-
Notifications
You must be signed in to change notification settings - Fork 776
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d3630e9
commit a4770ee
Showing
13 changed files
with
168 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2011-0421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2011-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1153) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2011-1464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1464) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2011-1466](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1466) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2011-1467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1467) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2011-1469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1469) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2011-1470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1470) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:052 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2020-35830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35830) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kb.netgear.com/000062672/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0507 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-27935](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27935) | ||
![](https://img.shields.io/static/v1?label=Product&message=deno&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.35.1%2C%20%3C%201.36.3%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-488%3A%20Exposure%20of%20Data%20Element%20to%20Wrong%20Session&color=brighgreen) | ||
|
||
### Description | ||
|
||
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters