From d3de7b9d8dd22c56a31258c163f017e44420848c Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sun, 6 Aug 2023 09:23:33 +0900 Subject: [PATCH] Auto Update 2023/08/06 00:23:33 --- 2008/CVE-2008-5161.json | 2 +- 2015/CVE-2015-1130.json | 8 ++++---- 2017/CVE-2017-0781.json | 8 ++++---- 2019/CVE-2019-0708.json | 4 ++-- 2019/CVE-2019-17558.json | 4 ++-- 2020/CVE-2020-14882.json | 4 ++-- 2021/CVE-2021-21985.json | 4 ++-- 2021/CVE-2021-22205.json | 2 +- 2021/CVE-2021-22555.json | 30 ++++++++++++++++++++++++++++++ 2021/CVE-2021-22986.json | 2 +- 2021/CVE-2021-3560.json | 8 ++++---- 2021/CVE-2021-44228.json | 8 ++++---- 2021/CVE-2021-56789.json | 4 ++-- 2022/CVE-2022-20409.json | 35 +++++++++++++++++++++++++++++++++++ 2022/CVE-2022-20699.json | 8 ++++---- 2023/CVE-2023-20126.json | 8 ++++---- 2023/CVE-2023-23397.json | 8 ++++---- 2023/CVE-2023-27326.json | 8 ++++---- 2023/CVE-2023-32784.json | 4 ++-- 2023/CVE-2023-35078.json | 8 ++++---- 2023/CVE-2023-3519.json | 12 ++++++------ 2023/CVE-2023-35885.json | 8 ++++---- 2023/CVE-2023-37979.json | 8 ++++---- README.md | 8 ++++++++ 24 files changed, 138 insertions(+), 65 deletions(-) create mode 100644 2022/CVE-2022-20409.json diff --git a/2008/CVE-2008-5161.json b/2008/CVE-2008-5161.json index 5cf0041ea9..244cd394e7 100644 --- a/2008/CVE-2008-5161.json +++ b/2008/CVE-2008-5161.json @@ -14,7 +14,7 @@ "fork": false, "created_at": "2023-05-05T14:13:21Z", "updated_at": "2023-05-07T08:41:43Z", - "pushed_at": "2023-05-07T08:45:52Z", + "pushed_at": "2023-08-05T20:23:38Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2015/CVE-2015-1130.json b/2015/CVE-2015-1130.json index 9caaef8663..96adf65c25 100644 --- a/2015/CVE-2015-1130.json +++ b/2015/CVE-2015-1130.json @@ -13,10 +13,10 @@ "description": "Proof of Concept OS X Application for RootPipe Privilege Escalation Vulnerability (CVE-2015-1130)", "fork": false, "created_at": "2015-04-10T20:43:13Z", - "updated_at": "2016-02-19T01:53:47Z", + "updated_at": "2023-08-05T23:59:02Z", "pushed_at": "2015-04-10T21:03:24Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 3 }, diff --git a/2017/CVE-2017-0781.json b/2017/CVE-2017-0781.json index 1aa3025831..7ecc3aabe8 100644 --- a/2017/CVE-2017-0781.json +++ b/2017/CVE-2017-0781.json @@ -13,10 +13,10 @@ "description": "Blueborne CVE-2017-0781 Android heap overflow vulnerability", "fork": false, "created_at": "2017-10-09T15:13:25Z", - "updated_at": "2023-08-02T17:33:04Z", + "updated_at": "2023-08-05T20:26:04Z", "pushed_at": "2021-07-29T12:00:48Z", - "stargazers_count": 119, - "watchers_count": 119, + "stargazers_count": 120, + "watchers_count": 120, "has_discussions": false, "forks_count": 54, "allow_forking": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 54, - "watchers": 119, + "watchers": 120, "score": 0, "subscribers_count": 11 }, diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index 0bf697d0af..c361b8c3dc 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -1983,13 +1983,13 @@ "stargazers_count": 348, "watchers_count": 348, "has_discussions": false, - "forks_count": 132, + "forks_count": 131, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 132, + "forks": 131, "watchers": 348, "score": 0, "subscribers_count": 30 diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index 5c7c1005e8..04eee1d002 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -48,7 +48,7 @@ "stargazers_count": 3830, "watchers_count": 3830, "has_discussions": false, - "forks_count": 1086, + "forks_count": 1085, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -74,7 +74,7 @@ "webshell" ], "visibility": "public", - "forks": 1086, + "forks": 1085, "watchers": 3830, "score": 0, "subscribers_count": 155 diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index 65181b6476..0ab1317f54 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -18,7 +18,7 @@ "stargazers_count": 3830, "watchers_count": 3830, "has_discussions": false, - "forks_count": 1086, + "forks_count": 1085, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -44,7 +44,7 @@ "webshell" ], "visibility": "public", - "forks": 1086, + "forks": 1085, "watchers": 3830, "score": 0, "subscribers_count": 154 diff --git a/2021/CVE-2021-21985.json b/2021/CVE-2021-21985.json index 961e073462..4442fd962f 100644 --- a/2021/CVE-2021-21985.json +++ b/2021/CVE-2021-21985.json @@ -154,7 +154,7 @@ "forks": 38, "watchers": 110, "score": 0, - "subscribers_count": 3 + "subscribers_count": 4 }, { "id": 373684696, @@ -218,7 +218,7 @@ "forks": 9, "watchers": 32, "score": 0, - "subscribers_count": 3 + "subscribers_count": 4 }, { "id": 384003238, diff --git a/2021/CVE-2021-22205.json b/2021/CVE-2021-22205.json index 030bc06ec5..7c0f8260a7 100644 --- a/2021/CVE-2021-22205.json +++ b/2021/CVE-2021-22205.json @@ -27,7 +27,7 @@ "forks": 45, "watchers": 181, "score": 0, - "subscribers_count": 2 + "subscribers_count": 3 }, { "id": 422090493, diff --git a/2021/CVE-2021-22555.json b/2021/CVE-2021-22555.json index 0d088a5f4f..4b6f919e0c 100644 --- a/2021/CVE-2021-22555.json +++ b/2021/CVE-2021-22555.json @@ -183,5 +183,35 @@ "watchers": 1, "score": 0, "subscribers_count": 2 + }, + { + "id": 675095070, + "name": "CVE-2021-22555", + "full_name": "tukru\/CVE-2021-22555", + "owner": { + "login": "tukru", + "id": 17105451, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/17105451?v=4", + "html_url": "https:\/\/github.com\/tukru" + }, + "html_url": "https:\/\/github.com\/tukru\/CVE-2021-22555", + "description": "This repo hosts TUKRU's Linux Privilege Escalation exploit (CVE-2021-22555). It demonstrates gaining root privileges via a vulnerability. Tested on Ubuntu 5.8.0-48-generic and COS 5.4.89+. Use responsibly and ethically.", + "fork": false, + "created_at": "2023-08-05T18:56:18Z", + "updated_at": "2023-08-05T19:05:03Z", + "pushed_at": "2023-08-05T19:05:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-22986.json b/2021/CVE-2021-22986.json index b0b4a8a194..c85f6b08ae 100644 --- a/2021/CVE-2021-22986.json +++ b/2021/CVE-2021-22986.json @@ -182,7 +182,7 @@ "forks": 34, "watchers": 89, "score": 0, - "subscribers_count": 4 + "subscribers_count": 5 }, { "id": 350261633, diff --git a/2021/CVE-2021-3560.json b/2021/CVE-2021-3560.json index 4139d73151..df4850b809 100644 --- a/2021/CVE-2021-3560.json +++ b/2021/CVE-2021-3560.json @@ -142,10 +142,10 @@ "description": null, "fork": false, "created_at": "2021-06-14T20:08:20Z", - "updated_at": "2023-07-31T07:30:30Z", + "updated_at": "2023-08-05T23:05:17Z", "pushed_at": "2022-11-16T13:14:56Z", - "stargazers_count": 98, - "watchers_count": 98, + "stargazers_count": 99, + "watchers_count": 99, "has_discussions": false, "forks_count": 52, "allow_forking": true, @@ -154,7 +154,7 @@ "topics": [], "visibility": "public", "forks": 52, - "watchers": 98, + "watchers": 99, "score": 0, "subscribers_count": 2 }, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 5f23fd4f2b..727c6a8bcd 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -907,10 +907,10 @@ "description": "A Proof-Of-Concept for the CVE-2021-44228 vulnerability. ", "fork": false, "created_at": "2021-12-10T23:19:28Z", - "updated_at": "2023-08-05T04:10:11Z", + "updated_at": "2023-08-05T23:52:58Z", "pushed_at": "2023-02-08T23:41:04Z", - "stargazers_count": 1628, - "watchers_count": 1628, + "stargazers_count": 1627, + "watchers_count": 1627, "has_discussions": false, "forks_count": 475, "allow_forking": true, @@ -924,7 +924,7 @@ ], "visibility": "public", "forks": 475, - "watchers": 1628, + "watchers": 1627, "score": 0, "subscribers_count": 25 }, diff --git a/2021/CVE-2021-56789.json b/2021/CVE-2021-56789.json index cf838bd77e..3e524ab3d4 100644 --- a/2021/CVE-2021-56789.json +++ b/2021/CVE-2021-56789.json @@ -18,13 +18,13 @@ "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 0, "score": 0, "subscribers_count": 1 diff --git a/2022/CVE-2022-20409.json b/2022/CVE-2022-20409.json new file mode 100644 index 0000000000..db7f9153b1 --- /dev/null +++ b/2022/CVE-2022-20409.json @@ -0,0 +1,35 @@ +[ + { + "id": 569017471, + "name": "bad_io_uring", + "full_name": "Markakd\/bad_io_uring", + "owner": { + "login": "Markakd", + "id": 18663141, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18663141?v=4", + "html_url": "https:\/\/github.com\/Markakd" + }, + "html_url": "https:\/\/github.com\/Markakd\/bad_io_uring", + "description": "Android kernel exploitation for CVE-2022-20409", + "fork": false, + "created_at": "2022-11-21T22:42:50Z", + "updated_at": "2023-08-05T23:50:51Z", + "pushed_at": "2023-08-05T20:56:12Z", + "stargazers_count": 26, + "watchers_count": 26, + "has_discussions": false, + "forks_count": 3, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "android-exploitation", + "kernel-exploitation" + ], + "visibility": "public", + "forks": 3, + "watchers": 26, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-20699.json b/2022/CVE-2022-20699.json index e0167ecbf6..3c18c28068 100644 --- a/2022/CVE-2022-20699.json +++ b/2022/CVE-2022-20699.json @@ -13,10 +13,10 @@ "description": "Cisco Anyconnect VPN unauth RCE (rwx stack)", "fork": false, "created_at": "2022-02-07T15:53:21Z", - "updated_at": "2023-08-04T05:23:00Z", + "updated_at": "2023-08-05T20:25:31Z", "pushed_at": "2022-02-07T15:55:03Z", - "stargazers_count": 240, - "watchers_count": 240, + "stargazers_count": 239, + "watchers_count": 239, "has_discussions": false, "forks_count": 44, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 44, - "watchers": 240, + "watchers": 239, "score": 0, "subscribers_count": 11 }, diff --git a/2023/CVE-2023-20126.json b/2023/CVE-2023-20126.json index 8997833e19..2b51b6a432 100644 --- a/2023/CVE-2023-20126.json +++ b/2023/CVE-2023-20126.json @@ -13,10 +13,10 @@ "description": "PoC for CVE-2023-20126", "fork": false, "created_at": "2023-05-17T08:59:40Z", - "updated_at": "2023-08-05T17:52:57Z", + "updated_at": "2023-08-05T22:31:20Z", "pushed_at": "2023-06-20T12:45:45Z", - "stargazers_count": 17, - "watchers_count": 17, + "stargazers_count": 18, + "watchers_count": 18, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 17, + "watchers": 18, "score": 0, "subscribers_count": 2 } diff --git a/2023/CVE-2023-23397.json b/2023/CVE-2023-23397.json index f92e25751a..6fbbe6296f 100644 --- a/2023/CVE-2023-23397.json +++ b/2023/CVE-2023-23397.json @@ -715,10 +715,10 @@ "description": null, "fork": false, "created_at": "2023-07-14T22:02:55Z", - "updated_at": "2023-07-22T19:55:31Z", + "updated_at": "2023-08-06T00:14:02Z", "pushed_at": "2023-07-15T11:21:52Z", - "stargazers_count": 19, - "watchers_count": 19, + "stargazers_count": 20, + "watchers_count": 20, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -727,7 +727,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 19, + "watchers": 20, "score": 0, "subscribers_count": 2 } diff --git a/2023/CVE-2023-27326.json b/2023/CVE-2023-27326.json index 423fd17f5d..9be745b9f5 100644 --- a/2023/CVE-2023-27326.json +++ b/2023/CVE-2023-27326.json @@ -13,10 +13,10 @@ "description": "VM Escape for Parallels Desktop <18.1.1", "fork": false, "created_at": "2023-03-20T11:47:54Z", - "updated_at": "2023-07-31T14:18:20Z", + "updated_at": "2023-08-05T23:31:07Z", "pushed_at": "2023-03-20T12:51:29Z", - "stargazers_count": 161, - "watchers_count": 161, + "stargazers_count": 162, + "watchers_count": 162, "has_discussions": false, "forks_count": 22, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 22, - "watchers": 161, + "watchers": 162, "score": 0, "subscribers_count": 4 }, diff --git a/2023/CVE-2023-32784.json b/2023/CVE-2023-32784.json index 20b95af5dc..08f0d1dddd 100644 --- a/2023/CVE-2023-32784.json +++ b/2023/CVE-2023-32784.json @@ -18,7 +18,7 @@ "stargazers_count": 505, "watchers_count": 505, "has_discussions": false, - "forks_count": 42, + "forks_count": 41, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -27,7 +27,7 @@ "keepass" ], "visibility": "public", - "forks": 42, + "forks": 41, "watchers": 505, "score": 0, "subscribers_count": 10 diff --git a/2023/CVE-2023-35078.json b/2023/CVE-2023-35078.json index f06339890b..57dbb535e4 100644 --- a/2023/CVE-2023-35078.json +++ b/2023/CVE-2023-35078.json @@ -13,10 +13,10 @@ "description": "CVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC", "fork": false, "created_at": "2023-07-29T05:06:27Z", - "updated_at": "2023-08-05T04:11:27Z", + "updated_at": "2023-08-05T23:10:08Z", "pushed_at": "2023-07-29T16:58:16Z", - "stargazers_count": 85, - "watchers_count": 85, + "stargazers_count": 86, + "watchers_count": 86, "has_discussions": false, "forks_count": 23, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 23, - "watchers": 85, + "watchers": 86, "score": 0, "subscribers_count": 4 }, diff --git a/2023/CVE-2023-3519.json b/2023/CVE-2023-3519.json index 44c956a138..b2618910f5 100644 --- a/2023/CVE-2023-3519.json +++ b/2023/CVE-2023-3519.json @@ -172,19 +172,19 @@ "description": "RCE exploit for CVE-2023-3519", "fork": false, "created_at": "2023-07-21T20:17:43Z", - "updated_at": "2023-08-05T18:12:40Z", + "updated_at": "2023-08-05T23:54:23Z", "pushed_at": "2023-08-04T22:36:02Z", - "stargazers_count": 39, - "watchers_count": 39, + "stargazers_count": 51, + "watchers_count": 51, "has_discussions": false, - "forks_count": 4, + "forks_count": 6, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 4, - "watchers": 39, + "forks": 6, + "watchers": 51, "score": 0, "subscribers_count": 0 }, diff --git a/2023/CVE-2023-35885.json b/2023/CVE-2023-35885.json index 8e2249734a..92ff9aa1e5 100644 --- a/2023/CVE-2023-35885.json +++ b/2023/CVE-2023-35885.json @@ -13,10 +13,10 @@ "description": "Cloudpanel 0-day Exploit", "fork": false, "created_at": "2023-06-08T09:20:22Z", - "updated_at": "2023-08-04T18:06:21Z", + "updated_at": "2023-08-06T00:09:49Z", "pushed_at": "2023-07-24T01:43:17Z", - "stargazers_count": 43, - "watchers_count": 43, + "stargazers_count": 44, + "watchers_count": 44, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 10, - "watchers": 43, + "watchers": 44, "score": 0, "subscribers_count": 2 } diff --git a/2023/CVE-2023-37979.json b/2023/CVE-2023-37979.json index 2480feeb1b..1673a46cd0 100644 --- a/2023/CVE-2023-37979.json +++ b/2023/CVE-2023-37979.json @@ -43,10 +43,10 @@ "description": null, "fork": false, "created_at": "2023-08-01T11:40:14Z", - "updated_at": "2023-08-04T23:06:45Z", + "updated_at": "2023-08-05T22:34:15Z", "pushed_at": "2023-08-05T11:00:41Z", - "stargazers_count": 9, - "watchers_count": 9, + "stargazers_count": 10, + "watchers_count": 10, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -55,7 +55,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 9, + "watchers": 10, "score": 0, "subscribers_count": 1 }, diff --git a/README.md b/README.md index 4e5250227b..5fcb71b1b4 100644 --- a/README.md +++ b/README.md @@ -3626,6 +3626,13 @@ - [francozappa/blur](https://github.com/francozappa/blur) +### CVE-2022-20409 (2022-10-11) + +In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel + + +- [Markakd/bad_io_uring](https://github.com/Markakd/bad_io_uring) + ### CVE-2022-20413 (2022-10-11) In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235850634 @@ -10455,6 +10462,7 @@ - [daletoniris/CVE-2021-22555-esc-priv](https://github.com/daletoniris/CVE-2021-22555-esc-priv) - [veritas501/CVE-2021-22555-PipeVersion](https://github.com/veritas501/CVE-2021-22555-PipeVersion) - [masjohncook/netsec-project](https://github.com/masjohncook/netsec-project) +- [tukru/CVE-2021-22555](https://github.com/tukru/CVE-2021-22555) ### CVE-2021-22569 (2022-01-07)