watchers_count": 333,
"has_discussions": false,
"forks_count": 62,
"allow_forking": true,
@@ -185,7 +185,7 @@
"topics": [],
"visibility": "public",
"forks": 62,
- "watchers": 334,
+ "watchers": 333,
"score": 0,
"subscribers_count": 6
},
diff --git a/2023/CVE-2023-23752.json b/2023/CVE-2023-23752.json
index add7d338a8..1713338092 100644
--- a/2023/CVE-2023-23752.json
+++ b/2023/CVE-2023-23752.json
@@ -381,7 +381,7 @@
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
- "forks_count": 6,
+ "forks_count": 7,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@@ -391,7 +391,7 @@
"joomla"
],
"visibility": "public",
- "forks": 6,
+ "forks": 7,
"watchers": 7,
"score": 0,
"subscribers_count": 1
diff --git a/2023/CVE-2023-28121.json b/2023/CVE-2023-28121.json
index 22ad30ef47..bc1e2f896a 100644
--- a/2023/CVE-2023-28121.json
+++ b/2023/CVE-2023-28121.json
@@ -13,10 +13,10 @@
"description": "WooCommerce Payments: Unauthorized Admin Access Exploit",
"fork": false,
"created_at": "2023-03-30T23:50:39Z",
- "updated_at": "2023-07-20T13:58:02Z",
+ "updated_at": "2023-07-21T10:07:06Z",
"pushed_at": "2023-05-31T13:21:43Z",
- "stargazers_count": 7,
- "watchers_count": 7,
+ "stargazers_count": 8,
+ "watchers_count": 8,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
@@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 8,
- "watchers": 7,
+ "watchers": 8,
"score": 0,
"subscribers_count": 1
},
diff --git a/2023/CVE-2023-28252.json b/2023/CVE-2023-28252.json
index 0eff87a9ad..33b1b54023 100644
--- a/2023/CVE-2023-28252.json
+++ b/2023/CVE-2023-28252.json
@@ -13,10 +13,10 @@
"description": null,
"fork": false,
"created_at": "2023-06-27T12:22:05Z",
- "updated_at": "2023-07-21T01:34:50Z",
+ "updated_at": "2023-07-21T09:30:57Z",
"pushed_at": "2023-07-10T16:57:44Z",
- "stargazers_count": 104,
- "watchers_count": 104,
+ "stargazers_count": 105,
+ "watchers_count": 105,
"has_discussions": false,
"forks_count": 28,
"allow_forking": true,
@@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 28,
- "watchers": 104,
+ "watchers": 105,
"score": 0,
"subscribers_count": 2
},
diff --git a/2023/CVE-2023-28771.json b/2023/CVE-2023-28771.json
index 6d339f02b7..9c48c437b0 100644
--- a/2023/CVE-2023-28771.json
+++ b/2023/CVE-2023-28771.json
@@ -13,10 +13,10 @@
"description": "PoC for CVE-2023-28771 based on Rapid7's excellent writeup",
"fork": false,
"created_at": "2023-05-23T02:37:39Z",
- "updated_at": "2023-07-16T16:00:37Z",
+ "updated_at": "2023-07-21T09:19:27Z",
"pushed_at": "2023-05-23T02:49:05Z",
- "stargazers_count": 21,
- "watchers_count": 21,
+ "stargazers_count": 22,
+ "watchers_count": 22,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@@ -27,7 +27,7 @@
],
"visibility": "public",
"forks": 3,
- "watchers": 21,
+ "watchers": 22,
"score": 0,
"subscribers_count": 1
},
diff --git a/2023/CVE-2023-30367.json b/2023/CVE-2023-30367.json
index 8aa2723bf9..68e0e6de21 100644
--- a/2023/CVE-2023-30367.json
+++ b/2023/CVE-2023-30367.json
@@ -13,10 +13,10 @@
"description": "Original PoC for CVE-2023-30367",
"fork": false,
"created_at": "2023-07-08T18:16:39Z",
- "updated_at": "2023-07-21T06:43:55Z",
- "pushed_at": "2023-07-11T19:41:34Z",
- "stargazers_count": 0,
- "watchers_count": 0,
+ "updated_at": "2023-07-21T09:06:43Z",
+ "pushed_at": "2023-07-21T08:56:31Z",
+ "stargazers_count": 1,
+ "watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
- "watchers": 0,
+ "watchers": 1,
"score": 0,
"subscribers_count": 0
}
diff --git a/2023/CVE-2023-32233.json b/2023/CVE-2023-32233.json
index 9ab9b6bb41..16cf8fecf1 100644
--- a/2023/CVE-2023-32233.json
+++ b/2023/CVE-2023-32233.json
@@ -43,10 +43,10 @@
"description": "CVE-2023-32233: Linux内核中的安全漏洞",
"fork": false,
"created_at": "2023-05-16T03:06:40Z",
- "updated_at": "2023-07-21T05:43:43Z",
+ "updated_at": "2023-07-21T10:20:22Z",
"pushed_at": "2023-05-16T04:34:16Z",
- "stargazers_count": 262,
- "watchers_count": 262,
+ "stargazers_count": 264,
+ "watchers_count": 264,
"has_discussions": false,
"forks_count": 63,
"allow_forking": true,
@@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 63,
- "watchers": 262,
+ "watchers": 264,
"score": 0,
"subscribers_count": 3
},
@@ -73,10 +73,10 @@
"description": "Use-After-Free in Netfilter nf_tables when processing batch requests CVE-2023-32233",
"fork": false,
"created_at": "2023-05-16T05:58:03Z",
- "updated_at": "2023-07-19T15:59:21Z",
+ "updated_at": "2023-07-21T07:03:05Z",
"pushed_at": "2023-06-20T06:58:04Z",
- "stargazers_count": 32,
- "watchers_count": 32,
+ "stargazers_count": 33,
+ "watchers_count": 33,
"has_discussions": false,
"forks_count": 6,
"allow_forking": true,
@@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 6,
- "watchers": 32,
+ "watchers": 33,
"score": 0,
"subscribers_count": 1
}
diff --git a/2023/CVE-2023-3269.json b/2023/CVE-2023-3269.json
index 203944bbcf..c2ab63393d 100644
--- a/2023/CVE-2023-3269.json
+++ b/2023/CVE-2023-3269.json
@@ -13,10 +13,10 @@
"description": "CVE-2023-3269: Linux kernel privilege escalation vulnerability",
"fork": false,
"created_at": "2023-06-28T13:22:26Z",
- "updated_at": "2023-07-20T22:56:43Z",
+ "updated_at": "2023-07-21T07:08:09Z",
"pushed_at": "2023-07-08T09:27:10Z",
- "stargazers_count": 294,
- "watchers_count": 294,
+ "stargazers_count": 295,
+ "watchers_count": 295,
"has_discussions": false,
"forks_count": 26,
"allow_forking": true,
@@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 26,
- "watchers": 294,
+ "watchers": 295,
"score": 0,
"subscribers_count": 19
}
diff --git a/2023/CVE-2023-34600.json b/2023/CVE-2023-34600.json
index e20f5b6f86..3c4c57f660 100644
--- a/2023/CVE-2023-34600.json
+++ b/2023/CVE-2023-34600.json
@@ -14,7 +14,7 @@
"fork": false,
"created_at": "2023-06-16T08:30:10Z",
"updated_at": "2023-06-16T08:30:10Z",
- "pushed_at": "2023-06-28T06:35:50Z",
+ "pushed_at": "2023-07-21T08:35:11Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
diff --git a/2023/CVE-2023-3519.json b/2023/CVE-2023-3519.json
index d5ada6e9ce..cf579fbca6 100644
--- a/2023/CVE-2023-3519.json
+++ b/2023/CVE-2023-3519.json
@@ -13,12 +13,12 @@
"description": "Citrix Scanner for CVE-2023-3519",
"fork": false,
"created_at": "2023-07-20T13:16:38Z",
- "updated_at": "2023-07-21T06:40:35Z",
- "pushed_at": "2023-07-20T19:34:08Z",
- "stargazers_count": 15,
- "watchers_count": 15,
+ "updated_at": "2023-07-21T13:40:46Z",
+ "pushed_at": "2023-07-21T09:43:23Z",
+ "stargazers_count": 22,
+ "watchers_count": 22,
"has_discussions": false,
- "forks_count": 2,
+ "forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@@ -28,8 +28,8 @@
"patch"
],
"visibility": "public",
- "forks": 2,
- "watchers": 15,
+ "forks": 3,
+ "watchers": 22,
"score": 0,
"subscribers_count": 4
},
@@ -44,13 +44,48 @@
"html_url": "https:\/\/github.com\/securekomodo"
},
"html_url": "https:\/\/github.com\/securekomodo\/citrixInspector",
