Update Sun Jun 16 01:57:53 UTC 2024

trickest · Jun 16, 2024 · ae65f31 · ae65f31
1 parent 04add86
commit ae65f31
Show file tree

Hide file tree

Showing 8 changed files with 130 additions and 0 deletions.
diff --git a/2010/CVE-2010-3629.md b/2010/CVE-2010-3629.md
@@ -0,0 +1,17 @@
+### [CVE-2010-3629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
+
+### POC
+
+#### Reference
+- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7007
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2012/CVE-2012-1104.md b/2012/CVE-2012-1104.md
@@ -0,0 +1,17 @@
+### [CVE-2012-1104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1104)
+![](https://img.shields.io/static/v1?label=Product&message=phpCAS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20management%20of%20service%20proxying&color=brighgreen)
+
+### Description
+
+A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
+
+### POC
+
+#### Reference
+- https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2012/CVE-2012-1105.md b/2012/CVE-2012-1105.md
@@ -0,0 +1,17 @@
+### [CVE-2012-1105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1105)
+![](https://img.shields.io/static/v1?label=Product&message=php-pear-CAS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Debug%20log%20and%20proxy%20configuration%20session%20data%20stored%20in%20%2Ftmp%20without%20proper%20protection&color=brighgreen)
+
+### Description
+
+An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
+
+### POC
+
+#### Reference
+- https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-1000443.md b/2017/CVE-2017-1000443.md
@@ -0,0 +1,17 @@
+### [CVE-2017-1000443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000443)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.
+
+### POC
+
+#### Reference
+- https://github.com/Eleix/openhacker/issues/5
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2021/CVE-2021-21320.md b/2021/CVE-2021-21320.md
@@ -0,0 +1,17 @@
+### [CVE-2021-21320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21320)
+![](https://img.shields.io/static/v1?label=Product&message=matrix-react-sdk&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen)
+
+### Description
+
+matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.
+
+### POC
+
+#### Reference
+- https://www.npmjs.com/package/matrix-react-sdk
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-34073.md b/2024/CVE-2024-34073.md
@@ -0,0 +1,17 @@
+### [CVE-2024-34073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34073)
+![](https://img.shields.io/static/v1?label=Product&message=sagemaker-python-sdk&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.214.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
+
+### Description
+
+sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirements_path” parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value.
+
+### POC
+
+#### Reference
+- https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-38394.md b/2024/CVE-2024-38394.md
@@ -0,0 +1,19 @@
+### [CVE-2024-38394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38394)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+** DISPUTED ** Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
+
+### POC
+
+#### Reference
+- https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780
+- https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914
+- https://pulsesecurity.co.nz/advisories/usbguard-bypass
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -18383,6 +18383,7 @@ CVE-2010-3602 - http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.tx
 CVE-2010-3603 - http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf
 CVE-2010-3603 - http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt
 CVE-2010-3608 - http://packetstormsecurity.org/1009-exploits/wpquiz27-sql.txt
+CVE-2010-3629 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7007
 CVE-2010-3654 - http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
 CVE-2010-3658 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7225
 CVE-2010-3659 - https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/
@@ -21162,6 +21163,8 @@ CVE-2012-1059 - http://www.vulnerability-lab.com/get_content.php?id=407
 CVE-2012-1062 - http://www.vulnerability-lab.com/get_content.php?id=115
 CVE-2012-1063 - http://www.vulnerability-lab.com/get_content.php?id=115
 CVE-2012-1097 - http://www.openwall.com/lists/oss-security/2012/03/05/1
+CVE-2012-1104 - https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog
+CVE-2012-1105 - https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog
 CVE-2012-1110 - http://www.openwall.com/lists/oss-security/2012/03/05/15
 CVE-2012-1110 - http://www.openwall.com/lists/oss-security/2012/03/05/21
 CVE-2012-1110 - http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss
@@ -42345,6 +42348,7 @@ CVE-2017-1000432 - https://www.exploit-db.com/exploits/43462/
 CVE-2017-1000434 - https://cjc.im/advisories/0008/
 CVE-2017-1000434 - https://wpvulndb.com/vulnerabilities/8992
 CVE-2017-1000437 - https://github.com/marcobambini/gravity/issues/186
+CVE-2017-1000443 - https://github.com/Eleix/openhacker/issues/5
 CVE-2017-1000448 - https://github.com/structured-data/linter/issues/41
 CVE-2017-1000450 - https://github.com/opencv/opencv/issues/9723
 CVE-2017-1000452 - https://www.whitehats.nl/blog/xml-signature-wrapping-samlify
@@ -72071,6 +72075,7 @@ CVE-2021-21307 - http://packetstormsecurity.com/files/163864/Lucee-Administrator
 CVE-2021-21307 - https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
 CVE-2021-2131 - https://www.oracle.com/security-alerts/cpujan2021.html
 CVE-2021-21310 - https://github.com/nextauthjs/next-auth/security/advisories/GHSA-pg53-56cg-4m8q
+CVE-2021-21320 - https://www.npmjs.com/package/matrix-react-sdk
 CVE-2021-21322 - https://www.npmjs.com/package/fastify-http-proxy
 CVE-2021-21327 - http://packetstormsecurity.com/files/161680/GLPI-9.5.3-Unsafe-Reflection.html
 CVE-2021-21337 - http://packetstormsecurity.com/files/162911/Products.PluggableAuthService-2.6.0-Open-Redirect.html
@@ -97192,6 +97197,7 @@ CVE-2024-34063 - https://github.com/matrix-org/vodozemac/commit/297548cad4016ce4
 CVE-2024-34065 - https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc
 CVE-2024-3407 - https://wpscan.com/vulnerability/262348ab-a335-4acf-8e4d-229fc0b4972f/
 CVE-2024-34070 - https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53
+CVE-2024-34073 - https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5
 CVE-2024-34075 - https://github.com/xiboon/kurwov/security/advisories/GHSA-hfrv-h3q8-9jpr
 CVE-2024-34082 - https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69
 CVE-2024-34196 - https://gist.github.com/Swind1er/1ec2fde42254598a72f1d716f9cfe2a1
@@ -97502,6 +97508,9 @@ CVE-2024-3822 - https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d77
 CVE-2024-3823 - https://wpscan.com/vulnerability/a138215c-4b8c-4182-978f-d21ce25070d3/
 CVE-2024-3824 - https://wpscan.com/vulnerability/749ae334-b1d1-421e-a04c-35464c961a4a/
 CVE-2024-3837 - https://issues.chromium.org/issues/41491379
+CVE-2024-38394 - https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780
+CVE-2024-38394 - https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914
+CVE-2024-38394 - https://pulsesecurity.co.nz/advisories/usbguard-bypass
 CVE-2024-3844 - https://issues.chromium.org/issues/40058873
 CVE-2024-3846 - https://issues.chromium.org/issues/40064754
 CVE-2024-3850 - https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01