Update Fri May 31 18:06:42 UTC 2024

trickest · May 31, 2024 · 007e6c9 · 007e6c9
1 parent 2619eb7
commit 007e6c9
Show file tree

Hide file tree

Showing 24 changed files with 142 additions and 2 deletions.
diff --git a/2013/CVE-2013-4312.md b/2013/CVE-2013-4312.md
@@ -11,6 +11,7 @@ The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limit
 
 #### Reference
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2015/CVE-2015-7566.md b/2015/CVE-2015-7566.md
@@ -11,6 +11,7 @@ The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel thr
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 - http://www.ubuntu.com/usn/USN-2948-2
 - https://bugzilla.redhat.com/show_bug.cgi?id=1283371
 - https://www.exploit-db.com/exploits/39540/

diff --git a/2015/CVE-2015-7833.md b/2015/CVE-2015-7833.md
@@ -10,6 +10,7 @@ The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.1
 ### POC
 
 #### Reference
+- http://www.ubuntu.com/usn/USN-2932-1
 - http://www.ubuntu.com/usn/USN-2948-2
 
 #### Github

diff --git a/2015/CVE-2015-8767.md b/2015/CVE-2015-8767.md
@@ -13,6 +13,7 @@ net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-0723.md b/2016/CVE-2016-0723.md
@@ -13,6 +13,7 @@ Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux ke
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 - http://www.ubuntu.com/usn/USN-2948-2
 
 #### Github

diff --git a/2016/CVE-2016-2069.md b/2016/CVE-2016-2069.md
@@ -12,6 +12,7 @@ Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows loca
 #### Reference
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2384.md b/2016/CVE-2016-2384.md
@@ -12,6 +12,7 @@ Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c
 #### Reference
 - http://www.securityfocus.com/bid/83256
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 - https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384
 
 #### Github

diff --git a/2016/CVE-2016-2543.md b/2016/CVE-2016-2543.md
@@ -11,6 +11,7 @@ The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in th
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2544.md b/2016/CVE-2016-2544.md
@@ -11,6 +11,7 @@ Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 - https://bugzilla.redhat.com/show_bug.cgi?id=1311558
 
 #### Github

diff --git a/2016/CVE-2016-2545.md b/2016/CVE-2016-2545.md
@@ -11,6 +11,7 @@ The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel befor
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2546.md b/2016/CVE-2016-2546.md
@@ -11,6 +11,7 @@ sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mu
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2547.md b/2016/CVE-2016-2547.md
@@ -11,6 +11,7 @@ sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach t
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2548.md b/2016/CVE-2016-2548.md
@@ -11,6 +11,7 @@ sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2549.md b/2016/CVE-2016-2549.md
@@ -11,6 +11,7 @@ sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2782.md b/2016/CVE-2016-2782.md
@@ -11,6 +11,7 @@ The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel befor
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 - http://www.ubuntu.com/usn/USN-2948-2
 - https://www.exploit-db.com/exploits/39539/
 

diff --git a/2016/CVE-2016-3134.md b/2016/CVE-2016-3134.md
@@ -13,6 +13,7 @@ The netfilter subsystem in the Linux kernel through 4.5.2 does not validate cert
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
 - http://www.ubuntu.com/usn/USN-2930-2
+- http://www.ubuntu.com/usn/USN-2932-1
 - https://code.google.com/p/google-security-research/issues/detail?id=758
 
 #### Github

diff --git a/2022/CVE-2022-41678.md b/2022/CVE-2022-41678.md
@@ -1,11 +1,11 @@
 ### [CVE-2022-41678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678)
 ![](https://img.shields.io/static/v1?label=Product&message=Apache%20ActiveMQ&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen)
 
 ### Description
 
-Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allowsorg.jolokia.http.AgentServlet to handler request to /api/jolokiaorg.jolokia.http.HttpRequestHandler#handlePostRequest is able tocreate JmxRequest through JSONObject. And calls toorg.jolokia.http.HttpRequestHandler#executeRequest.Into deeper calling stacks,org.jolokia.handler.ExecHandler#doHandleRequest is able to invokethrough refection.And then, RCE is able to be achieved viajdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.1 Call newRecording.2 Call setConfiguration. And a webshell data hides in it.3 Call startRecording.4 Call copyTo method. The webshell will be written to a .jsp file.The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.
+Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allowsorg.jolokia.http.AgentServlet to handler request to /api/jolokiaorg.jolokia.http.HttpRequestHandler#handlePostRequest is able tocreate JmxRequest through JSONObject. And calls toorg.jolokia.http.HttpRequestHandler#executeRequest.Into deeper calling stacks,org.jolokia.handler.ExecHandler#doHandleRequest can be invokedthrough refection. This could lead to RCE through viavarious mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.1 Call newRecording.2 Call setConfiguration. And a webshell data hides in it.3 Call startRecording.4 Call copyTo method. The webshell will be written to a .jsp file.The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.
 
 ### POC
 

diff --git a/2024/CVE-2024-23692.md b/2024/CVE-2024-23692.md
@@ -0,0 +1,17 @@
+### [CVE-2024-23692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23692)
+![](https://img.shields.io/static/v1?label=Product&message=HTTP%20File%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.3m%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1336%3A%20Improper%20Neutralization%20of%20Special%20Elements%20Used%20in%20a%20Template%20Engine&color=brighgreen)
+
+### Description
+
+** UNSUPPPORTED WHEN ASSIGNED ** Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
+
+### POC
+
+#### Reference
+- https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-28736.md b/2024/CVE-2024-28736.md
@@ -0,0 +1,17 @@
+### [CVE-2024-28736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28736)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.
+
+### POC
+
+#### Reference
+- https://packetstormsecurity.com/files/178794/Debezium-UI-2.5-Credential-Disclosure.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-30268.md b/2024/CVE-2024-30268.md
@@ -0,0 +1,17 @@
+### [CVE-2024-30268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30268)
+![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3D%201.3.x%20DEV%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.
+
+### POC
+
+#### Reference
+- https://github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-30849.md b/2024/CVE-2024-30849.md
@@ -0,0 +1,17 @@
+### [CVE-2024-30849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30849)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.
+
+### POC
+
+#### Reference
+- https://github.com/wkeyi0x1/vul-report/issues/3
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-37017.md b/2024/CVE-2024-37017.md
@@ -0,0 +1,17 @@
+### [CVE-2024-37017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37017)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so.
+
+### POC
+
+#### Reference
+- https://github.com/cinecert/asdcplib/issues/138
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-5565.md b/2024/CVE-2024-5565.md
@@ -0,0 +1,17 @@
+### [CVE-2024-5565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5565)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution.
+
+### POC
+
+#### Reference
+- https://research.jfrog.com/vulnerabilities/vanna-prompt-injection-rce-jfsa-2024-001034449/
+
+#### Github
+No PoCs found on GitHub currently.
+