Update Thu Feb 15 10:17:13 UTC 2024

2020/CVE-2020-36609.md

@@ -11,6 +11,7 @@ A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as prob
 
 #### Reference
 - https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG
+- https://vuldb.com/?id.215115
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2020-36609

2021/CVE-2021-29633.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29633)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-29634.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29634)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-29635.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29635](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29635)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-29636.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29636)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-29637.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29637)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-29638.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29638)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-29639.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29639)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-29640.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29640)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-30554.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2021/CVE-2021-37973.md

@@ -16,4 +16,5 @@ No PoCs from references.
 - https://github.com/Advisory-Newsletter/Blackmatter
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2021/CVE-2021-38000.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2022/CVE-2022-0609.md

@@ -16,4 +16,5 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2022/CVE-2022-23084.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23084](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23084)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RC1%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin.  This time-of-check to time-of-use bug could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23085.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23085)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RC1%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow.  This insufficient bounds checking could lead to kernel memory corruption.On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23086.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23086)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RC1%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header.  Other heap content would be overwritten if the specified size was too small.Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation.  Note that the device node is only accessible to root and members of the operator group.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23087.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23087)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RC1%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted.  These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO").  The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets.When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer.  The offset was not validated for certain packet types.A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context.The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23088.md

@@ -0,0 +1,19 @@
+### [CVE-2022-23088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23088)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RC1%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/WinMin/Protocol-Vul
+- https://github.com/chibataiki/WiFi-Security
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23089.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23089)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RELEASE%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23090.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23090)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RELEASE%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.An attacker may cause the reference count to overflow, leading to a use after free (UAF).
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23091.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23091)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RELEASE%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A particular case of memory sharing is mishandled in the virtual memory system.  This is very similar to SA-21:08.vm, but with a different root cause.An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23092.md

@@ -0,0 +1,17 @@
+### [CVE-2022-23092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23092)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RELEASE%3C%20p1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents.  The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process.  This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-23093.md

@@ -0,0 +1,19 @@
+### [CVE-2022-23093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23093)
+![](https://img.shields.io/static/v1?label=Product&message=FreeBSD&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=13.1-RELEASE%3C%20p5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+ping reads raw IP packets from the network to process responses in the pr_pack() function.  As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error.  The quoted packet again has an IP header and an ICMP header.The pr_pack() copies received IP and ICMP headers into stack buffers for further processing.  In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet.  When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash.The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/H4lo/awesome-IoT-security-article
+- https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/k0imet/pyfetch
+

2022/CVE-2022-27645.md

@@ -0,0 +1,17 @@
+### [CVE-2022-27645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27645)
+![](https://img.shields.io/static/v1?label=Product&message=R6700v3&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%3A%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)
+
+### Description
+
+This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-2856.md

@@ -16,5 +16,6 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/karimhabush/cyberowl
 

2022/CVE-2022-3038.md

@@ -16,4 +16,5 @@ Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowe
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2022/CVE-2022-3075.md

@@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/karimhabush/cyberowl
 - https://github.com/wh1ant/vulnjs