From edf0af33ee82a85d640197a5d0880507539c1080 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Thu, 24 Dec 2020 18:09:38 +0900 Subject: [PATCH] Auto Update 2020/12/24 18:09:38 --- 2008/CVE-2008-0166.json | 8 ++++---- 2014/CVE-2014-0472.json | 4 ++-- 2016/CVE-2016-3088.json | 4 ++-- 2016/CVE-2016-4655.json | 8 ++++---- 2016/CVE-2016-5195.json | 8 ++++---- 2016/CVE-2016-6584.json | 8 ++++---- 2016/CVE-2016-8863.json | 4 ++-- 2017/CVE-2017-5715.json | 12 ++++++------ 2018/CVE-2018-10933.json | 8 ++++---- 2018/CVE-2018-14667.json | 8 ++++---- 2018/CVE-2018-7600.json | 8 ++++---- 2019/CVE-2019-10149.json | 4 ++-- 2019/CVE-2019-1652.json | 8 ++++---- 2019/CVE-2019-1821.json | 4 ++-- 2019/CVE-2019-19781.json | 8 ++++---- 2019/CVE-2019-2888.json | 8 ++++---- 2019/CVE-2019-9670.json | 4 ++-- 2020/CVE-2020-14645.json | 23 +++++++++++++++++++++++ 2020/CVE-2020-1472.json | 8 ++++---- 2020/CVE-2020-17008.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-17057.json | 12 ++++++------ 2020/CVE-2020-17144.json | 12 ++++++------ 2020/CVE-2020-17530.json | 8 ++++---- 2020/CVE-2020-17531.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-35489.json | 25 +++++++++++++++++++++++++ README.md | 20 ++++++++++++++++++++ 26 files changed, 196 insertions(+), 78 deletions(-) create mode 100644 2020/CVE-2020-17008.json create mode 100644 2020/CVE-2020-17531.json create mode 100644 2020/CVE-2020-35489.json diff --git a/2008/CVE-2008-0166.json b/2008/CVE-2008-0166.json index 1d334d2c01..d3e84703ca 100644 --- a/2008/CVE-2008-0166.json +++ b/2008/CVE-2008-0166.json @@ -13,13 +13,13 @@ "description": "Debian OpenSSL Predictable PRNG (CVE-2008-0166)", "fork": false, "created_at": "2013-09-22T21:20:31Z", - "updated_at": "2020-12-22T17:54:58Z", + "updated_at": "2020-12-24T05:29:23Z", "pushed_at": "2017-04-24T14:16:56Z", - "stargazers_count": 281, - "watchers_count": 281, + "stargazers_count": 283, + "watchers_count": 283, "forks_count": 88, "forks": 88, - "watchers": 281, + "watchers": 283, "score": 0 }, { diff --git a/2014/CVE-2014-0472.json b/2014/CVE-2014-0472.json index 339fc6199c..1fd923a0e2 100644 --- a/2014/CVE-2014-0472.json +++ b/2014/CVE-2014-0472.json @@ -13,8 +13,8 @@ "description": "CVE-2014-0472 Django unexpected code execution using reverse()", "fork": false, "created_at": "2020-09-23T16:21:57Z", - "updated_at": "2020-11-09T05:55:41Z", - "pushed_at": "2020-09-27T10:27:13Z", + "updated_at": "2020-12-24T08:12:34Z", + "pushed_at": "2020-12-24T08:12:32Z", "stargazers_count": 2, "watchers_count": 2, "forks_count": 0, diff --git a/2016/CVE-2016-3088.json b/2016/CVE-2016-3088.json index c5c246baf2..57c5c0a527 100644 --- a/2016/CVE-2016-3088.json +++ b/2016/CVE-2016-3088.json @@ -17,8 +17,8 @@ "pushed_at": "2020-04-04T06:57:40Z", "stargazers_count": 0, "watchers_count": 0, - "forks_count": 0, - "forks": 0, + "forks_count": 1, + "forks": 1, "watchers": 0, "score": 0 }, diff --git a/2016/CVE-2016-4655.json b/2016/CVE-2016-4655.json index c6974aa46a..427157b82a 100644 --- a/2016/CVE-2016-4655.json +++ b/2016/CVE-2016-4655.json @@ -13,13 +13,13 @@ "description": "OS X 10.11.6 LPE PoC for CVE-2016-4655 \/ CVE-2016-4656", "fork": false, "created_at": "2016-10-02T12:42:14Z", - "updated_at": "2020-12-13T18:31:12Z", + "updated_at": "2020-12-24T08:49:45Z", "pushed_at": "2016-10-04T16:36:18Z", - "stargazers_count": 84, - "watchers_count": 84, + "stargazers_count": 85, + "watchers_count": 85, "forks_count": 29, "forks": 29, - "watchers": 84, + "watchers": 85, "score": 0 }, { diff --git a/2016/CVE-2016-5195.json b/2016/CVE-2016-5195.json index 232bcbdffb..59358fa94c 100644 --- a/2016/CVE-2016-5195.json +++ b/2016/CVE-2016-5195.json @@ -197,13 +197,13 @@ "description": "A CVE-2016-5195 exploit example.", "fork": false, "created_at": "2016-10-23T00:16:33Z", - "updated_at": "2020-12-16T01:48:10Z", + "updated_at": "2020-12-24T07:06:24Z", "pushed_at": "2017-03-21T16:46:38Z", - "stargazers_count": 200, - "watchers_count": 200, + "stargazers_count": 201, + "watchers_count": 201, "forks_count": 101, "forks": 101, - "watchers": 200, + "watchers": 201, "score": 0 }, { diff --git a/2016/CVE-2016-6584.json b/2016/CVE-2016-6584.json index e6cef455d4..be068cf4cf 100644 --- a/2016/CVE-2016-6584.json +++ b/2016/CVE-2016-6584.json @@ -13,13 +13,13 @@ "description": "A PoC of KNOXout (CVE-2016-6584) - bypassing Samsung KNOX protections and root Samsung Galaxy S6 Android Device.", "fork": false, "created_at": "2016-09-16T07:34:50Z", - "updated_at": "2020-10-12T10:05:34Z", + "updated_at": "2020-12-24T05:32:57Z", "pushed_at": "2016-09-18T06:55:38Z", - "stargazers_count": 78, - "watchers_count": 78, + "stargazers_count": 79, + "watchers_count": 79, "forks_count": 20, "forks": 20, - "watchers": 78, + "watchers": 79, "score": 0 } ] \ No newline at end of file diff --git a/2016/CVE-2016-8863.json b/2016/CVE-2016-8863.json index 007454b8e6..541d3b5b00 100644 --- a/2016/CVE-2016-8863.json +++ b/2016/CVE-2016-8863.json @@ -17,8 +17,8 @@ "pushed_at": "2020-12-24T02:14:02Z", "stargazers_count": 0, "watchers_count": 0, - "forks_count": 0, - "forks": 0, + "forks_count": 1, + "forks": 1, "watchers": 0, "score": 0 } diff --git a/2017/CVE-2017-5715.json b/2017/CVE-2017-5715.json index e5e520ea67..ee378ff3be 100644 --- a/2017/CVE-2017-5715.json +++ b/2017/CVE-2017-5715.json @@ -13,13 +13,13 @@ "description": "Spectre exploit", "fork": false, "created_at": "2018-01-09T05:06:12Z", - "updated_at": "2020-12-08T12:19:09Z", + "updated_at": "2020-12-24T06:06:43Z", "pushed_at": "2018-01-09T22:27:25Z", - "stargazers_count": 48, - "watchers_count": 48, - "forks_count": 17, - "forks": 17, - "watchers": 48, + "stargazers_count": 49, + "watchers_count": 49, + "forks_count": 18, + "forks": 18, + "watchers": 49, "score": 0 }, { diff --git a/2018/CVE-2018-10933.json b/2018/CVE-2018-10933.json index 92e11a1e87..136b039eb0 100644 --- a/2018/CVE-2018-10933.json +++ b/2018/CVE-2018-10933.json @@ -36,13 +36,13 @@ "description": "Spawn to shell without any credentials