Update Tue Dec 19 12:28:52 UTC 2023

2008/CVE-2008-1657.md

@@ -10,7 +10,7 @@ OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypas
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/usn-649-1
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2008/CVE-2008-4109.md

@@ -0,0 +1,17 @@
+### [CVE-2008-4109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/usn-649-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-3647.md

@@ -11,6 +11,7 @@ arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 d
 
 #### Reference
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
+- https://bugzilla.redhat.com/show_bug.cgi?id=1144897
 
 #### Github
 No PoCs found on GitHub currently.

2020/CVE-2020-9388.md

@@ -0,0 +1,18 @@
+### [CVE-2020-9388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9388)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
+
+### POC
+
+#### Reference
+- https://support.squaredup.com/hc/en-us/articles/360017568238
+- https://support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRF
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-9389.md

@@ -0,0 +1,18 @@
+### [CVE-2020-9389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9389)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
+
+### POC
+
+#### Reference
+- https://support.squaredup.com/hc/en-us/articles/360017255858
+- https://support.squaredup.com/hc/en-us/articles/360019427238-CVE-2020-9389-Username-enumeration-possible-via-a-timing-attack
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-9390.md

@@ -0,0 +1,18 @@
+### [CVE-2020-9390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9390)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.
+
+### POC
+
+#### Reference
+- https://support.squaredup.com/hc/en-us/articles/360017568258
+- https://support.squaredup.com/hc/en-us/articles/360019427258-CVE-2020-9390-Stored-cross-site-scripting
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-40091.md

@@ -10,7 +10,8 @@ An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://support.squaredup.com
+- https://support.squaredup.com/hc/en-us/articles/4410656394129-CVE-2021-40091-SSRF-issue
 
 #### Github
 - https://github.com/kaje11/CVEs

2021/CVE-2021-40092.md

@@ -10,7 +10,8 @@ A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://support.squaredup.com
+- https://support.squaredup.com/hc/en-us/articles/4410635417233-CVE-2021-40092-Stored-cross-site-scripting-Image-tile-
 
 #### Github
 - https://github.com/kaje11/CVEs

2021/CVE-2021-40093.md

@@ -10,7 +10,8 @@ A cross-site scripting (XSS) vulnerability in integration configuration in Squar
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://support.squaredup.com
+- https://support.squaredup.com/hc/en-us/articles/4410635418257-CVE-2021-40093-Stored-cross-site-scripting-Action-Buttons-
 
 #### Github
 - https://github.com/kaje11/CVEs

2021/CVE-2021-40094.md

@@ -10,7 +10,8 @@ A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successf
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://support.squaredup.com
+- https://support.squaredup.com/hc/en-us/articles/4410656395537-CVE-2021-40094-DOM-based-stored-cross-site-scripting
 
 #### Github
 - https://github.com/kaje11/CVEs

2021/CVE-2021-40095.md

@@ -10,7 +10,8 @@ An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log featu
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://support.squaredup.com
+- https://support.squaredup.com/hc/en-us/articles/4410635419153-CVE-2021-40095-Reading-arbitrary-files
 
 #### Github
 - https://github.com/kaje11/CVEs

2021/CVE-2021-40096.md

@@ -10,7 +10,8 @@ A cross-site scripting (XSS) vulnerability in integration configuration in Squar
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://support.squaredup.com
+- https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-
 
 #### Github
 - https://github.com/kaje11/CVEs

2022/CVE-2022-27531.md

@@ -0,0 +1,17 @@
+### [CVE-2022-27531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27531)
+![](https://img.shields.io/static/v1?label=Product&message=Autodesk%203ds%20Max&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bound%20Read%20Vulnerability%20&color=brighgreen)
+
+### Description
+
+A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
+
+### POC
+
+#### Reference
+- https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0010
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-27532.md

@@ -0,0 +1,17 @@
+### [CVE-2022-27532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27532)
+![](https://img.shields.io/static/v1?label=Product&message=Autodesk%203ds%20Max&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Ou-of-bound%20Write%20vulnerability%20&color=brighgreen)
+
+### Description
+
+A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.
+
+### POC
+
+#### Reference
+- https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0010
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-46786.md

@@ -10,7 +10,7 @@ SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://support.squaredup.com
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-6222.md

@@ -0,0 +1,17 @@
+### [CVE-2023-6222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6222)
+![](https://img.shields.io/static/v1?label=Product&message=Quttera%20Web%20Malware%20Scanner&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.4.2.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
+
+### Description
+
+IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks
+
+### POC
+
+#### Reference
+- https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-6289.md

@@ -0,0 +1,17 @@
+### [CVE-2023-6289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6289)
+![](https://img.shields.io/static/v1?label=Product&message=Swift%20Performance%20Lite&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.6.15%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen)
+
+### Description
+
+The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2023/CVE-2023-6778.md

@@ -0,0 +1,17 @@
+### [CVE-2023-6778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6778)
+![](https://img.shields.io/static/v1?label=Product&message=allegroai%2Fclearml-server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.13.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user's ClearML login credentials).
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/5f3fffac-0358-48e6-a500-81bac13e0e2b
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-6927.md

@@ -0,0 +1,19 @@
+### [CVE-2023-6927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6927)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Build%20of%20Keycloak&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=keycloak-core&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)
+
+### Description
+
+A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=2255027
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -9353,6 +9353,7 @@ CVE-2008-1649 - https://www.exploit-db.com/exploits/5333
 CVE-2008-1650 - https://www.exploit-db.com/exploits/5333
 CVE-2008-1651 - https://www.exploit-db.com/exploits/5333
 CVE-2008-1654 - http://www.gnucitizen.org/blog/hacking-the-interwebs/
+CVE-2008-1657 - http://www.ubuntu.com/usn/usn-649-1
 CVE-2008-1663 - http://securityreason.com/securityalert/3979
 CVE-2008-1667 - http://securityreason.com/securityalert/4054
 CVE-2008-1678 - http://securityreason.com/securityalert/3981
@@ -11084,6 +11085,7 @@ CVE-2008-4106 - https://www.exploit-db.com/exploits/6397
 CVE-2008-4106 - https://www.exploit-db.com/exploits/6421
 CVE-2008-4107 - http://securityreason.com/securityalert/4271
 CVE-2008-4108 - http://securityreason.com/securityalert/4274
+CVE-2008-4109 - http://www.ubuntu.com/usn/usn-649-1
 CVE-2008-4110 - http://securityreason.com/securityalert/4262
 CVE-2008-4113 - http://securityreason.com/securityalert/4266
 CVE-2008-4113 - https://www.exploit-db.com/exploits/7618
@@ -24382,6 +24384,7 @@ CVE-2014-3637 - http://www.openwall.com/lists/oss-security/2019/06/24/13
 CVE-2014-3637 - http://www.openwall.com/lists/oss-security/2019/06/24/14
 CVE-2014-3643 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2014-3647 - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
+CVE-2014-3647 - https://bugzilla.redhat.com/show_bug.cgi?id=1144897
 CVE-2014-3660 - http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
 CVE-2014-3660 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
 CVE-2014-3665 - https://www.cloudbees.com/jenkins-security-advisory-2014-10-30
@@ -66105,6 +66108,12 @@ CVE-2020-9377 - https://supportannouncement.us.dlink.com/announcement/publicatio
 CVE-2020-9380 - https://github.com/migueltarga/CVE-2020-9380
 CVE-2020-9384 - http://packetstormsecurity.com/files/157197/Subex-ROC-Partner-Settlement-10.5-Insecure-Direct-Object-Reference.html
 CVE-2020-9385 - https://sourceforge.net/p/zint/tickets/181/
+CVE-2020-9388 - https://support.squaredup.com/hc/en-us/articles/360017568238
+CVE-2020-9388 - https://support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRF
+CVE-2020-9389 - https://support.squaredup.com/hc/en-us/articles/360017255858
+CVE-2020-9389 - https://support.squaredup.com/hc/en-us/articles/360019427238-CVE-2020-9389-Username-enumeration-possible-via-a-timing-attack
+CVE-2020-9390 - https://support.squaredup.com/hc/en-us/articles/360017568258
+CVE-2020-9390 - https://support.squaredup.com/hc/en-us/articles/360019427258-CVE-2020-9390-Stored-cross-site-scripting
 CVE-2020-9391 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a
