From d5c56e13e4973860d431548dead107b7fc9c310c Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Wed, 13 Jan 2021 18:10:11 +0900 Subject: [PATCH] Auto Update 2021/01/13 18:10:11 --- 2003/CVE-2003-0264.json | 4 ++-- 2015/CVE-2015-1805.json | 8 ++++---- 2017/CVE-2017-10235.json | 8 ++++---- 2017/CVE-2017-12615.json | 4 ++-- 2018/CVE-2018-19320.json | 30 +++++++++++++++--------------- 2019/CVE-2019-1215.json | 8 ++++---- 2019/CVE-2019-12384.json | 8 ++++---- 2019/CVE-2019-14540.json | 8 ++++---- 2019/CVE-2019-17558.json | 12 ++++++------ 2019/CVE-2019-2618.json | 8 ++++---- 2019/CVE-2019-7609.json | 4 ++-- 2020/CVE-2020-0069.json | 12 ++++++------ 2020/CVE-2020-0796.json | 16 ++++++++-------- 2020/CVE-2020-14882.json | 34 +++++++++++++++++----------------- 2020/CVE-2020-15257.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-15349.json | 8 ++++---- 2020/CVE-2020-17144.json | 8 ++++---- 2020/CVE-2020-2551.json | 8 ++++---- 2020/CVE-2020-29583.json | 8 ++++---- 2020/CVE-2020-3452.json | 8 ++++---- 2020/CVE-2020-36179.json | 8 ++++---- 2020/CVE-2020-36184.json | 8 ++++---- 2021/CVE-2021-3019.json | 16 ++++++++-------- 2021/CVE-2021-3131.json | 25 +++++++++++++++++++++++++ README.md | 13 ++++++++++++- 25 files changed, 180 insertions(+), 119 deletions(-) create mode 100644 2020/CVE-2020-15257.json create mode 100644 2021/CVE-2021-3131.json diff --git a/2003/CVE-2003-0264.json b/2003/CVE-2003-0264.json index 5b132e656f..3e9d11d439 100644 --- a/2003/CVE-2003-0264.json +++ b/2003/CVE-2003-0264.json @@ -128,8 +128,8 @@ "description": "Um exploit de buffer overflow para SLmail-5.5 pop3 service CVE-2003-0264 ", "fork": false, "created_at": "2021-01-02T03:30:54Z", - "updated_at": "2021-01-04T15:06:12Z", - "pushed_at": "2021-01-04T15:06:09Z", + "updated_at": "2021-01-13T03:52:12Z", + "pushed_at": "2021-01-13T03:52:10Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, diff --git a/2015/CVE-2015-1805.json b/2015/CVE-2015-1805.json index 772e372200..9a2420e253 100644 --- a/2015/CVE-2015-1805.json +++ b/2015/CVE-2015-1805.json @@ -36,13 +36,13 @@ "description": "CVE-2015-1805 root tool", "fork": false, "created_at": "2016-04-01T12:10:14Z", - "updated_at": "2020-12-17T10:05:19Z", + "updated_at": "2021-01-13T05:03:05Z", "pushed_at": "2017-11-23T20:55:03Z", - "stargazers_count": 250, - "watchers_count": 250, + "stargazers_count": 251, + "watchers_count": 251, "forks_count": 150, "forks": 150, - "watchers": 250, + "watchers": 251, "score": 0 }, { diff --git a/2017/CVE-2017-10235.json b/2017/CVE-2017-10235.json index a6e2664d75..a430ac915e 100644 --- a/2017/CVE-2017-10235.json +++ b/2017/CVE-2017-10235.json @@ -13,13 +13,13 @@ "description": "[CVE-2017-10235] Description and PoC of VirtualBox E1000 device Buffer Overflow", "fork": false, "created_at": "2017-09-25T20:42:47Z", - "updated_at": "2020-09-16T11:51:04Z", + "updated_at": "2021-01-13T07:48:08Z", "pushed_at": "2018-01-15T19:26:45Z", - "stargazers_count": 26, - "watchers_count": 26, + "stargazers_count": 27, + "watchers_count": 27, "forks_count": 4, "forks": 4, - "watchers": 26, + "watchers": 27, "score": 0 } ] \ No newline at end of file diff --git a/2017/CVE-2017-12615.json