-
Notifications
You must be signed in to change notification settings - Fork 775
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c96f7c2
commit 4778dc1
Showing
46 changed files
with
378 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-28077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28077) | ||
![](https://img.shields.io/static/v1?label=Product&message=Dell%20BSAFE%20SSL-J%09&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=6.0.x%3C%3D%206.5%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1295%3A%20Debug%20Messages%20Revealing%20Unnecessary%20Information&color=brighgreen) | ||
|
||
### Description | ||
|
||
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-45696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45696) | ||
![](https://img.shields.io/static/v1?label=Product&message=HCL%20Sametime&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.5%2C%2011.6%2C%2011.6%20IF1%2C%2012.0%2C%2012.0%20FP1%2C%2012.0.1%2C%2012.0.1%20FP1%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-45698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45698) | ||
![](https://img.shields.io/static/v1?label=Product&message=HCL%20Sametime&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.5%2C%2011.6%2C%2011.6%20IF1%2C%2012.0%2C%2012.0%20FP1%2C%2012.0.1%2C%2012.0.1%20FP1%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1215) | ||
![](https://img.shields.io/static/v1?label=Product&message=CRUD%20without%20Page%20Reload&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1256) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jspxcms&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.2.0%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-1257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1257) | ||
![](https://img.shields.io/static/v1?label=Product&message=Jspxcms&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.2.0%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22237) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Aria%20Operations%20for%20Networks&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20VMware%20Aria%20Operations%20for%20Networks%206.x%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Local%20Privilege%20Escalation%20vulnerability&color=brighgreen) | ||
|
||
### Description | ||
|
||
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22238) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Aria%20Operations%20for%20Networks&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20VMware%20Aria%20Operations%20for%20Networks%206.x%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting%20Vulnerability&color=brighgreen) | ||
|
||
### Description | ||
|
||
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22239) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Aria%20Operations%20for%20Networks&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20VMware%20Aria%20Operations%20for%20Networks%206.x%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Local%20Privilege%20Escalation%20vulnerability&color=brighgreen) | ||
|
||
### Description | ||
|
||
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22240) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Aria%20Operations%20for%20Networks&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20VMware%20Aria%20Operations%20for%20Networks%206.x%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Local%20File%20Read%20vulnerability&color=brighgreen) | ||
|
||
### Description | ||
|
||
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22241) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Aria%20Operations%20for%20Networks&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20VMware%20Aria%20Operations%20for%20Networks%206.x%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting%20vulnerability&color=brighgreen) | ||
|
||
### Description | ||
|
||
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22386](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22386) | ||
![](https://img.shields.io/static/v1?label=Product&message=Linux%20kernel&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=v4.11-rc1%3C%20v6.6-rc1%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-362%20Concurrent%20Execution%20using%20Shared%20Resource%20with%20Improper%20Synchronization%20('Race%20Condition')&color=brighgreen) | ||
|
||
### Description | ||
|
||
A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22533) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-22779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22779) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
Oops, something went wrong.