 CVE-2020-9392 - https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/
 CVE-2020-9399 - https://blog.zoller.lu/p/tzo-23-2020-avast-generic-archive.html
@@ -71335,6 +71344,18 @@ CVE-2021-4002 - https://www.openwall.com/lists/oss-security/2021/11/25/1
 CVE-2021-4002 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2021-4005 - https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
 CVE-2021-40085 - https://launchpad.net/bugs/1939733
+CVE-2021-40091 - https://support.squaredup.com
+CVE-2021-40091 - https://support.squaredup.com/hc/en-us/articles/4410656394129-CVE-2021-40091-SSRF-issue
+CVE-2021-40092 - https://support.squaredup.com
+CVE-2021-40092 - https://support.squaredup.com/hc/en-us/articles/4410635417233-CVE-2021-40092-Stored-cross-site-scripting-Image-tile-
+CVE-2021-40093 - https://support.squaredup.com
+CVE-2021-40093 - https://support.squaredup.com/hc/en-us/articles/4410635418257-CVE-2021-40093-Stored-cross-site-scripting-Action-Buttons-
+CVE-2021-40094 - https://support.squaredup.com
+CVE-2021-40094 - https://support.squaredup.com/hc/en-us/articles/4410656395537-CVE-2021-40094-DOM-based-stored-cross-site-scripting
+CVE-2021-40095 - https://support.squaredup.com
+CVE-2021-40095 - https://support.squaredup.com/hc/en-us/articles/4410635419153-CVE-2021-40095-Reading-arbitrary-files
+CVE-2021-40096 - https://support.squaredup.com
+CVE-2021-40096 - https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-
 CVE-2021-40104 - https://hackerone.com/reports/1102088
 CVE-2021-40142 - https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf
 CVE-2021-40143 - https://support.sonatype.com/hc/en-us/articles/4405941762579
@@ -76011,6 +76032,8 @@ CVE-2022-27480 - http://seclists.org/fulldisclosure/2022/Apr/20
 CVE-2022-27481 - https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
 CVE-2022-27498 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1531
 CVE-2022-2752 - https://www.secomea.com/support/cybersecurity-advisory
+CVE-2022-27531 - https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0010
+CVE-2022-27532 - https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0010
 CVE-2022-27534 - https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2
 CVE-2022-27535 - https://support.kaspersky.com/general/vulnerability.aspx?el=12430#050822
 CVE-2022-2756 - https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216
@@ -80351,6 +80374,7 @@ CVE-2022-46702 - http://seclists.org/fulldisclosure/2022/Dec/20
 CVE-2022-46741 - https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-001.md
 CVE-2022-46770 - http://packetstormsecurity.com/files/171610/Qubes-Mirage-Firewall-0.8.3-Denial-Of-Service.html
 CVE-2022-46770 - https://github.com/mirage/qubes-mirage-firewall/issues/166
+CVE-2022-46786 - https://support.squaredup.com
 CVE-2022-4683 - https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef
 CVE-2022-4686 - https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637
 CVE-2022-4687 - https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788
@@ -85319,6 +85343,7 @@ CVE-2023-6127 - https://huntr.com/bounties/bf10c72b-5d2e-4c9a-9bd6-d77bdf31027d
 CVE-2023-6146 - https://www.qualys.com/security-advisories/
 CVE-2023-6179 - https://www.honeywell.com/us/en/product-security
 CVE-2023-6188 - https://vuldb.com/?id.245735
+CVE-2023-6222 - https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing
 CVE-2023-6253 - http://packetstormsecurity.com/files/175956/Fortra-Digital-Guardian-Agent-Uninstaller-Cross-Site-Scripting-UninstallKey-Cached.html
 CVE-2023-6253 - http://seclists.org/fulldisclosure/2023/Nov/14
 CVE-2023-6253 - https://r.sec-consult.com/fortra
@@ -85355,6 +85380,8 @@ CVE-2023-6579 - http://packetstormsecurity.com/files/176124/osCommerce-4-SQL-Inj
 CVE-2023-6599 - https://huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e
 CVE-2023-6753 - https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4
 CVE-2023-6773 - https://drive.google.com/drive/folders/1yuc1n6tr57wD8qsT0HAFDVAuii7iibDM?usp=sharing
+CVE-2023-6778 - https://huntr.com/bounties/5f3fffac-0358-48e6-a500-81bac13e0e2b
 CVE-2023-6832 - https://huntr.com/bounties/53105a20-f4b1-45ad-a734-0349de6d7376
 CVE-2023-6889 - https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c
 CVE-2023-6890 - https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d
+CVE-2023-6927 - https://bugzilla.redhat.com/show_bug.cgi?id=2255027