- "description": "Accurately fingerprint and detect vulnerable versions of Netscaler \/ Citrix ADC to CVE-2023-3519",
+ "description": "Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler \/ Citrix ADC to CVE-2023-3519",
"fork": false,
"created_at": "2023-07-20T16:05:07Z",
- "updated_at": "2023-07-21T06:24:04Z",
- "pushed_at": "2023-07-20T16:25:39Z",
- "stargazers_count": 2,
- "watchers_count": 2,
+ "updated_at": "2023-07-21T12:47:55Z",
+ "pushed_at": "2023-07-21T12:42:38Z",
+ "stargazers_count": 3,
+ "watchers_count": 3,
+ "has_discussions": false,
+ "forks_count": 1,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [
+ "citrix",
+ "citrix-netscaler",
+ "cve-2023-3519",
+ "vulnerability-scanners"
+ ],
+ "visibility": "public",
+ "forks": 1,
+ "watchers": 3,
+ "score": 0,
+ "subscribers_count": 1
+ },
+ {
+ "id": 669063469,
+ "name": "CVE-2023-3519",
+ "full_name": "mr-r3b00t\/CVE-2023-3519",
+ "owner": {
+ "login": "mr-r3b00t",
+ "id": 14963690,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14963690?v=4",
+ "html_url": "https:\/\/github.com\/mr-r3b00t"
+ },
+ "html_url": "https:\/\/github.com\/mr-r3b00t\/CVE-2023-3519",
+ "description": null,
+ "fork": false,
+ "created_at": "2023-07-21T08:55:28Z",
+ "updated_at": "2023-07-21T13:38:56Z",
+ "pushed_at": "2023-07-21T09:02:23Z",
+ "stargazers_count": 4,
+ "watchers_count": 4,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@@ -59,8 +94,38 @@
"topics": [],
"visibility": "public",
"forks": 1,
- "watchers": 2,
+ "watchers": 4,
"score": 0,
- "subscribers_count": 1
+ "subscribers_count": 0
+ },
+ {
+ "id": 669106772,
+ "name": "CVE-2023-3519",
+ "full_name": "d0rb\/CVE-2023-3519",
+ "owner": {
+ "login": "d0rb",
+ "id": 10403781,
+ "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10403781?v=4",
+ "html_url": "https:\/\/github.com\/d0rb"
+ },
+ "html_url": "https:\/\/github.com\/d0rb\/CVE-2023-3519",
+ "description": "CVE-2023-3519",
+ "fork": false,
+ "created_at": "2023-07-21T11:02:21Z",
+ "updated_at": "2023-07-21T11:03:29Z",
+ "pushed_at": "2023-07-21T13:17:58Z",
+ "stargazers_count": 0,
+ "watchers_count": 0,
+ "has_discussions": false,
+ "forks_count": 1,
+ "allow_forking": true,
+ "is_template": false,
+ "web_commit_signoff_required": false,
+ "topics": [],
+ "visibility": "public",
+ "forks": 1,
+ "watchers": 0,
+ "score": 0,
+ "subscribers_count": 0
}
]
\ No newline at end of file
diff --git a/2023/CVE-2023-38408.json b/2023/CVE-2023-38408.json
index 4528b2a05c..52bacaf68a 100644
--- a/2023/CVE-2023-38408.json
+++ b/2023/CVE-2023-38408.json
@@ -13,10 +13,10 @@
"description": "CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent",
"fork": false,
"created_at": "2023-07-21T01:53:10Z",
- "updated_at": "2023-07-21T05:50:24Z",
+ "updated_at": "2023-07-21T12:46:21Z",
"pushed_at": "2023-07-21T01:56:59Z",
- "stargazers_count": 3,
- "watchers_count": 3,
+ "stargazers_count": 6,
+ "watchers_count": 6,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@@ -28,7 +28,7 @@
],
"visibility": "public",
"forks": 4,
- "watchers": 3,
+ "watchers": 6,
"score": 0,
"subscribers_count": 0
}
diff --git a/README.md b/README.md
index 5b691ff53a..9ebcb81911 100644
--- a/README.md
+++ b/README.md
@@ -394,6 +394,8 @@
- [telekom-security/cve-2023-3519-citrix-scanner](https://github.com/telekom-security/cve-2023-3519-citrix-scanner)
- [securekomodo/citrixInspector](https://github.com/securekomodo/citrixInspector)
+- [mr-r3b00t/CVE-2023-3519](https://github.com/mr-r3b00t/CVE-2023-3519)
+- [d0rb/CVE-2023-3519](https://github.com/d0rb/CVE-2023-3519)
### CVE-2023-3640
- [pray77/CVE-2023-3640](https://github.com/pray77/CVE-2023-3640)
@@ -415,6 +417,13 @@
- [redfr0g/CVE-2023-20110](https://github.com/redfr0g/CVE-2023-20110)
+### CVE-2023-20126 (2023-05-04)
+
+A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.
+
+
+- [fullspectrumdev/RancidCrisco](https://github.com/fullspectrumdev/RancidCrisco)
+
### CVE-2023-20178 (2023-06-28)
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.\r\n\r This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
@@ -927,7 +936,7 @@
### CVE-2023-25194 (2023-02-07)
-A possible security vulnerability has been identified in Apache Kafka Connect.\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0.\nWhen configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`\nproperty for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker's LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.\n\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\nclient override policy that permits them.\n\nSince Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage\nin SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka 3.4.0. \n\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\nin addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\n
+A possible security vulnerability has been identified in Apache Kafka Connect API.\nThis requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config\nand a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.\nWhen configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`\nproperty for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the\n`producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties.\nThis will allow the server to connect to the attacker's LDAP server\nand deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server.\nAttacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath.\n\nSince Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box\nconfigurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector\nclient override policy that permits them.\n\nSince Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage\nin SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka Connect 3.4.0. \n\nWe advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for \nvulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally,\nin addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector\nclient config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.\n
- [ohnonoyesyes/CVE-2023-25194](https://github.com/ohnonoyesyes/CVE-2023-25194)
@@ -7100,6 +7109,7 @@
- [Mr-xn/CVE-2022-40127](https://github.com/Mr-xn/CVE-2022-40127)
+- [jakabakos/CVE-2022-40127](https://github.com/jakabakos/CVE-2022-40127)
### CVE-2022-40140 (2022-09-19)
@@ -21486,6 +21496,13 @@
- [KTN1990/CVE-2019-10869](https://github.com/KTN1990/CVE-2019-10869)
+### CVE-2019-10915 (2019-07-11)
+
+A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
+
+
+- [jiansiting/CVE-2019-10915](https://github.com/jiansiting/CVE-2019-10915)
+
### CVE-2019-10945 (2019-04-10)
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
@@ -21640,6 +21657,7 @@
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
+- [jas502n/CVE-2019-11581](https://github.com/jas502n/CVE-2019-11581)
- [kobs0N/CVE-2019-11581](https://github.com/kobs0N/CVE-2019-11581)
- [PetrusViet/CVE-2019-11581](https://github.com/PetrusViet/CVE-2019-11581)