-
Notifications
You must be signed in to change notification settings - Fork 776
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5e2b5ab
commit 9cdab5a
Showing
35 changed files
with
334 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2017-7393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7393) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://github.com/TigerVNC/tigervnc/pull/438 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### [CVE-2018-2415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2415) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20Application%20Server%20(Engine%20API)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20Application%20Server%20(J2EE%20Engine%20Server%20Core)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%207.11%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20from%207.10%20to%207.11%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Content%20Spoofing&color=brighgreen) | ||
|
||
### Description | ||
|
||
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2018-2416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2416) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Identity%20Management&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=7.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20XML%20Validation&color=brighgreen) | ||
|
||
### Description | ||
|
||
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2018-2417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2417) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Identity%20Management&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%208.0%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen) | ||
|
||
### Description | ||
|
||
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2018-2418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2418) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20MaxDB%20ODBC%20driver&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20all%20versions%20before%207.9.09.07%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen) | ||
|
||
### Description | ||
|
||
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
### [CVE-2018-2419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2419) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Enterprise%20Financial%20Services%20(EA-FINSERV)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Enterprise%20Financial%20Services%20(S4CORE)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Enterprise%20Financial%20Services%20(SAPSCORE)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.01%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.11%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%206.04%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authorization%20Check&color=brighgreen) | ||
|
||
### Description | ||
|
||
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2018-2420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2420) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Internet%20Graphics%20Server%20(IGS)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%207.20%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Unrestricted%20File%20Upload&color=brighgreen) | ||
|
||
### Description | ||
|
||
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2018-2422](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2422) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Internet%20Graphics%20Server%20(IGS)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%207.20%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial-of-Service&color=brighgreen) | ||
|
||
### Description | ||
|
||
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2018-2423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2423) | ||
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Internet%20Graphics%20Server%20(IGS)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%207.20%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial-of-Service&color=brighgreen) | ||
|
||
### Description | ||
|
||
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
### [CVE-2024-22252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22252) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Fusion&color=blue) | ||
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workstation&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%205.x%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=13.x%3C%2013.5.1%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=17.x%3C%2017.5.1%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Version&message=8.0%20%3C%20ESXi80U2sb-23305545%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/crackmapEZec/CVE-2024-22252-POC | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-2319](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2319) | ||
![](https://img.shields.io/static/v1?label=Product&message=Django%20MarkdownX&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%204.0.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) | ||
|
||
### Description | ||
|
||
Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-26167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26167) | ||
![](https://img.shields.io/static/v1?label=Product&message=Microsoft%20Edge%20for%20Android&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Spoofing&color=brighgreen) | ||
|
||
### Description | ||
|
||
Microsoft Edge for Android Spoofing Vulnerability | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-27707](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27707) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. | ||
|
||
### POC | ||
|
||
#### Reference | ||
No PoCs from references. | ||
|
||
#### Github | ||
- https://github.com/fkie-cad/nvd-json-data-feeds | ||
|
Oops, something went wrong.