-
Notifications
You must be signed in to change notification settings - Fork 781
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d07cb64
commit 369967e
Showing
18 changed files
with
245 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2013-5966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5966) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://github.com/zkoss/zk/blob/v5.0.13/zkdoc/release-note | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
### [CVE-2021-1106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1106) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Shield%20TV&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privileges%2C%20denial%20of%20service%2C%20information%20disclosure%2C%20and%20data%20tampering&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
### [CVE-2021-1107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1107) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Shield%20TV&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=code%20execution%2C%20denial%20of%20service%2C%20loss%20of%20integrity&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
### [CVE-2021-1108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1108) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=Shield%20TV&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=denial%20of%20service%2C%20partial%20integrity%2C%20and%20confidentiality%20loss&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-1109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1109) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1.&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=data%20integrity%2C%20denial%20of%20service.&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-1110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1110) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX.&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=denial%20of%20service%2C%20data%20corruption&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-1111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1111) | ||
![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) | ||
|
||
### Description | ||
|
||
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-1112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1112) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Null%20Pointer%20Dereference&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-1113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1113) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX%2C%20Jetson%20Nano%2C%20Jetson%20Nano%202GB%2C%20Jetson%20TX1&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clients. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-1114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1114) | ||
![](https://img.shields.io/static/v1?label=Product&message=NVIDIA%20Jetson%20AGX%20Xavier%20series%2C%20Jetson%20Xavier%20NX%2C%20Jetson%20TX2%20series%2C%20Jetson%20TX2%20NX&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) | ||
|
||
### Description | ||
|
||
NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://nvidia.custhelp.com/app/answers/detail/a_id/5216 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
### [CVE-2024-25092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25092) | ||
![](https://img.shields.io/static/v1?label=Product&message=NextMove%20Lite&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) | ||
|
||
### Description | ||
|
||
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/RandomRobbieBF/CVE-2024-25092 | ||
- https://github.com/nomi-sec/PoC-in-GitHub | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-5310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5310) | ||
![](https://img.shields.io/static/v1?label=Product&message=JFinalCMS&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2020221020%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266121 was assigned to this vulnerability. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://gitee.com/heyewei/JFinalcms/issues/I8VHM2 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-5379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5379) | ||
![](https://img.shields.io/static/v1?label=Product&message=JFinalCMS&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240111%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266291. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://gitee.com/heyewei/JFinalcms/issues/I8VHGR | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters