Update Fri Apr 19 09:59:41 UTC 2024

trickest · Apr 19, 2024 · 2bee5ab · 2bee5ab
1 parent ac16f10
commit 2bee5ab
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 1 deletion.
diff --git a/2010/CVE-2010-2526.md b/2010/CVE-2010-2526.md
@@ -0,0 +1,17 @@
+### [CVE-2010-2526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2526)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-1001-1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2011/CVE-2011-1590.md b/2011/CVE-2011-1590.md
@@ -0,0 +1,17 @@
+### [CVE-2011-1590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1590)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
+
+### POC
+
+#### Reference
+- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-22857.md b/2024/CVE-2024-22857.md
@@ -10,7 +10,7 @@ Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

diff --git a/2024/CVE-2024-2761.md b/2024/CVE-2024-2761.md
@@ -0,0 +1,17 @@
+### [CVE-2024-2761](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2761)
+![](https://img.shields.io/static/v1?label=Product&message=Genesis%20Blocks&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -17654,6 +17654,7 @@ CVE-2010-2515 - http://packetstormsecurity.org/1006-exploits/joomlajfaq-sqlxss.t
 CVE-2010-2521 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
 CVE-2010-2524 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
 CVE-2010-2525 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2646a1f61a3b5525914757f10fa12b5b94713648
+CVE-2010-2526 - http://www.ubuntu.com/usn/USN-1001-1
 CVE-2010-2535 - http://www.ocert.org/advisories/ocert-2010-002.html
 CVE-2010-2535 - http://www.openwall.com/lists/oss-security/2010/07/20/2
 CVE-2010-2535 - http://www.openwall.com/lists/oss-security/2010/07/21/8
@@ -19563,6 +19564,7 @@ CVE-2011-1569 - http://www.exploit-db.com/exploits/17011
 CVE-2011-1570 - http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
 CVE-2011-1571 - http://issues.liferay.com/browse/LPS-14726
 CVE-2011-1571 - http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
+CVE-2011-1590 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15050
 CVE-2011-1591 - http://www.exploit-db.com/exploits/17195
 CVE-2011-1591 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836
 CVE-2011-1595 - https://bugzilla.redhat.com/show_bug.cgi?id=676252
@@ -93184,6 +93186,7 @@ CVE-2024-22851 - https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-
 CVE-2024-22852 - https://www.dlink.com/en/security-bulletin/
 CVE-2024-22853 - https://www.dlink.com/en/security-bulletin/
 CVE-2024-22854 - https://tomekwasiak.pl/cve-2024-22854/
+CVE-2024-22857 - https://www.ebryx.com/blogs/arbitrary-code-execution-in-zlog-cve-2024-22857
 CVE-2024-22859 - https://github.com/github/advisory-database/pull/3490
 CVE-2024-22871 - https://hackmd.io/@fe1w0/rymmJGida
 CVE-2024-22889 - https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9
@@ -93678,6 +93681,7 @@ CVE-2024-27570 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_c
 CVE-2024-27571 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md
 CVE-2024-27572 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md
 CVE-2024-27592 - https://medium.com/@nicatabbasov00002/open-redirect-vulnerability-62986ccaf0f7
+CVE-2024-2761 - https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/
 CVE-2024-27619 - https://www.dlink.com/en/security-bulletin/
 CVE-2024-27620 - https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html
 CVE-2024-27625 - https://packetstormsecurity.com/files/177243/CMS-Made-Simple-2.2.19-Cross-Site-Scripting.html