Update Thu May 23 02:13:25 UTC 2024

2013/CVE-2013-5704.md

@@ -15,6 +15,7 @@ The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers
 - http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
 - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
+- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
 
 #### Github
 - https://github.com/8ctorres/SIND-Practicas

2014/CVE-2014-0118.md

@@ -11,6 +11,7 @@ The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the
 
 #### Reference
 - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
+- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
 - https://hackerone.com/reports/20861
 
 #### Github

2014/CVE-2014-0226.md

@@ -13,6 +13,7 @@ Race condition in the mod_status module in the Apache HTTP Server before 2.4.10
 - http://seclists.org/fulldisclosure/2014/Jul/114
 - http://www.exploit-db.com/exploits/34133
 - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
+- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
 
 #### Github
 - https://github.com/8ctorres/SIND-Practicas

2014/CVE-2014-0231.md

@@ -12,6 +12,7 @@ The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a time
 #### Reference
 - http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html
 - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
+- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
 
 #### Github
 - https://github.com/8ctorres/SIND-Practicas

2015/CVE-2015-2808.md

@@ -18,6 +18,7 @@ The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not proper
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
 - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
 - http://www.securityfocus.com/bid/91787
+- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
 - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
 
 #### Github

2015/CVE-2015-3183.md

@@ -15,6 +15,7 @@ The chunked transfer coding implementation in the Apache HTTP Server before 2.4.
 - http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
 - http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
 - http://www.securityfocus.com/bid/91787
+- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
 
 #### Github
 - https://github.com/8ctorres/SIND-Practicas

2015/CVE-2015-4000.md

@@ -18,6 +18,7 @@ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a
 - http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
 - http://www.securityfocus.com/bid/91787
 - https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
+- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
 - https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
 - https://weakdh.org/
 - https://weakdh.org/imperfect-forward-secrecy.pdf

2018/CVE-2018-16149.md

@@ -10,6 +10,7 @@ In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 sig
 ### POC
 
 #### Reference
+- https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c
 - https://sourceforge.net/p/axtls/mailman/message/36459928/
 
 #### Github

2018/CVE-2018-16150.md

@@ -10,6 +10,7 @@ In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 sig
 ### POC
 
 #### Reference
+- https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c
 - https://sourceforge.net/p/axtls/mailman/message/36459928/
 
 #### Github

2018/CVE-2018-16253.md

@@ -10,6 +10,7 @@ In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 sig
 ### POC
 
 #### Reference
+- https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c
 - https://sourceforge.net/p/axtls/mailman/message/36459928/
 
 #### Github

2020/CVE-2020-18668.md

@@ -0,0 +1,17 @@
+### [CVE-2020-18668](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18668)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97996
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-38531.md

@@ -0,0 +1,17 @@
+### [CVE-2021-38531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38531)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, and AC2400 before 1.2.0.76.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000063769/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2019-0113
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-1141.md

@@ -1,7 +1,7 @@
 ### [CVE-2024-1141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1141)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.1&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.2&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Logging%20of%20Excessive%20Data&color=brighgreen)
 

2024/CVE-2024-1394.md

@@ -24,6 +24,8 @@
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20on%20AWS&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.1&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.2&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%208&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Container%20Storage%204&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Data%20Foundation%204&color=blue)

2024/CVE-2024-22026.md

@@ -0,0 +1,18 @@
+### [CVE-2024-22026](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22026)
+![](https://img.shields.io/static/v1?label=Product&message=EPMM&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=12.1.0.0%3C%2012.1.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/securekomodo/CVE-2024-22026
+

2024/CVE-2024-34082.md

@@ -10,7 +10,7 @@ Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-34224.md

@@ -10,7 +10,7 @@ Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Compu
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/dovankha/CVE-2024-34224
 
 #### Github
 - https://github.com/dovankha/CVE-2024-34224

2024/CVE-2024-34953.md

@@ -0,0 +1,22 @@
+### [CVE-2024-34953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34953)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file
+
+### POC
+
+#### Reference
+- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.assets/image-20240505161831080.png
+- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/dos_mmExhausted.md
+- https://github.com/Helson-S/FuzzyTesting/blob/master/ncmdump/dos_mmExhausted/poc/I7K9QM~F
+- https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted
+- https://github.com/Helson-S/FuzzyTesting/tree/master/ncmdump/dos_mmExhausted/poc
+- https://github.com/taurusxin/ncmdump/issues/19
+
+#### Github
+No PoCs found on GitHub currently.
+