by using CVE-2018-10933 (LibSSH)", "fork": false, "created_at": "2018-10-17T14:14:12Z", - "updated_at": "2020-12-10T03:08:15Z", + "updated_at": "2020-12-24T03:48:55Z", "pushed_at": "2020-07-24T17:54:54Z", - "stargazers_count": 469, - "watchers_count": 469, + "stargazers_count": 468, + "watchers_count": 468, "forks_count": 115, "forks": 115, - "watchers": 469, + "watchers": 468, "score": 0 }, { diff --git a/2018/CVE-2018-14667.json b/2018/CVE-2018-14667.json index bd892fca8a..9f051faa44 100644 --- a/2018/CVE-2018-14667.json +++ b/2018/CVE-2018-14667.json @@ -128,13 +128,13 @@ "description": "CVE-2018-14667-poc Richfaces漏洞环境及PoC", "fork": false, "created_at": "2019-09-23T07:45:01Z", - "updated_at": "2020-11-28T03:33:49Z", + "updated_at": "2020-12-24T07:37:59Z", "pushed_at": "2019-09-24T05:00:40Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "forks_count": 0, "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-7600.json b/2018/CVE-2018-7600.json index 29beebe667..582f560b8c 100644 --- a/2018/CVE-2018-7600.json +++ b/2018/CVE-2018-7600.json @@ -59,13 +59,13 @@ "description": "Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 \/ CVE-2018-7600 \/ SA-CORE-2018-002)", "fork": false, "created_at": "2018-04-12T22:53:14Z", - "updated_at": "2020-12-23T22:12:02Z", + "updated_at": "2020-12-24T07:21:03Z", "pushed_at": "2019-03-13T07:11:23Z", - "stargazers_count": 451, - "watchers_count": 451, + "stargazers_count": 452, + "watchers_count": 452, "forks_count": 146, "forks": 146, - "watchers": 451, + "watchers": 452, "score": 0 }, { diff --git a/2019/CVE-2019-10149.json b/2019/CVE-2019-10149.json index 902c9dbbbd..f0ba1ac72f 100644 --- a/2019/CVE-2019-10149.json +++ b/2019/CVE-2019-10149.json @@ -40,8 +40,8 @@ "pushed_at": "2019-07-08T18:25:12Z", "stargazers_count": 13, "watchers_count": 13, - "forks_count": 12, - "forks": 12, + "forks_count": 13, + "forks": 13, "watchers": 13, "score": 0 }, diff --git a/2019/CVE-2019-1652.json b/2019/CVE-2019-1652.json index e2a9599d1b..517cc66d80 100644 --- a/2019/CVE-2019-1652.json +++ b/2019/CVE-2019-1652.json @@ -13,13 +13,13 @@ "description": "CVE-2019-1652 \/CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!", "fork": false, "created_at": "2019-01-24T10:12:44Z", - "updated_at": "2020-08-25T05:16:28Z", + "updated_at": "2020-12-24T03:48:24Z", "pushed_at": "2019-02-08T12:38:05Z", - "stargazers_count": 196, - "watchers_count": 196, + "stargazers_count": 195, + "watchers_count": 195, "forks_count": 62, "forks": 62, - "watchers": 196, + "watchers": 195, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-1821.json b/2019/CVE-2019-1821.json index ecfff04bc2..145489af3b 100644 --- a/2019/CVE-2019-1821.json +++ b/2019/CVE-2019-1821.json @@ -17,8 +17,8 @@ "pushed_at": "2019-05-21T14:52:36Z", "stargazers_count": 67, "watchers_count": 67, - "forks_count": 40, - "forks": 40, + "forks_count": 41, + "forks": 41, "watchers": 67, "score": 0 } diff --git a/2019/CVE-2019-19781.json b/2019/CVE-2019-19781.json index f5f1b24ab4..8caeefa79b 100644 --- a/2019/CVE-2019-19781.json +++ b/2019/CVE-2019-19781.json @@ -36,13 +36,13 @@ "description": "Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]", "fork": false, "created_at": "2020-01-10T22:56:35Z", - "updated_at": "2020-12-12T16:43:31Z", + "updated_at": "2020-12-24T07:11:28Z", "pushed_at": "2020-01-18T07:01:29Z", - "stargazers_count": 354, - "watchers_count": 354, + "stargazers_count": 355, + "watchers_count": 355, "forks_count": 115, "forks": 115, - "watchers": 354, + "watchers": 355, "score": 0 }, { diff --git a/2019/CVE-2019-2888.json b/2019/CVE-2019-2888.json index c1322445e2..419eda27ea 100644 --- a/2019/CVE-2019-2888.json +++ b/2019/CVE-2019-2888.json @@ -13,13 +13,13 @@ "description": "weblogic_cve-2019-2888", "fork": false, "created_at": "2019-10-28T06:10:44Z", - "updated_at": "2020-12-23T08:12:35Z", + "updated_at": "2020-12-24T06:21:57Z", "pushed_at": "2019-10-28T06:13:23Z", - "stargazers_count": 38, - "watchers_count": 38, + "stargazers_count": 39, + "watchers_count": 39, "forks_count": 9, "forks": 9, - "watchers": 38, + "watchers": 39, "score": 0 }, { diff --git a/2019/CVE-2019-9670.json b/2019/CVE-2019-9670.json index 0911a81e0e..5f4b1fe584 100644 --- a/2019/CVE-2019-9670.json +++ b/2019/CVE-2019-9670.json @@ -40,8 +40,8 @@ "pushed_at": "2019-08-16T05:54:16Z", "stargazers_count": 0, "watchers_count": 0, - "forks_count": 3, - "forks": 3, + "forks_count": 4, + "forks": 4, "watchers": 0, "score": 0 } diff --git a/2020/CVE-2020-14645.json b/2020/CVE-2020-14645.json index 1455cf0985..db083173a8 100644 --- a/2020/CVE-2020-14645.json +++ b/2020/CVE-2020-14645.json @@ -90,5 +90,28 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 324076751, + "name": "CVE-2020-14645", + "full_name": "Schira4396\/CVE-2020-14645", + "owner": { + "login": "Schira4396", + "id": 57404930, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/57404930?v=4", + "html_url": "https:\/\/github.com\/Schira4396" + }, + "html_url": "https:\/\/github.com\/Schira4396\/CVE-2020-14645", + "description": "Weblogic Server CVE-2020-14645 EXP for Python (complete in one step)", + "fork": false, + "created_at": "2020-12-24T05:46:55Z", + "updated_at": "2020-12-24T09:02:34Z", + "pushed_at": "2020-12-24T09:02:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index daa4ec549b..44286fee3c 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -266,13 +266,13 @@ "description": "Ladon Moudle CVE-2020-1472 Exploit 域控提权神器", "fork": false, "created_at": "2020-09-15T16:10:21Z", - "updated_at": "2020-12-12T05:55:09Z", + "updated_at": "2020-12-24T08:19:29Z", "pushed_at": "2020-09-15T16:40:53Z", - "stargazers_count": 46, - "watchers_count": 46, + "stargazers_count": 47, + "watchers_count": 47, "forks_count": 13, "forks": 13, - "watchers": 46, + "watchers": 47, "score": 0 }, { diff --git a/2020/CVE-2020-17008.json b/2020/CVE-2020-17008.json new file mode 100644 index 0000000000..6420c5003f --- /dev/null +++ b/2020/CVE-2020-17008.json @@ -0,0 +1,25 @@ +[ + { + "id": 324061019, + "name": "CVE-2020-17008", + "full_name": "jas502n\/CVE-2020-17008", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2020-17008", + "description": "CVE-2020-17008 splWOW64 Elevation of Privilege", + "fork": false, + "created_at": "2020-12-24T04:00:29Z", + "updated_at": "2020-12-24T07:18:22Z", + "pushed_at": "2020-12-24T06:02:53Z", + "stargazers_count": 11, + "watchers_count": 11, + "forks_count": 2, + "forks": 2, + "watchers": 11, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-17057.json b/2020/CVE-2020-17057.json index 44ab12c1ce..0aff8f2a42 100644 --- a/2020/CVE-2020-17057.json +++ b/2020/CVE-2020-17057.json @@ -13,13 +13,13 @@ "description": "cve-2020-17057 poc", "fork": false, "created_at": "2020-12-23T10:02:47Z", - "updated_at": "2020-12-23T16:06:02Z", + "updated_at": "2020-12-24T07:46:20Z", "pushed_at": "2020-12-23T10:08:16Z", - "stargazers_count": 5, - "watchers_count": 5, - "forks_count": 2, - "forks": 2, - "watchers": 5, + "stargazers_count": 17, + "watchers_count": 17, + "forks_count": 3, + "forks": 3, + "watchers": 17, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-17144.json b/2020/CVE-2020-17144.json index 52cf005dd4..dbbad93193 100644 --- a/2020/CVE-2020-17144.json +++ b/2020/CVE-2020-17144.json @@ -13,8 +13,8 @@ "description": "Exchange2010 authorized RCE", "fork": false, "created_at": "2020-12-09T10:30:16Z", - "updated_at": "2020-12-23T11:06:09Z", - "pushed_at": "2020-12-09T10:32:44Z", + "updated_at": "2020-12-24T08:11:54Z", + "pushed_at": "2020-12-24T08:11:51Z", "stargazers_count": 80, "watchers_count": 80, "forks_count": 31, @@ -36,13 +36,13 @@ "description": "weaponized tool for CVE-2020-17144", "fork": false, "created_at": "2020-12-09T20:57:16Z", - "updated_at": "2020-12-24T01:22:43Z", + "updated_at": "2020-12-24T08:32:37Z", "pushed_at": "2020-12-09T20:57:32Z", - "stargazers_count": 95, - "watchers_count": 95, + "stargazers_count": 99, + "watchers_count": 99, "forks_count": 16, "forks": 16, - "watchers": 95, + "watchers": 99, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-17530.json b/2020/CVE-2020-17530.json index fafbf88b31..45a5fed16a 100644 --- a/2020/CVE-2020-17530.json +++ b/2020/CVE-2020-17530.json @@ -13,13 +13,13 @@ "description": null, "fork": false, "created_at": "2020-12-09T09:53:08Z", - "updated_at": "2020-12-17T06:02:50Z", + "updated_at": "2020-12-24T03:40:47Z", "pushed_at": "2020-12-09T09:57:45Z", - "stargazers_count": 65, - "watchers_count": 65, + "stargazers_count": 64, + "watchers_count": 64, "forks_count": 13, "forks": 13, - "watchers": 65, + "watchers": 64, "score": 0 }, { diff --git a/2020/CVE-2020-17531.json b/2020/CVE-2020-17531.json new file mode 100644 index 0000000000..1f2b6f01f1 --- /dev/null +++ b/2020/CVE-2020-17531.json @@ -0,0 +1,25 @@ +[ + { + "id": 319884337, + "name": "CVE-2020-17531", + "full_name": "154802388\/CVE-2020-17531", + "owner": { + "login": "154802388", + "id": 44390729, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/44390729?v=4", + "html_url": "https:\/\/github.com\/154802388" + }, + "html_url": "https:\/\/github.com\/154802388\/CVE-2020-17531", + "description": "Apache Struts2框架是一个用于开发Java EE网络应用程序的Web框架。Apache Struts于2020年12月08日披露 S2-061 Struts 远程代码执行漏洞(CVE-2020-17530),在使用某些tag等情况下可能存在OGNL表达式注入漏洞,从而造成远程代码执行,风险极大。提醒我校Apache Struts用户尽快采取安全措施阻止漏洞攻击。", + "fork": false, + "created_at": "2020-12-09T08:01:10Z", + "updated_at": "2020-12-24T03:29:48Z", + "pushed_at": "2020-12-09T03:10:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-35489.json b/2020/CVE-2020-35489.json new file mode 100644 index 0000000000..9d180fa26a --- /dev/null +++ b/2020/CVE-2020-35489.json @@ -0,0 +1,25 @@ +[ + { + "id": 324114493, + "name": "Check-WP-CVE-2020-35489", + "full_name": "dn9uy3n\/Check-WP-CVE-2020-35489", + "owner": { + "login": "dn9uy3n", + "id": 21336403, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/21336403?v=4", + "html_url": "https:\/\/github.com\/dn9uy3n" + }, + "html_url": "https:\/\/github.com\/dn9uy3n\/Check-WP-CVE-2020-35489", + "description": null, + "fork": false, + "created_at": "2020-12-24T09:10:17Z", + "updated_at": "2020-12-24T09:10:21Z", + "pushed_at": "2020-12-24T09:10:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/README.md b/README.md index 3d7ea5c60e..5a47fcb6e4 100644 --- a/README.md +++ b/README.md @@ -2398,6 +2398,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - [DaBoQuan/CVE-2020-14645](https://github.com/DaBoQuan/CVE-2020-14645) - [ChenZIDu/CVE-2020-14645](https://github.com/ChenZIDu/CVE-2020-14645) - [HYWZ36/CVE-2020-14645-code](https://github.com/HYWZ36/CVE-2020-14645-code) +- [Schira4396/CVE-2020-14645](https://github.com/Schira4396/CVE-2020-14645) ### CVE-2020-14750 (2020-11-01) @@ -2705,6 +2706,9 @@ A remote code execution vulnerability exists in Microsoft Outlook software when - [0neb1n/CVE-2020-16947](https://github.com/0neb1n/CVE-2020-16947) - [MasterSploit/CVE-2020-16947](https://github.com/MasterSploit/CVE-2020-16947) +### CVE-2020-17008 +- [jas502n/CVE-2020-17008](https://github.com/jas502n/CVE-2020-17008) + ### CVE-2020-17057 (2020-11-11) @@ -2759,6 +2763,14 @@ Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may - [fengziHK/CVE-2020-17530-strust2-061](https://github.com/fengziHK/CVE-2020-17530-strust2-061) - [ludy-dev/freemarker_RCE_struts2_s2-061](https://github.com/ludy-dev/freemarker_RCE_struts2_s2-061) +### CVE-2020-17531 (2020-12-08) + + +A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version. + + +- [154802388/CVE-2020-17531](https://github.com/154802388/CVE-2020-17531) + ### CVE-2020-23489 (2020-11-16) @@ -3381,6 +3393,14 @@ In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is ### CVE-2020-35488 - [GuillaumePetit84/CVE-2020-35488](https://github.com/GuillaumePetit84/CVE-2020-35488) +### CVE-2020-35489 (2020-12-17) + + +The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. + + +- [dn9uy3n/Check-WP-CVE-2020-35489](https://github.com/dn9uy3n/Check-WP-CVE-2020-35489) + ### CVE-2020-35590 (2020-12-21)