Skip to content

Commit

Permalink
Update Fri Mar 8 10:00:17 UTC 2024
Browse files Browse the repository at this point in the history
  • Loading branch information
@trickest-workflows
trickest-workflows committed Mar 8, 2024
1 parent 6ca44ba commit d7381fd
Show file tree
Hide file tree
Showing 48 changed files with 773 additions and 7 deletions.
17 changes: 17 additions & 0 deletions 2019/CVE-2019-6268.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2019-6268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6268)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.

### POC

#### Reference
- https://packetstormsecurity.com/files/177440/RAD-SecFlow-2-Path-Traversal.html

#### Github
No PoCs found on GitHub currently.

1 change: 1 addition & 0 deletions 2020/CVE-2020-5395.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,5 @@ No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-5395
- https://github.com/fkie-cad/nvd-json-data-feeds

1 change: 1 addition & 0 deletions 2020/CVE-2020-5496.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,5 @@ No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-5496
- https://github.com/fkie-cad/nvd-json-data-feeds

17 changes: 17 additions & 0 deletions 2024/CVE-2024-1987.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-1987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1987)
![](https://img.shields.io/static/v1?label=Product&message=WP-Members%20Membership%20Plugin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.4.9.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-80%20Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brighgreen)

### Description

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

1 change: 1 addition & 0 deletions 2024/CVE-2024-21338.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ Windows Kernel Elevation of Privilege Vulnerability
- https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/

#### Github
- https://github.com/crackmapEZec/CVE-2024-21338-POC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/gogobuster/CVE-2024-21338-POC
- https://github.com/nomi-sec/PoC-in-GitHub
Expand Down
1 change: 1 addition & 0 deletions 2024/CVE-2024-21762.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ No PoCs from references.
- https://github.com/BishopFox/cve-2024-21762-check
- https://github.com/Gh71m/CVE-2024-21762-POC
- https://github.com/Ostorlab/KEV
- https://github.com/RequestXss/CVE-2024-21762-Exploit-POC
- https://github.com/c0d3b3af/CVE-2024-21762-Exploit
- https://github.com/c0d3b3af/CVE-2024-21762-POC
- https://github.com/cvefeed/cvefeed.io
Expand Down
17 changes: 17 additions & 0 deletions 2024/CVE-2024-2277.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-2277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2277)
![](https://img.shields.io/static/v1?label=Product&message=G-Prescription%20Gynaecology%20%26%20OBS%20Consultation%20Software&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen)

### Description

A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

### POC

#### Reference
- https://vuldb.com/?id.256046

#### Github
No PoCs found on GitHub currently.

17 changes: 17 additions & 0 deletions 2024/CVE-2024-2281.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-2281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2281)
![](https://img.shields.io/static/v1?label=Product&message=Automated-Mess-Management-System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Controls&color=brighgreen)

### Description

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

17 changes: 17 additions & 0 deletions 2024/CVE-2024-2282.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-2282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2282)
![](https://img.shields.io/static/v1?label=Product&message=Automated-Mess-Management-System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

### POC

#### Reference
- https://vuldb.com/?id.256049

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

17 changes: 17 additions & 0 deletions 2024/CVE-2024-2283.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-2283](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2283)
![](https://img.shields.io/static/v1?label=Product&message=Automated-Mess-Management-System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

17 changes: 17 additions & 0 deletions 2024/CVE-2024-2284.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-2284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2284)
![](https://img.shields.io/static/v1?label=Product&message=Automated-Mess-Management-System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)

### Description

A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

### POC

#### Reference
- https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-chat.php%20.md

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

17 changes: 17 additions & 0 deletions 2024/CVE-2024-2285.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-2285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2285)
![](https://img.shields.io/static/v1?label=Product&message=Automated-Mess-Management-System&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)

### Description

A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

23 changes: 23 additions & 0 deletions 2024/CVE-2024-23201.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
### [CVE-2024-23201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23201)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2010.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2012.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20cause%20a%20denial-of-service&color=brighgreen)

### Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/kohnakagawa/kohnakagawa

7 changes: 2 additions & 5 deletions 2024/CVE-2024-23222.md
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,14 @@
### [CVE-2024-23222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23222)
![](https://img.shields.io/static/v1?label=Product&message=Safari&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2013.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20maliciously%20crafted%20web%20content%20may%20lead%20to%20arbitrary%20code%20execution.%20Apple%20is%20aware%20of%20a%20report%20that%20this%20issue%20may%20have%20been%20exploited.&color=brighgreen)

### Description

A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3, visionOS 1.0.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

### POC

Expand Down
17 changes: 17 additions & 0 deletions 2024/CVE-2024-23276.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-23276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23276)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2012.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20elevate%20privileges&color=brighgreen)

### Description

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

19 changes: 19 additions & 0 deletions 2024/CVE-2024-23277.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
### [CVE-2024-23277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23277)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20attacker%20in%20a%20privileged%20network%20position%20may%20be%20able%20to%20inject%20keystrokes%20by%20spoofing%20a%20keyboard&color=brighgreen)

### Description

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

22 changes: 22 additions & 0 deletions 2024/CVE-2024-23278.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
### [CVE-2024-23278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23278)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2010.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2013.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20break%20out%20of%20its%20sandbox&color=brighgreen)

### Description

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

17 changes: 17 additions & 0 deletions 2024/CVE-2024-23279.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-23279](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23279)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20access%20user-sensitive%20data&color=brighgreen)

### Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

23 changes: 23 additions & 0 deletions 2024/CVE-2024-23280.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
### [CVE-2024-23280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23280)
![](https://img.shields.io/static/v1?label=Product&message=Safari&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2010.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20maliciously%20crafted%20webpage%20may%20be%20able%20to%20fingerprint%20the%20user&color=brighgreen)

### Description

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

17 changes: 17 additions & 0 deletions 2024/CVE-2024-23281.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-23281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23281)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20access%20sensitive%20user%20data&color=brighgreen)

### Description

This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. An app may be able to access sensitive user data.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

19 changes: 19 additions & 0 deletions 2024/CVE-2024-23283.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
### [CVE-2024-23283](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23283)
![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2012.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2016.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20access%20user-sensitive%20data&color=brighgreen)

### Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds

Loading

0 comments on commit d7381fd

Please sign in to comment.