b/2017/CVE-2017-12615.json index eb7b71493a..49f5c30cdf 100644 --- a/2017/CVE-2017-12615.json +++ b/2017/CVE-2017-12615.json @@ -243,8 +243,8 @@ "description": "CVE-2017-12615 任意文件写入exp,写入webshell", "fork": false, "created_at": "2021-01-12T09:07:12Z", - "updated_at": "2021-01-12T09:20:00Z", - "pushed_at": "2021-01-12T09:19:44Z", + "updated_at": "2021-01-13T03:22:17Z", + "pushed_at": "2021-01-13T03:23:30Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, diff --git a/2018/CVE-2018-19320.json b/2018/CVE-2018-19320.json index 74c2daed2f..23c5ab8665 100644 --- a/2018/CVE-2018-19320.json +++ b/2018/CVE-2018-19320.json @@ -1,25 +1,25 @@ [ { - "id": 255170065, + "id": 255308213, "name": "CVE-2018-19320", - "full_name": "fdiskyou\/CVE-2018-19320", + "full_name": "ASkyeye\/CVE-2018-19320", "owner": { - "login": "fdiskyou", - "id": 6840612, - "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/6840612?v=4", - "html_url": "https:\/\/github.com\/fdiskyou" + "login": "ASkyeye", + "id": 50972716, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/50972716?v=4", + "html_url": "https:\/\/github.com\/ASkyeye" }, - "html_url": "https:\/\/github.com\/fdiskyou\/CVE-2018-19320", + "html_url": "https:\/\/github.com\/ASkyeye\/CVE-2018-19320", "description": "Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)", "fork": false, - "created_at": "2020-04-12T21:06:26Z", - "updated_at": "2021-01-11T08:42:29Z", - "pushed_at": "2020-12-12T23:14:18Z", - "stargazers_count": 23, - "watchers_count": 23, - "forks_count": 11, - "forks": 11, - "watchers": 23, + "created_at": "2020-04-13T11:34:24Z", + "updated_at": "2021-01-13T08:35:04Z", + "pushed_at": "2020-04-12T21:11:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 10, + "forks": 10, + "watchers": 0, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-1215.json b/2019/CVE-2019-1215.json index 76ba84753a..4736a42179 100644 --- a/2019/CVE-2019-1215.json +++ b/2019/CVE-2019-1215.json @@ -13,13 +13,13 @@ "description": null, "fork": false, "created_at": "2020-01-06T22:34:16Z", - "updated_at": "2020-12-16T07:06:01Z", + "updated_at": "2021-01-13T06:00:51Z", "pushed_at": "2020-01-07T14:29:45Z", - "stargazers_count": 132, - "watchers_count": 132, + "stargazers_count": 133, + "watchers_count": 133, "forks_count": 44, "forks": 44, - "watchers": 132, + "watchers": 133, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-12384.json b/2019/CVE-2019-12384.json index e3d3b01466..5cf52d0a57 100644 --- a/2019/CVE-2019-12384.json +++ b/2019/CVE-2019-12384.json @@ -13,13 +13,13 @@ "description": "Jackson Rce For CVE-2019-12384 ", "fork": false, "created_at": "2019-07-24T07:12:14Z", - "updated_at": "2021-01-03T11:23:10Z", + "updated_at": "2021-01-13T04:37:53Z", "pushed_at": "2019-07-24T07:31:42Z", - "stargazers_count": 77, - "watchers_count": 77, + "stargazers_count": 78, + "watchers_count": 78, "forks_count": 16, "forks": 16, - "watchers": 77, + "watchers": 78, "score": 0 }, { diff --git a/2019/CVE-2019-14540.json b/2019/CVE-2019-14540.json index e837a268ed..24f491c484 100644 --- a/2019/CVE-2019-14540.json +++ b/2019/CVE-2019-14540.json @@ -13,13 +13,13 @@ "description": "CVE-2019-14540 Exploit", "fork": false, "created_at": "2019-08-21T03:19:19Z", - "updated_at": "2020-10-12T16:46:28Z", + "updated_at": "2021-01-13T07:34:15Z", "pushed_at": "2019-08-21T03:59:02Z", - "stargazers_count": 18, - "watchers_count": 18, + "stargazers_count": 19, + "watchers_count": 19, "forks_count": 8, "forks": 8, - "watchers": 18, + "watchers": 19, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index 2192708a0c..da5a6b9320 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -36,13 +36,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2021-01-13T02:27:44Z", + "updated_at": "2021-01-13T08:58:43Z", "pushed_at": "2020-11-07T05:55:00Z", - "stargazers_count": 2258, - "watchers_count": 2258, - "forks_count": 638, - "forks": 638, - "watchers": 2258, + "stargazers_count": 2262, + "watchers_count": 2262, + "forks_count": 639, + "forks": 639, + "watchers": 2262, "score": 0 }, { diff --git a/2019/CVE-2019-2618.json b/2019/CVE-2019-2618.json index a6b81a5846..73ce77ca3a 100644 --- a/2019/CVE-2019-2618.json +++ b/2019/CVE-2019-2618.json @@ -82,13 +82,13 @@ "description": "增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持", "fork": false, "created_at": "2019-06-21T09:22:43Z", - "updated_at": "2021-01-08T03:19:21Z", + "updated_at": "2021-01-13T03:13:02Z", "pushed_at": "2020-04-26T10:49:25Z", - "stargazers_count": 699, - "watchers_count": 699, + "stargazers_count": 700, + "watchers_count": 700, "forks_count": 143, "forks": 143, - "watchers": 699, + "watchers": 700, "score": 0 }, { diff --git a/2019/CVE-2019-7609.json b/2019/CVE-2019-7609.json index 4a86d64b15..10758a022a 100644 --- a/2019/CVE-2019-7609.json +++ b/2019/CVE-2019-7609.json @@ -63,8 +63,8 @@ "pushed_at": "2019-10-23T07:10:35Z", "stargazers_count": 105, "watchers_count": 105, - "forks_count": 41, - "forks": 41, + "forks_count": 42, + "forks": 42, "watchers": 105, "score": 0 }, diff --git a/2020/CVE-2020-0069.json b/2020/CVE-2020-0069.json index b1aab078a8..700af020db 100644 --- a/2020/CVE-2020-0069.json +++ b/2020/CVE-2020-0069.json @@ -82,13 +82,13 @@ "description": null, "fork": false, "created_at": "2020-03-24T13:10:39Z", - "updated_at": "2020-11-19T08:16:50Z", + "updated_at": "2021-01-13T08:36:00Z", "pushed_at": "2020-03-24T13:19:34Z", - "stargazers_count": 72, - "watchers_count": 72, - "forks_count": 20, - "forks": 20, - "watchers": 72, + "stargazers_count": 73, + "watchers_count": 73, + "forks_count": 21, + "forks": 21, + "watchers": 73, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index 7974a91e30..41034478be 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -109,8 +109,8 @@ "pushed_at": "2020-10-01T08:36:29Z", "stargazers_count": 577, "watchers_count": 577, - "forks_count": 190, - "forks": 190, + "forks_count": 191, + "forks": 191, "watchers": 577, "score": 0 }, @@ -1025,13 +1025,13 @@ "description": null, "fork": false, "created_at": "2020-04-01T01:46:08Z", - "updated_at": "2021-01-10T23:17:44Z", + "updated_at": "2021-01-13T06:55:27Z", "pushed_at": "2020-04-01T01:46:17Z", - "stargazers_count": 39, - "watchers_count": 39, - "forks_count": 11, - "forks": 11, - "watchers": 39, + "stargazers_count": 40, + "watchers_count": 40, + "forks_count": 12, + "forks": 12, + "watchers": 40, "score": 0 }, { diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index 0ad6e83dea..9fc3f0bf20 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -13,13 +13,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2021-01-13T02:27:44Z", + "updated_at": "2021-01-13T08:58:43Z", "pushed_at": "2020-11-07T05:55:00Z", - "stargazers_count": 2258, - "watchers_count": 2258, - "forks_count": 638, - "forks": 638, - "watchers": 2258, + "stargazers_count": 2262, + "watchers_count": 2262, + "forks_count": 639, + "forks": 639, + "watchers": 2262, "score": 0 }, { @@ -36,13 +36,13 @@ "description": "Vulmap - Web vulnerability scanning and verification tools,支持扫描 activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal, elasticsearch, nexus, weblogic, jboss, thinkphp,并且具备漏洞利用功能。CVE-2020-14882, CVE-2020-2555, CVE-2020-2883, S2-061, CVE-2020-13942, CVE-2020-17530, CVE-2020-17518, CVE-2020-17519", "fork": false, "created_at": "2020-10-09T06:34:36Z", - "updated_at": "2021-01-12T18:34:38Z", - "pushed_at": "2021-01-11T09:03:04Z", - "stargazers_count": 739, - "watchers_count": 739, - "forks_count": 129, - "forks": 129, - "watchers": 739, + "updated_at": "2021-01-13T08:27:55Z", + "pushed_at": "2021-01-13T05:02:09Z", + "stargazers_count": 741, + "watchers_count": 741, + "forks_count": 130, + "forks": 130, + "watchers": 741, "score": 0 }, { @@ -59,13 +59,13 @@ "description": "CVE-2020–14882、CVE-2020–14883", "fork": false, "created_at": "2020-10-28T11:43:37Z", - "updated_at": "2021-01-12T18:34:58Z", + "updated_at": "2021-01-13T08:40:04Z", "pushed_at": "2020-11-16T04:23:09Z", - "stargazers_count": 204, - "watchers_count": 204, + "stargazers_count": 206, + "watchers_count": 206, "forks_count": 40, "forks": 40, - "watchers": 204, + "watchers": 206, "score": 0 }, { diff --git a/2020/CVE-2020-15257.json b/2020/CVE-2020-15257.json new file mode 100644 index 0000000000..ccb194651e --- /dev/null +++ b/2020/CVE-2020-15257.json @@ -0,0 +1,25 @@ +[ + { + "id": 319257203, + "name": "abstractshimmer", + "full_name": "nccgroup\/abstractshimmer", + "owner": { + "login": "nccgroup", + "id": 4067082, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/4067082?v=4", + "html_url": "https:\/\/github.com\/nccgroup" + }, + "html_url": "https:\/\/github.com\/nccgroup\/abstractshimmer", + "description": "Proof of concept for CVE-2020-15257 in containerd.", + "fork": false, + "created_at": "2020-12-07T08:47:09Z", + "updated_at": "2021-01-13T07:45:02Z", + "pushed_at": "2021-01-12T09:46:50Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15349.json b/2020/CVE-2020-15349.json index eead625706..a39071ab51 100644 --- a/2020/CVE-2020-15349.json +++ b/2020/CVE-2020-15349.json @@ -13,13 +13,13 @@ "description": "Vulnerability Description of CVE-2020-15349", "fork": false, "created_at": "2020-11-13T12:20:07Z", - "updated_at": "2020-11-18T21:30:40Z", + "updated_at": "2021-01-13T03:42:47Z", "pushed_at": "2020-11-13T13:41:42Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "forks_count": 1, "forks": 1, - "watchers": 7, + "watchers": 8, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-17144.json b/2020/CVE-2020-17144.json index 11abb6798a..4c36a93dc4 