Update Sat May 4 18:03:11 UTC 2024

trickest · May 4, 2024 · 5a4a852 · 5a4a852
1 parent 6749f95
commit 5a4a852
Show file tree

Hide file tree

Showing 10 changed files with 18 additions and 6 deletions.
diff --git a/2016/CVE-2016-2569.md b/2016/CVE-2016-2569.md
@@ -12,6 +12,7 @@ Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to St
 #### Reference
 - http://www.openwall.com/lists/oss-security/2016/02/26/2
 - http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
+- https://usn.ubuntu.com/3557-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2016/CVE-2016-2570.md b/2016/CVE-2016-2570.md
@@ -12,6 +12,7 @@ The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.
 #### Reference
 - http://www.openwall.com/lists/oss-security/2016/02/26/2
 - http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
+- https://usn.ubuntu.com/3557-1/
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2016/CVE-2016-2571.md b/2016/CVE-2016-2571.md
@@ -13,6 +13,7 @@ http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storag
 - http://www.openwall.com/lists/oss-security/2016/02/26/2
 - http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
 - http://www.ubuntu.com/usn/USN-2921-1
+- https://usn.ubuntu.com/3557-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2016/CVE-2016-3948.md b/2016/CVE-2016-3948.md
@@ -10,7 +10,7 @@ Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking,
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://usn.ubuntu.com/3557-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2018/CVE-2018-1000024.md b/2018/CVE-2018-1000024.md
@@ -10,7 +10,7 @@ The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://usn.ubuntu.com/3557-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2018/CVE-2018-1000027.md b/2018/CVE-2018-1000027.md
@@ -10,7 +10,7 @@ The Squid Software Foundation Squid HTTP Caching Proxy version prior to version
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://usn.ubuntu.com/3557-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2024/CVE-2024-2627.md b/2024/CVE-2024-2627.md
@@ -10,7 +10,7 @@ Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remot
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://issues.chromium.org/issues/41493290
 
 #### Github
 - https://github.com/NaInSec/CVE-LIST

diff --git a/2024/CVE-2024-26633.md b/2024/CVE-2024-26633.md
@@ -10,7 +10,7 @@ In the Linux kernel, the following vulnerability has been resolved:ip6_tunnel: f
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd
 
 #### Github
 - https://github.com/NaInSec/CVE-LIST

diff --git a/2024/CVE-2024-33793.md b/2024/CVE-2024-33793.md
@@ -10,7 +10,7 @@ A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allo
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/ymkyu/CVE/tree/main/CVE-2024-33793
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

diff --git a/references.txt b/references.txt
@@ -37982,11 +37982,14 @@ CVE-2016-2563 - https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
 CVE-2016-2564 - https://medium.com/@iancarroll/bypassing-authentication-in-invision-power-board-with-cve-2016-2564-9a24ea3655f9
 CVE-2016-2569 - http://www.openwall.com/lists/oss-security/2016/02/26/2
 CVE-2016-2569 - http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
+CVE-2016-2569 - https://usn.ubuntu.com/3557-1/
 CVE-2016-2570 - http://www.openwall.com/lists/oss-security/2016/02/26/2
 CVE-2016-2570 - http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
+CVE-2016-2570 - https://usn.ubuntu.com/3557-1/
 CVE-2016-2571 - http://www.openwall.com/lists/oss-security/2016/02/26/2
 CVE-2016-2571 - http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
 CVE-2016-2571 - http://www.ubuntu.com/usn/USN-2921-1
+CVE-2016-2571 - https://usn.ubuntu.com/3557-1/
 CVE-2016-2572 - http://www.openwall.com/lists/oss-security/2016/02/26/2
 CVE-2016-2572 - http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
 CVE-2016-2774 - http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
@@ -38684,6 +38687,7 @@ CVE-2016-3943 - http://packetstormsecurity.com/files/136606/Panda-Endpoint-Admin
 CVE-2016-3943 - https://www.exploit-db.com/exploits/39671/
 CVE-2016-3945 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
 CVE-2016-3945 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
+CVE-2016-3948 - https://usn.ubuntu.com/3557-1/
 CVE-2016-3951 - http://www.ubuntu.com/usn/USN-3000-1
 CVE-2016-3951 - http://www.ubuntu.com/usn/USN-3002-1
 CVE-2016-3951 - http://www.ubuntu.com/usn/USN-3003-1
@@ -47598,7 +47602,9 @@ CVE-2018-1000006 - https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-w
 CVE-2018-1000006 - https://www.exploit-db.com/exploits/43899/
 CVE-2018-1000006 - https://www.exploit-db.com/exploits/44357/
 CVE-2018-1000007 - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
+CVE-2018-1000024 - https://usn.ubuntu.com/3557-1/
 CVE-2018-1000026 - https://usn.ubuntu.com/3620-1/
+CVE-2018-1000027 - https://usn.ubuntu.com/3557-1/
 CVE-2018-1000030 - https://www.oracle.com/security-alerts/cpujan2020.html
 CVE-2018-1000049 - http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html
 CVE-2018-1000049 - http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html
@@ -94459,6 +94465,7 @@ CVE-2024-26134 - https://github.com/agronholm/cbor2/security/advisories/GHSA-375
 CVE-2024-26135 - https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8
 CVE-2024-26149 - https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w
 CVE-2024-26152 - https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg
+CVE-2024-2627 - https://issues.chromium.org/issues/41493290
 CVE-2024-26329 - https://x41-dsec.de/lab/advisories/x41-2024-001-chilkat-prng/
 CVE-2024-26333 - https://github.com/matthiaskramm/swftools/issues/219
 CVE-2024-26334 - https://github.com/matthiaskramm/swftools/issues/221
@@ -94485,6 +94492,7 @@ CVE-2024-26548 - https://github.com/cwh031600/vivotek/blob/main/vivotek-FD8166A-
 CVE-2024-26557 - https://github.com/Hebing123/cve/issues/18
 CVE-2024-26559 - https://syst1m.cn/2024/01/22/U%E9%AA%8C%E8%AF%81%E7%BD%91%E7%BB%9C%E7%94%A8%E6%88%B7%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E/
 CVE-2024-26577 - https://github.com/guusec/VSeeDoS
+CVE-2024-26633 - https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd
 CVE-2024-26798 - https://git.kernel.org/stable/c/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f
 CVE-2024-26798 - https://git.kernel.org/stable/c/20a4b5214f7bee13c897477168c77bbf79683c3d
 CVE-2024-26798 - https://git.kernel.org/stable/c/2f91a96b892fab2f2543b4a55740c5bee36b1a6b
@@ -95046,6 +95054,7 @@ CVE-2024-33767 - https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg
 CVE-2024-33768 - https://github.com/keepinggg/poc/tree/main/poc_of_lunasvg
 CVE-2024-3377 - https://github.com/Sospiro014/zday1/blob/main/ear_stord_xss.md
 CVE-2024-3378 - https://vuldb.com/?submit.310642
+CVE-2024-33793 - https://github.com/ymkyu/CVE/tree/main/CVE-2024-33793
 CVE-2024-33832 - https://github.com/helloxz/onenav/issues/186
 CVE-2024-33891 - https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3
 CVE-2024-33905 - https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90