Update Sun Jun 9 18:08:43 UTC 2024

2013/CVE-2013-5966.md

@@ -0,0 +1,17 @@
+### [CVE-2013-5966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5966)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
+
+### POC
+
+#### Reference
+- https://github.com/zkoss/zk/blob/v5.0.13/zkdoc/release-note
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-1516.md

@@ -11,6 +11,7 @@ The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Fir
 
 #### Reference
 - http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/
+- http://www.slideshare.net/ibmsecurity/overtaking-firefox-profiles-vulnerabilities-in-firefox-for-android
 
 #### Github
 No PoCs found on GitHub currently.

2014/CVE-2014-9673.md

@@ -10,6 +10,7 @@ Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c
 ### POC
 
 #### Reference
+- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
 
 #### Github

2021/CVE-2021-1106.md

@@ -0,0 +1,18 @@
+### [CVE-2021-1106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1106)
+![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Shield%20TV&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privileges%2C%20denial%20of%20service%2C%20information%20disclosure%2C%20and%20data%20tampering&color=brighgreen)
+
+### Description
+
+NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1107.md

@@ -0,0 +1,18 @@
+### [CVE-2021-1107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1107)
+![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Shield%20TV&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=code%20execution%2C%20denial%20of%20service%2C%20loss%20of%20integrity&color=brighgreen)
+
+### Description
+
+NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1108.md

@@ -0,0 +1,18 @@
+### [CVE-2021-1108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1108)
+![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Shield%20TV&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=denial%20of%20service%2C%20partial%20integrity%2C%20and%20confidentiality%20loss&color=brighgreen)
+
+### Description
+
+NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1109.md

@@ -0,0 +1,17 @@
+### [CVE-2021-1109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1109)
+![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1.&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=data%20integrity%2C%20denial%20of%20service.&color=brighgreen)
+
+### Description
+
+NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1110.md

@@ -0,0 +1,17 @@
+### [CVE-2021-1110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1110)
+![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX.&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=denial%20of%20service%2C%20data%20corruption&color=brighgreen)
+
+### Description
+
+NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1111.md

@@ -0,0 +1,17 @@
+### [CVE-2021-1111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1111)
+![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen)
+
+### Description
+
+Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1112.md

@@ -0,0 +1,17 @@
+### [CVE-2021-1112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1112)
+![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Null%20Pointer%20Dereference&color=brighgreen)
+
+### Description
+
+NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1113.md

@@ -0,0 +1,17 @@
+### [CVE-2021-1113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1113)
+![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1114.md

@@ -0,0 +1,17 @@
+### [CVE-2021-1114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1114)
+![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen)
+
+### Description
+
+NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service.
+
+### POC
+
+#### Reference
+- https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-2586.md

@@ -10,6 +10,7 @@ It was discovered that a nft object or expression could reference a nft set on a
 ### POC
 
 #### Reference
+- https://ubuntu.com/security/notices/USN-5560-1
 - https://ubuntu.com/security/notices/USN-5560-2
 - https://ubuntu.com/security/notices/USN-5562-1
 - https://ubuntu.com/security/notices/USN-5564-1

2022/CVE-2022-2588.md

@@ -10,6 +10,7 @@ It was discovered that the cls_route filter implementation in the Linux kernel w
 ### POC
 
 #### Reference
+- https://ubuntu.com/security/notices/USN-5560-1
 - https://ubuntu.com/security/notices/USN-5560-2
 - https://ubuntu.com/security/notices/USN-5562-1
 - https://ubuntu.com/security/notices/USN-5564-1

2024/CVE-2024-25092.md

@@ -0,0 +1,18 @@
+### [CVE-2024-25092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25092)
+![](https://img.shields.io/static/v1?label=Product&message=NextMove%20Lite&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/RandomRobbieBF/CVE-2024-25092
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2024/CVE-2024-5310.md

@@ -0,0 +1,17 @@
+### [CVE-2024-5310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5310)
+![](https://img.shields.io/static/v1?label=Product&message=JFinalCMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020221020%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266121 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://gitee.com/heyewei/JFinalcms/issues/I8VHM2
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-5379.md

@@ -0,0 +1,17 @@
+### [CVE-2024-5379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5379)
+![](https://img.shields.io/static/v1?label=Product&message=JFinalCMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240111%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266291.
+
+### POC
+
+#### Reference
+- https://gitee.com/heyewei/JFinalcms/issues/I8VHGR
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -24329,6 +24329,7 @@ CVE-2013-5962 - http://packetstormsecurity.com/files/123303
 CVE-2013-5962 - http://www.exploit-db.com/exploits/28377
 CVE-2013-5962 - http://www.vulnerability-lab.com/get_content.php?id=1080
 CVE-2013-5963 - http://packetstormsecurity.com/files/123235
+CVE-2013-5966 - https://github.com/zkoss/zk/blob/v5.0.13/zkdoc/release-note
 CVE-2013-5973 - http://www.vmware.com/security/advisories/VMSA-2013-0016.html
 CVE-2013-5977 - http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
 CVE-2013-5977 - http://seclists.org/bugtraq/2013/Oct/52
@@ -25326,6 +25327,7 @@ CVE-2014-1513 - http://www.oracle.com/technetwork/topics/security/bulletinapr201
 CVE-2014-1513 - https://bugzilla.mozilla.org/show_bug.cgi?id=982974
 CVE-2014-1514 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
 CVE-2014-1516 - http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/
+CVE-2014-1516 - http://www.slideshare.net/ibmsecurity/overtaking-firefox-profiles-vulnerabilities-in-firefox-for-android
 CVE-2014-1517 - https://bugzilla.mozilla.org/show_bug.cgi?id=713926
 CVE-2014-1518 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
 CVE-2014-1519 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
@@ -31323,6 +31325,7 @@ CVE-2014-9670 - http://www.oracle.com/technetwork/topics/security/bulletinapr201
 CVE-2014-9671 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
 CVE-2014-9672 - http://packetstormsecurity.com/files/134395/FreeType-2.5.3-Mac-FOND-Resource-Parsing-Out-Of-Bounds-Read-From-Stack.html
 CVE-2014-9672 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
+CVE-2014-9673 - http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
 CVE-2014-9673 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
 CVE-2014-9674 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
 CVE-2014-9675 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
@@ -70843,6 +70846,15 @@ CVE-2021-1100 - https://nvidia.custhelp.com/app/answers/detail/a_id/5211
 CVE-2021-1101 - https://nvidia.custhelp.com/app/answers/detail/a_id/5211
 CVE-2021-1102 - https://nvidia.custhelp.com/app/answers/detail/a_id/5211
 CVE-2021-1103 - https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+CVE-2021-1106 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1107 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1108 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1109 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1110 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1111 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1112 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1113 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
+CVE-2021-1114 - https://nvidia.custhelp.com/app/answers/detail/a_id/5216
 CVE-2021-1167 - http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html
 CVE-2021-1256 - https://kc.mcafee.com/corporate/index?page=content&id=SB10382
 CVE-2021-1257 - https://kc.mcafee.com/corporate/index?page=content&id=SB10382
@@ -82151,6 +82163,7 @@ CVE-2022-25854 - https://bsg.tech/blog/cve-2022-25854-stored-xss-in-yaireo-tagif
 CVE-2022-25855 - https://security.snyk.io/vuln/SNYK-JS-CREATECHOOAPP3-3157951
 CVE-2022-25858 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722
 CVE-2022-25858 - https://snyk.io/vuln/SNYK-JS-TERSER-2806366
+CVE-2022-2586 - https://ubuntu.com/security/notices/USN-5560-1
 CVE-2022-2586 - https://ubuntu.com/security/notices/USN-5560-2
 CVE-2022-2586 - https://ubuntu.com/security/notices/USN-5562-1
 CVE-2022-2586 - https://ubuntu.com/security/notices/USN-5564-1
@@ -82177,6 +82190,7 @@ CVE-2022-25875 - https://snyk.io/vuln/SNYK-JS-SVELTE-2931080
 CVE-2022-25876 - https://snyk.io/vuln/SNYK-JS-LINKPREVIEWJS-2933520
 CVE-2022-25878 - https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2841507
 CVE-2022-25878 - https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-2441248
+CVE-2022-2588 - https://ubuntu.com/security/notices/USN-5560-1
 CVE-2022-2588 - https://ubuntu.com/security/notices/USN-5560-2
 CVE-2022-2588 - https://ubuntu.com/security/notices/USN-5562-1
 CVE-2022-2588 - https://ubuntu.com/security/notices/USN-5564-1
@@ -96865,6 +96879,7 @@ CVE-2024-5136 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Manage
 CVE-2024-5137 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md
 CVE-2024-5138 - https://bugs.launchpad.net/snapd/+bug/2065077
 CVE-2024-5145 - https://github.com/CveSecLook/cve/issues/38
+CVE-2024-5310 - https://gitee.com/heyewei/JFinalcms/issues/I8VHM2
 CVE-2024-5350 - https://github.com/anji-plus/report/files/15363269/aj-report.pdf
 CVE-2024-5351 - https://github.com/anji-plus/report/files/15363269/aj-report.pdf
 CVE-2024-5352 - https://github.com/anji-plus/report/files/15363269/aj-report.pdf
@@ -96879,6 +96894,7 @@ CVE-2024-5365 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_Hou
 CVE-2024-5366 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-4.md
 CVE-2024-5377 - https://github.com/yuyuliq/cve/issues/1
 CVE-2024-5378 - https://github.com/GAO-UNO/cve/blob/main/sql2.md
+CVE-2024-5379 - https://gitee.com/heyewei/JFinalcms/issues/I8VHGR
 CVE-2024-5381 - https://github.com/Lanxiy7th/lx_CVE_report-/issues/2
 CVE-2024-5390 - https://github.com/Lanxiy7th/lx_CVE_report-/issues/3
 CVE-2024-5391 - https://github.com/Lanxiy7th/lx_CVE_report-/issues/4