100644 --- a/2020/CVE-2020-17144.json +++ b/2020/CVE-2020-17144.json @@ -13,13 +13,13 @@ "description": "Exchange2010 authorized RCE", "fork": false, "created_at": "2020-12-09T10:30:16Z", - "updated_at": "2021-01-08T23:59:23Z", + "updated_at": "2021-01-13T07:44:14Z", "pushed_at": "2020-12-24T08:11:51Z", - "stargazers_count": 121, - "watchers_count": 121, + "stargazers_count": 122, + "watchers_count": 122, "forks_count": 33, "forks": 33, - "watchers": 121, + "watchers": 122, "score": 0 }, { diff --git a/2020/CVE-2020-2551.json b/2020/CVE-2020-2551.json index 7a0e606207..a5c02de509 100644 --- a/2020/CVE-2020-2551.json +++ b/2020/CVE-2020-2551.json @@ -174,13 +174,13 @@ "description": "CVE-2020-2551 POC to use in Internet", "fork": false, "created_at": "2020-05-24T02:56:12Z", - "updated_at": "2020-12-14T16:47:25Z", + "updated_at": "2021-01-13T09:07:37Z", "pushed_at": "2020-05-26T06:58:10Z", - "stargazers_count": 14, - "watchers_count": 14, + "stargazers_count": 13, + "watchers_count": 13, "forks_count": 4, "forks": 4, - "watchers": 14, + "watchers": 13, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-29583.json b/2020/CVE-2020-29583.json index 3347afe465..7e923c8edf 100644 --- a/2020/CVE-2020-29583.json +++ b/2020/CVE-2020-29583.json @@ -13,13 +13,13 @@ "description": "Scanner for Zyxel products which are potentially vulnerable due to an undocumented user account (CVE-2020-29583)", "fork": false, "created_at": "2021-01-04T00:56:55Z", - "updated_at": "2021-01-11T02:10:24Z", + "updated_at": "2021-01-13T08:42:27Z", "pushed_at": "2021-01-04T22:55:37Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "forks_count": 2, "forks": 2, - "watchers": 7, + "watchers": 8, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-3452.json b/2020/CVE-2020-3452.json index 9cc652227b..42f935c476 100644 --- a/2020/CVE-2020-3452.json +++ b/2020/CVE-2020-3452.json @@ -312,13 +312,13 @@ "description": "CISCO CVE-2020-3452 Scanner & Exploiter", "fork": false, "created_at": "2021-01-05T14:41:13Z", - "updated_at": "2021-01-11T18:50:46Z", + "updated_at": "2021-01-13T06:42:44Z", "pushed_at": "2021-01-10T09:14:08Z", - "stargazers_count": 49, - "watchers_count": 49, + "stargazers_count": 51, + "watchers_count": 51, "forks_count": 13, "forks": 13, - "watchers": 49, + "watchers": 51, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-36179.json b/2020/CVE-2020-36179.json index aca6651755..6cbd453e84 100644 --- a/2020/CVE-2020-36179.json +++ b/2020/CVE-2020-36179.json @@ -13,13 +13,13 @@ "description": "CVE-2020-36179~82 Jackson-databind SSRF&RCE", "fork": false, "created_at": "2021-01-10T06:47:49Z", - "updated_at": "2021-01-12T16:28:08Z", + "updated_at": "2021-01-13T07:53:08Z", "pushed_at": "2021-01-10T06:48:53Z", - "stargazers_count": 43, - "watchers_count": 43, + "stargazers_count": 45, + "watchers_count": 45, "forks_count": 7, "forks": 7, - "watchers": 43, + "watchers": 45, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-36184.json b/2020/CVE-2020-36184.json index 1287ac61f6..eb1d77734e 100644 --- a/2020/CVE-2020-36184.json +++ b/2020/CVE-2020-36184.json @@ -13,13 +13,13 @@ "description": "CVE-2020-36184 && Jackson-databind RCE", "fork": false, "created_at": "2021-01-11T06:22:25Z", - "updated_at": "2021-01-13T02:40:45Z", + "updated_at": "2021-01-13T08:37:04Z", "pushed_at": "2021-01-11T06:22:44Z", - "stargazers_count": 8, - "watchers_count": 8, + "stargazers_count": 11, + "watchers_count": 11, "forks_count": 1, "forks": 1, - "watchers": 8, + "watchers": 11, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-3019.json b/2021/CVE-2021-3019.json index c04af4274e..376221e91a 100644 --- a/2021/CVE-2021-3019.json +++ b/2021/CVE-2021-3019.json @@ -13,13 +13,13 @@ "description": "lanproxy 目录遍历漏洞批量检测 (CVE-2021-3019)", "fork": false, "created_at": "2021-01-09T07:11:38Z", - "updated_at": "2021-01-12T03:18:05Z", + "updated_at": "2021-01-13T08:35:47Z", "pushed_at": "2021-01-09T07:14:26Z", - "stargazers_count": 1, - "watchers_count": 1, - "forks_count": 2, - "forks": 2, - "watchers": 1, + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 3, + "forks": 3, + "watchers": 2, "score": 0 }, { @@ -36,8 +36,8 @@ "description": "CVE-2021-3019 lanproxy目录遍历任意文件读取漏洞探测POC", "fork": false, "created_at": "2021-01-11T04:18:44Z", - "updated_at": "2021-01-11T08:44:50Z", - "pushed_at": "2021-01-11T08:10:02Z", + "updated_at": "2021-01-13T07:29:03Z", + "pushed_at": "2021-01-13T07:29:01Z", "stargazers_count": 2, "watchers_count": 2, "forks_count": 0, diff --git a/2021/CVE-2021-3131.json b/2021/CVE-2021-3131.json new file mode 100644 index 0000000000..2c1646b980 --- /dev/null +++ b/2021/CVE-2021-3131.json @@ -0,0 +1,25 @@ +[ + { + "id": 329230328, + "name": "CVE-2021-3131", + "full_name": "jet-pentest\/CVE-2021-3131", + "owner": { + "login": "jet-pentest", + "id": 71512502, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/71512502?v=4", + "html_url": "https:\/\/github.com\/jet-pentest" + }, + "html_url": "https:\/\/github.com\/jet-pentest\/CVE-2021-3131", + "description": "CVE-2021-3131", + "fork": false, + "created_at": "2021-01-13T07:41:25Z", + "updated_at": "2021-01-13T07:54:41Z", + "pushed_at": "2021-01-13T07:54:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/README.md b/README.md index 715a854ee8..355dc9f2ec 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,9 @@ ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties - [B1anda0/CVE-2021-3019](https://github.com/B1anda0/CVE-2021-3019) - [FanqXu/CVE-2021-3019](https://github.com/FanqXu/CVE-2021-3019) +### CVE-2021-3131 +- [jet-pentest/CVE-2021-3131](https://github.com/jet-pentest/CVE-2021-3131) + ## 2020 ### CVE-2020-0001 (2020-01-08) @@ -2689,6 +2692,14 @@ In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVari - [guettli/fix-CVE-2020-15228](https://github.com/guettli/fix-CVE-2020-15228) +### CVE-2020-15257 (2020-11-30) + + +containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. + + +- [nccgroup/abstractshimmer](https://github.com/nccgroup/abstractshimmer) + ### CVE-2020-15349 (2020-11-16) @@ -10186,7 +10197,7 @@ OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerab The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system. -- [fdiskyou/CVE-2018-19320](https://github.com/fdiskyou/CVE-2018-19320) +- [ASkyeye/CVE-2018-19320](https://github.com/ASkyeye/CVE-2018-19320) ### CVE-2018-19466 (2019-03-27)