Update Fri Apr 19 18:03:23 UTC 2024

trickest · Apr 19, 2024 · 980554f · 980554f
1 parent 2bee5ab
commit 980554f
Show file tree

Hide file tree

Showing 23 changed files with 211 additions and 41 deletions.
diff --git a/2007/CVE-2007-1069.md b/2007/CVE-2007-1069.md
@@ -0,0 +1,17 @@
+### [CVE-2007-1069](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1069)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).
+
+### POC
+
+#### Reference
+- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2007/CVE-2007-1337.md b/2007/CVE-2007-1337.md
@@ -0,0 +1,17 @@
+### [CVE-2007-1337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1337)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.
+
+### POC
+
+#### Reference
+- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2007/CVE-2007-1744.md b/2007/CVE-2007-1744.md
@@ -0,0 +1,17 @@
+### [CVE-2007-1744](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1744)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
+
+### POC
+
+#### Reference
+- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2007/CVE-2007-1876.md b/2007/CVE-2007-1876.md
@@ -0,0 +1,17 @@
+### [CVE-2007-1876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1876)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."
+
+### POC
+
+#### Reference
+- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2007/CVE-2007-1877.md b/2007/CVE-2007-1877.md
@@ -0,0 +1,17 @@
+### [CVE-2007-1877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1877)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.
+
+### POC
+
+#### Reference
+- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2021/CVE-2021-41526.md b/2021/CVE-2021-41526.md
@@ -10,7 +10,7 @@ A vulnerability has been reported in the windows installer (MSI) built with Inst
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://seclists.org/fulldisclosure/2024/Apr/24
 
 #### Github
 - https://github.com/RonnieSalomonsen/My-CVEs

diff --git a/2024/CVE-2024-0684.md b/2024/CVE-2024-0684.md
@@ -1,10 +1,5 @@
 ### [CVE-2024-0684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0684)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=coreutils&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen)
 

diff --git a/2024/CVE-2024-0690.md b/2024/CVE-2024-0690.md
@@ -1,12 +1,8 @@
 ### [CVE-2024-0690](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0690)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux%208&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora%2038&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora%2039&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.4%20for%20RHEL%208&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.4%20for%20RHEL%209&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=ansible&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Output%20Neutralization%20for%20Logs&color=brighgreen)
 

diff --git a/2024/CVE-2024-0911.md b/2024/CVE-2024-0911.md
@@ -1,9 +1,5 @@
 ### [CVE-2024-0911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0911)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=indent&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen)
 

diff --git a/2024/CVE-2024-1675.md b/2024/CVE-2024-1675.md
@@ -10,7 +10,7 @@ Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://issues.chromium.org/issues/41486208
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

diff --git a/2024/CVE-2024-25978.md b/2024/CVE-2024-25978.md
@@ -1,8 +1,5 @@
 ### [CVE-2024-25978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25978)
-![](https://img.shields.io/static/v1?label=Product&message=4.2.6&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20Resource%20Consumption&color=brighgreen)
 

diff --git a/2024/CVE-2024-25979.md b/2024/CVE-2024-25979.md
@@ -1,8 +1,5 @@
 ### [CVE-2024-25979](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25979)
-![](https://img.shields.io/static/v1?label=Product&message=4.2.6&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Handling%20of%20Parameters&color=brighgreen)
 

diff --git a/2024/CVE-2024-25980.md b/2024/CVE-2024-25980.md
@@ -1,8 +1,5 @@
 ### [CVE-2024-25980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25980)
-![](https://img.shields.io/static/v1?label=Product&message=4.2.6&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control&color=brighgreen)
 

diff --git a/2024/CVE-2024-25981.md b/2024/CVE-2024-25981.md
@@ -1,8 +1,5 @@
 ### [CVE-2024-25981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25981)
-![](https://img.shields.io/static/v1?label=Product&message=4.2.6&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control&color=brighgreen)
 

diff --git a/2024/CVE-2024-25982.md b/2024/CVE-2024-25982.md
@@ -1,8 +1,5 @@
 ### [CVE-2024-25982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25982)
-![](https://img.shields.io/static/v1?label=Product&message=4.2.6&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
 

diff --git a/2024/CVE-2024-25983.md b/2024/CVE-2024-25983.md
@@ -1,8 +1,5 @@
 ### [CVE-2024-25983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25983)
-![](https://img.shields.io/static/v1?label=Product&message=4.2.6&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Extra%20Packages%20for%20Enterprise%20Linux&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
-![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)
 

diff --git a/2024/CVE-2024-29028.md b/2024/CVE-2024-29028.md
@@ -0,0 +1,17 @@
+### [CVE-2024-29028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29028)
+![](https://img.shields.io/static/v1?label=Product&message=memos&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.16.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
+
+### Description
+
+memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
+
+### POC
+
+#### Reference
+- https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-29029.md b/2024/CVE-2024-29029.md
@@ -0,0 +1,18 @@
+### [CVE-2024-29029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29029)
+![](https://img.shields.io/static/v1?label=Product&message=memos&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.13.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
+
+### Description
+
+memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability.
+
+### POC
+
+#### Reference
+- https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-29030.md b/2024/CVE-2024-29030.md
@@ -0,0 +1,17 @@
+### [CVE-2024-29030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29030)
+![](https://img.shields.io/static/v1?label=Product&message=memos&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.13.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
+
+### Description
+
+memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network.
+
+### POC
+
+#### Reference
+- https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-29183.md b/2024/CVE-2024-29183.md
@@ -0,0 +1,17 @@
+### [CVE-2024-29183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29183)
+![](https://img.shields.io/static/v1?label=Product&message=openrasp&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D1.3.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account.
+
+### POC
+
+#### Reference
+- https://securitylab.github.com/advisories/GHSL-2023-253_openrasp
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-31846.md b/2024/CVE-2024-31846.md
@@ -0,0 +1,17 @@
+### [CVE-2024-31846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31846)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
+
+### POC
+
+#### Reference
+- https://www.gruppotim.it/it/footer/red-team.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-32166.md b/2024/CVE-2024-32166.md
@@ -0,0 +1,17 @@
+### [CVE-2024-32166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32166)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation).
+
+### POC
+
+#### Reference
+- https://github.com/Fewword/Poc/blob/main/webid/webid-poc14.md
+
+#### Github
+No PoCs found on GitHub currently.
+