Update Mon Apr 29 18:06:03 UTC 2024

2017/CVE-2017-5753.md

@@ -19,6 +19,7 @@ Systems with microprocessors utilizing speculative execution and branch predicti
 - https://seclists.org/bugtraq/2019/Jun/36
 - https://spectreattack.com/
 - https://usn.ubuntu.com/3540-2/
+- https://usn.ubuntu.com/3541-1/
 - https://usn.ubuntu.com/3580-1/
 - https://www.exploit-db.com/exploits/43427/
 - https://www.kb.cert.org/vuls/id/180049

2017/CVE-2017-5754.md

@@ -18,6 +18,7 @@ Systems with microprocessors utilizing speculative execution and indirect branch
 - https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
 - https://meltdownattack.com/
 - https://usn.ubuntu.com/3540-2/
+- https://usn.ubuntu.com/usn/usn-3525-1/
 - https://www.kb.cert.org/vuls/id/180049
 - https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
 - https://www.oracle.com/security-alerts/cpuapr2020.html

2024/CVE-2024-0788.md

@@ -0,0 +1,17 @@
+### [CVE-2024-0788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0788)
+![](https://img.shields.io/static/v1?label=Product&message=SUPERAntiSpyware%20Pro%20X&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.0.1260%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)
+
+### Description
+
+SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.
+
+### POC
+
+#### Reference
+- https://fluidattacks.com/advisories/brubeck/
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-1460.md

@@ -10,7 +10,7 @@ MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://fluidattacks.com/advisories/mingus/
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-1753.md

@@ -1,6 +1,8 @@
 ### [CVE-2024-1753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Extended%20Update%20Support&color=blue)
 ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue)

2024/CVE-2024-2180.md

@@ -0,0 +1,17 @@
+### [CVE-2024-2180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2180)
+![](https://img.shields.io/static/v1?label=Product&message=AntiLogger&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%202.74.204.664%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen)
+
+### Description
+
+Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers
+
+### POC
+
+#### Reference
+- https://fluidattacks.com/advisories/gomez/
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-2505.md

@@ -0,0 +1,17 @@
+### [CVE-2024-2505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2505)
+![](https://img.shields.io/static/v1?label=Product&message=GamiPress%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.8.9%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+The GamiPress  WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical GamiPress  WordPress plugin before 6.8.9 configurations.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/9b3d6148-ecee-4e59-84a4-3b3e9898473b/
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-2760.md

@@ -10,7 +10,7 @@ Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vul
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://fluidattacks.com/advisories/kent/
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-30203.md

@@ -0,0 +1,17 @@
+### [CVE-2024-30203](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30203)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-30204.md

@@ -0,0 +1,17 @@
+### [CVE-2024-30204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30204)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-30205.md

@@ -5,7 +5,7 @@
 
 ### Description
 
-In Emacs before 29.3, Org mode considers contents of remote files to be trusted.
+In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
 
 ### POC
 

2024/CVE-2024-34020.md

@@ -0,0 +1,17 @@
+### [CVE-2024-34020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34020)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.
+
+### POC
+
+#### Reference
+- https://bugzilla.suse.com/show_bug.cgi?id=1223534
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -45876,6 +45876,7 @@ CVE-2017-5753 - https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWa
 CVE-2017-5753 - https://seclists.org/bugtraq/2019/Jun/36
 CVE-2017-5753 - https://spectreattack.com/
 CVE-2017-5753 - https://usn.ubuntu.com/3540-2/
+CVE-2017-5753 - https://usn.ubuntu.com/3541-1/
 CVE-2017-5753 - https://usn.ubuntu.com/3580-1/
 CVE-2017-5753 - https://www.exploit-db.com/exploits/43427/
 CVE-2017-5753 - https://www.kb.cert.org/vuls/id/180049
@@ -45890,6 +45891,7 @@ CVE-2017-5754 - https://help.ecostruxureit.com/display/public/UADCE725/Security+
 CVE-2017-5754 - https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
 CVE-2017-5754 - https://meltdownattack.com/
 CVE-2017-5754 - https://usn.ubuntu.com/3540-2/
+CVE-2017-5754 - https://usn.ubuntu.com/usn/usn-3525-1/
 CVE-2017-5754 - https://www.kb.cert.org/vuls/id/180049
 CVE-2017-5754 - https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
 CVE-2017-5754 - https://www.oracle.com/security-alerts/cpuapr2020.html
@@ -93167,6 +93169,7 @@ CVE-2024-0782 - https://vuldb.com/?id.251698
 CVE-2024-0783 - https://github.com/keru6k/Online-Admission-System-RCE-PoC
 CVE-2024-0783 - https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py
 CVE-2024-0784 - https://vuldb.com/?id.251700
+CVE-2024-0788 - https://fluidattacks.com/advisories/brubeck/
 CVE-2024-0795 - https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec
 CVE-2024-0799 - https://www.tenable.com/security/research/tra-2024-07
 CVE-2024-0800 - https://www.tenable.com/security/research/tra-2024-07
@@ -93282,6 +93285,7 @@ CVE-2024-1333 - https://wpscan.com/vulnerability/30546402-03b8-4e18-ad7e-04a6b55
 CVE-2024-1401 - https://wpscan.com/vulnerability/91064ba5-cf65-46e6-88df-0e4d96a3ef9f/
 CVE-2024-1432 - https://github.com/bayuncao/vul-cve-12
 CVE-2024-1455 - https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3
+CVE-2024-1460 - https://fluidattacks.com/advisories/mingus/
 CVE-2024-1481 - https://bugzilla.redhat.com/show_bug.cgi?id=2262169
 CVE-2024-1487 - https://wpscan.com/vulnerability/c028cd73-f30a-4c8b-870f-3071055f0496/
 CVE-2024-1526 - https://wpscan.com/vulnerability/1664697e-0ea3-4d09-b2fd-153a104ec255/
@@ -93465,6 +93469,7 @@ CVE-2024-21667 - https://github.com/pimcore/customer-data-framework/security/adv
 CVE-2024-2169 - https://kb.cert.org/vuls/id/417980
 CVE-2024-2169 - https://www.kb.cert.org/vuls/id/417980
 CVE-2024-21733 - http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html
+CVE-2024-2180 - https://fluidattacks.com/advisories/gomez/
 CVE-2024-21887 - http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html
 CVE-2024-21907 - https://alephsecurity.com/vulns/aleph-2018004
 CVE-2024-21907 - https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
@@ -93819,6 +93824,7 @@ CVE-2024-25004 - http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buf
 CVE-2024-25004 - http://seclists.org/fulldisclosure/2024/Feb/14
 CVE-2024-25004 - https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004
 CVE-2024-25007 - https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024
+CVE-2024-2505 - https://wpscan.com/vulnerability/9b3d6148-ecee-4e59-84a4-3b3e9898473b/
 CVE-2024-2509 - https://research.cleantalk.org/cve-2024-2509/
 CVE-2024-2509 - https://wpscan.com/vulnerability/dec4a632-e04b-4fdd-86e4-48304b892a4f/
 CVE-2024-25106 - https://github.com/openobserve/openobserve/security/advisories/GHSA-3m5f-9m66-xgp7
@@ -94080,6 +94086,7 @@ CVE-2024-27570 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_c
 CVE-2024-27571 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md
 CVE-2024-27572 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md
 CVE-2024-27592 - https://medium.com/@nicatabbasov00002/open-redirect-vulnerability-62986ccaf0f7
+CVE-2024-2760 - https://fluidattacks.com/advisories/kent/
 CVE-2024-2761 - https://wpscan.com/vulnerability/e092ccdc-7ea1-4937-97b7-4cdbff5e74e5/
 CVE-2024-27619 - https://www.dlink.com/en/security-bulletin/
 CVE-2024-27620 - https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html
@@ -94442,6 +94449,7 @@ CVE-2024-3376 - https://github.com/Sospiro014/zday1/blob/main/Execution_After_Re
 CVE-2024-3378 - https://vuldb.com/?submit.310642
 CVE-2024-33891 - https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3
 CVE-2024-33905 - https://medium.com/@pedbap/telegram-web-app-xss-session-hijacking-1-click-95acccdc8d90
+CVE-2024-34020 - https://bugzilla.suse.com/show_bug.cgi?id=1223534
 CVE-2024-3437 - https://vuldb.com/?id.259631
 CVE-2024-3529 - https://vuldb.com/?id.259899
 CVE-2024-3567 - https://gitlab.com/qemu-project/qemu/-/issues/2273