Update Thu May 16 02:07:32 UTC 2024

2017/CVE-2017-12154.md

@@ -11,6 +11,7 @@ The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.
 
 #### Reference
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 
 #### Github
 No PoCs found on GitHub currently.

2017/CVE-2017-12193.md

@@ -11,6 +11,7 @@ The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the L
 
 #### Reference
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 
 #### Github
 No PoCs found on GitHub currently.

2017/CVE-2017-15265.md

@@ -12,6 +12,7 @@ Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows lo
 #### Reference
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 - https://www.oracle.com/security-alerts/cpujul2020.html
 
 #### Github

2018/CVE-2018-1130.md

@@ -11,6 +11,7 @@ Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference
 
 #### Reference
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-3665.md

@@ -13,6 +13,7 @@ System software utilizing Lazy FP state restore technique on systems using Intel
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
 - https://usn.ubuntu.com/3696-1/
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 - https://www.oracle.com/security-alerts/cpujul2020.html
 
 #### Github

2018/CVE-2018-5750.md

@@ -11,6 +11,7 @@ The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel throu
 
 #### Reference
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-5803.md

@@ -11,6 +11,7 @@ In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and
 
 #### Reference
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 - https://www.spinics.net/lists/netdev/msg482523.html
 
 #### Github

2018/CVE-2018-6927.md

@@ -11,6 +11,7 @@ The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15
 
 #### Reference
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2018/CVE-2018-7755.md

@@ -12,6 +12,7 @@ An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.
 #### Reference
 - https://usn.ubuntu.com/3696-1/
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2018/CVE-2018-7757.md

@@ -11,6 +11,7 @@ Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_ex
 
 #### Reference
 - https://usn.ubuntu.com/3698-1/
+- https://usn.ubuntu.com/3698-2/
 
 #### Github
 No PoCs found on GitHub currently.

2019/CVE-2019-10063.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/hartwork/antijack
+- https://github.com/timothee-chauvin/eyeballvul
 

2019/CVE-2019-11461.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/hartwork/antijack
+- https://github.com/timothee-chauvin/eyeballvul
 

2019/CVE-2019-20636.md

@@ -15,4 +15,5 @@ In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds write
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/timothee-chauvin/eyeballvul
 

2020/CVE-2020-1938.md

@@ -188,6 +188,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc
 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
 - https://github.com/w4fz5uck5/CVE-2020-1938-Clean-Version
 - https://github.com/weeka10/-hktalent-TOP
+- https://github.com/whatboxapp/GhostCat-LFI-exp
 - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
 - https://github.com/woaiqiukui/CVE-2020-1938TomcatAjpScanner
 - https://github.com/woodpecker-appstore/tomcat-vuldb

2020/CVE-2020-23064.md

@@ -1,11 +1,11 @@
 ### [CVE-2020-23064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23064)
 ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
 
 ### Description
 
-Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
+** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
 
 ### POC
 

2024/CVE-2024-0741.md

@@ -13,7 +13,7 @@ An out of bounds write in ANGLE could have allowed an attacker to corrupt memory
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1864587
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-0745.md

@@ -0,0 +1,17 @@
+### [CVE-2024-0745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0745)
+![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20122%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack%20buffer%20overflow%20in%20WebAudio&color=brighgreen)
+
+### Description
+
+The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.
+
+### POC
+
+#### Reference
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1871838
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-0750.md

@@ -13,7 +13,7 @@ A bug in popup notifications delay calculation could have made it possible for a
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://bugzilla.mozilla.org/show_bug.cgi?id=1863083
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-1520.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1520)
+![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command&color=brighgreen)
+
+### Description
+
+An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/timothee-chauvin/eyeballvul
+

2024/CVE-2024-1522.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1522)
+![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/timothee-chauvin/eyeballvul
+

2024/CVE-2024-1569.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1569)
+![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
+
+### Description
+
+parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/timothee-chauvin/eyeballvul
+

2024/CVE-2024-1600.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1600)
+![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-98%20Improper%20Control%20of%20Filename%20for%20Include%2FRequire%20Statement%20in%20PHP%20Program%20('PHP%20Remote%20File%20Inclusion')&color=brighgreen)
+
+### Description
+
+A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/timothee-chauvin/eyeballvul
+

2024/CVE-2024-1601.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1601)
+![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command&color=brighgreen)
+
+### Description
+
+An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` function. By sending a specially crafted payload in the 'id' parameter, an attacker can manipulate SQL queries to delete all records from the 'discussion' and 'message' tables. This issue is due to improper neutralization of special elements used in an SQL command.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/timothee-chauvin/eyeballvul
+

2024/CVE-2024-1646.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1646)
+![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen)
+
+### Description
+
+parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/timothee-chauvin/eyeballvul
+

2024/CVE-2024-22353.md

@@ -1,11 +1,11 @@
 ### [CVE-2024-22353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22353)
 ![](https://img.shields.io/static/v1?label=Product&message=WebSphere%20Application%20Server%20Liberty&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=17.0.0.3%3C%3D%2024.0.0.3%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=17.0.0.3%3C%3D%2024.0.0.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen)
 
 ### Description
 
-IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  280400.
+IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.  IBM X-Force ID:  280400.
 
 ### POC
 

2024/CVE-2024-25078.md

@@ -0,0 +1,17 @@
+### [CVE-2024-25078](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25078)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-25079.md

@@ -0,0 +1,17 @@
+### [CVE-2024-25079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25079)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-25641.md

@@ -0,0 +1,17 @@
+### [CVE-2024-25641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641)
+![](https://img.shields.io/static/v1?label=Product&message=cacti&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.27%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen)
+
+### Description
+
+Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/tanjiti/sec_profile
+

2024/CVE-2024-25743.md

@@ -0,0 +1,17 @@
+### [CVE-2024-25743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25743)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In the Linux kernel through 6.7.2, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ahoi-attacks/heckler
+

2024/CVE-2024-26026.md

@@ -13,6 +13,7 @@ An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (UR
 No PoCs from references.
 
 #### Github
+- https://github.com/GRTMALDET/Big-IP-Next-CVE-2024-26026
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/passwa11/CVE-2024-26026
 - https://github.com/wjlin0/poc-doc

2024/CVE-2024-27353.md

@@ -0,0 +1,17 @@
+### [CVE-2024-27353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27353)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-27460.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/Alaatk/CVE-2024-27460
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/xct/CVE-2024-27460