-
Notifications
You must be signed in to change notification settings - Fork 799
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
04add86
commit ae65f31
Showing
8 changed files
with
130 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2010-3629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7007 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2012-1104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1104) | ||
![](https://img.shields.io/static/v1?label=Product&message=phpCAS&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20management%20of%20service%20proxying&color=brighgreen) | ||
|
||
### Description | ||
|
||
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2012-1105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1105) | ||
![](https://img.shields.io/static/v1?label=Product&message=php-pear-CAS&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Debug%20log%20and%20proxy%20configuration%20session%20data%20stored%20in%20%2Ftmp%20without%20proper%20protection&color=brighgreen) | ||
|
||
### Description | ||
|
||
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2017-1000443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000443) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://github.com/Eleix/openhacker/issues/5 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-21320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21320) | ||
![](https://img.shields.io/static/v1?label=Product&message=matrix-react-sdk&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen) | ||
|
||
### Description | ||
|
||
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://www.npmjs.com/package/matrix-react-sdk | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2024-34073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34073) | ||
![](https://img.shields.io/static/v1?label=Product&message=sagemaker-python-sdk&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.214.3%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) | ||
|
||
### Description | ||
|
||
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirements_path” parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### [CVE-2024-38394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38394) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
** DISPUTED ** Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE." | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780 | ||
- https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914 | ||
- https://pulsesecurity.co.nz/advisories/usbguard-bypass | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters