Update Tue Jun 4 02:08:49 UTC 2024

2016/CVE-2016-1905.md

@@ -0,0 +1,17 @@
+### [CVE-2016-1905](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1905)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
+
+### POC
+
+#### Reference
+- https://github.com/kubernetes/kubernetes/issues/19479
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-1084.md

@@ -0,0 +1,17 @@
+### [CVE-2018-1084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1084)
+![](https://img.shields.io/static/v1?label=Product&message=corosync&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190&color=brighgreen)
+
+### Description
+
+corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10840.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10840)
+![](https://img.shields.io/static/v1?label=Product&message=heap-based%20buffer%20overflow%20in%20fs%2Fext4%2Fxattr.c&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122&color=brighgreen)
+
+### Description
+
+Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10841.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10841)
+![](https://img.shields.io/static/v1?label=Product&message=glusterfs&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20all%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288&color=brighgreen)
+
+### Description
+
+glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10843.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10843)
+![](https://img.shields.io/static/v1?label=Product&message=source-to-image&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen)
+
+### Description
+
+source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10844.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10844](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10844)
+![](https://img.shields.io/static/v1?label=Product&message=gnutls&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-385&color=brighgreen)
+
+### Description
+
+It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10845.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10845)
+![](https://img.shields.io/static/v1?label=Product&message=gnutls&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-385&color=brighgreen)
+
+### Description
+
+It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10846.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10846)
+![](https://img.shields.io/static/v1?label=Product&message=gnutls&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-385&color=brighgreen)
+
+### Description
+
+A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10847.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10847)
+![](https://img.shields.io/static/v1?label=Product&message=prosody&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-592&color=brighgreen)
+
+### Description
+
+prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10847
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-12312.md

@@ -0,0 +1,17 @@
+### [CVE-2019-12312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12312)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
+
+### POC
+
+#### Reference
+- https://github.com/libreswan/libreswan/issues/246
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-3899.md

@@ -0,0 +1,24 @@
+### [CVE-2021-3899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3899)
+![](https://img.shields.io/static/v1?label=Product&message=Apport&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.21.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
+
+### POC
+
+#### Reference
+- https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376
+
+#### Github
+- https://github.com/NaInSec/CVE-PoC-in-GitHub
+- https://github.com/WhooAmii/POC_to_review
+- https://github.com/k0mi-tg/CVE-POC
+- https://github.com/liumuqing/CVE-2021-3899_PoC
+- https://github.com/manas3c/CVE-POC
+- https://github.com/whoforget/CVE-POC
+- https://github.com/youwizard/CVE-POC
+- https://github.com/zecool/cve
+

2024/CVE-2024-34051.md

@@ -0,0 +1,17 @@
+### [CVE-2024-34051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34051)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.
+
+### POC
+
+#### Reference
+- https://blog.smarttecs.com/posts/2024-004-cve-2024-34051/
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-34987.md

@@ -0,0 +1,17 @@
+### [CVE-2024-34987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34987)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.
+
+### POC
+
+#### Reference
+- https://github.com/MarkLee131/PoCs/blob/main/CVE-2024-34987.md
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -37795,6 +37795,7 @@ CVE-2016-1903 - http://www.openwall.com/lists/oss-security/2016/01/14/8
 CVE-2016-1903 - https://bugs.php.net/bug.php?id=70976
 CVE-2016-1904 - http://www.openwall.com/lists/oss-security/2016/01/14/8
 CVE-2016-1904 - https://bugs.php.net/bug.php?id=71270
+CVE-2016-1905 - https://github.com/kubernetes/kubernetes/issues/19479
 CVE-2016-1906 - https://github.com/openshift/origin/pull/6576
 CVE-2016-1907 - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
 CVE-2016-1907 - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
@@ -48523,6 +48524,14 @@ CVE-2018-10830 - https://github.com/anhkgg/poc/tree/master/2345%20security%20gua
 CVE-2018-10830 - https://www.exploit-db.com/exploits/44615/
 CVE-2018-10832 - http://packetstormsecurity.com/files/147573/ModbusPal-1.6b-XML-External-Entity-Injection.html
 CVE-2018-10832 - https://www.exploit-db.com/exploits/44607/
+CVE-2018-1084 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084
+CVE-2018-10840 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840
+CVE-2018-10841 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841
+CVE-2018-10843 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10843
+CVE-2018-10844 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844
+CVE-2018-10845 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845
+CVE-2018-10846 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846
+CVE-2018-10847 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10847
 CVE-2018-10853 - https://usn.ubuntu.com/3777-1/
 CVE-2018-10858 - https://kc.mcafee.com/corporate/index?page=content&id=SB10284
 CVE-2018-10858 - https://usn.ubuntu.com/3738-1/
@@ -56616,6 +56625,7 @@ CVE-2019-1230 - https://portal.msrc.microsoft.com/en-US/security-guidance/adviso
 CVE-2019-12301 - https://jira.percona.com/browse/PS-5640
 CVE-2019-12301 - https://www.percona.com/blog/2019/05/17/percona-server-for-mysql-5-6-44-85-0-is-now-available/
 CVE-2019-12311 - https://medium.com/insidersec0x42/centraleyezer-unrestricted-file-upload-cve-2019-12311-7cad12e95165
+CVE-2019-12312 - https://github.com/libreswan/libreswan/issues/246
 CVE-2019-12314 - http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
 CVE-2019-12314 - https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt
 CVE-2019-12323 - http://hyp3rlinx.altervista.org
@@ -76803,6 +76813,7 @@ CVE-2021-38841 - https://www.exploit-db.com/exploits/50205
 CVE-2021-3888 - https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d
 CVE-2021-3889 - https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516
 CVE-2021-38926 - https://www.ibm.com/support/pages/node/6523808
+CVE-2021-3899 - https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376
 CVE-2021-3900 - https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76
 CVE-2021-3901 - https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464
 CVE-2021-3903 - https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
@@ -96236,6 +96247,7 @@ CVE-2024-3400 - https://security.paloaltonetworks.com/CVE-2024-3400
 CVE-2024-3400 - https://unit42.paloaltonetworks.com/cve-2024-3400/
 CVE-2024-34020 - https://bugzilla.suse.com/show_bug.cgi?id=1223534
 CVE-2024-3405 - https://wpscan.com/vulnerability/6968d43c-16ff-43a9-8451-71aabbe69014/
+CVE-2024-34051 - https://blog.smarttecs.com/posts/2024-004-cve-2024-34051/
 CVE-2024-34058 - https://www.openwall.com/lists/oss-security/2024/05/16/3
 CVE-2024-3406 - https://wpscan.com/vulnerability/1bfab060-64d2-4c38-8bc8-a8f81c5a6e0d/
 CVE-2024-34061 - https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-pwgc-w4x9-gw67
@@ -96354,6 +96366,7 @@ CVE-2024-34955 - https://github.com/ethicalhackerNL/CVEs/blob/main/Budget%20Mana
 CVE-2024-34957 - https://github.com/Gr-1m/cms/blob/main/1.md
 CVE-2024-34958 - https://github.com/Gr-1m/cms/blob/main/2.md
 CVE-2024-34974 - https://github.com/hunzi0/Vullnfo/tree/main/Tenda/AC18/formSetPPTPServer
+CVE-2024-34987 - https://github.com/MarkLee131/PoCs/blob/main/CVE-2024-34987.md
 CVE-2024-34997 - https://github.com/joblib/joblib/issues/1582
 CVE-2024-35009 - https://github.com/Thirtypenny77/cms/blob/main/5.md
 CVE-2024-35010 - https://github.com/Thirtypenny77/cms/blob/main/6.md