Update Sat May 11 10:07:44 UTC 2024

trickest · May 11, 2024 · e1f0c0a · e1f0c0a
1 parent 0620641
commit e1f0c0a
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 1 deletion.
diff --git a/2018/CVE-2018-10858.md b/2018/CVE-2018-10858.md
@@ -11,6 +11,7 @@ A heap-buffer overflow was found in the way samba clients processed extra long f
 
 #### Reference
 - https://kc.mcafee.com/corporate/index?page=content&id=SB10284
+- https://usn.ubuntu.com/3738-1/
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2018/CVE-2018-10918.md b/2018/CVE-2018-10918.md
@@ -0,0 +1,17 @@
+### [CVE-2018-10918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10918)
+![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476&color=brighgreen)
+
+### Description
+
+A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.
+
+### POC
+
+#### Reference
+- https://usn.ubuntu.com/3738-1/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-10919.md b/2018/CVE-2018-10919.md
@@ -0,0 +1,17 @@
+### [CVE-2018-10919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919)
+![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203&color=brighgreen)
+
+### Description
+
+The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
+
+### POC
+
+#### Reference
+- https://usn.ubuntu.com/3738-1/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-1139.md b/2018/CVE-2018-1139.md
@@ -0,0 +1,17 @@
+### [CVE-2018-1139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139)
+![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen)
+
+### Description
+
+A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
+
+### POC
+
+#### Reference
+- https://usn.ubuntu.com/3738-1/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-5489.md b/2019/CVE-2019-5489.md
@@ -10,6 +10,7 @@ The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13
 ### POC
 
 #### Reference
+- https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
 - https://seclists.org/bugtraq/2019/Jun/26
 - https://www.oracle.com/security-alerts/cpujul2020.html
 - https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/

diff --git a/2024/CVE-2024-28434.md b/2024/CVE-2024-28434.md
@@ -10,7 +10,7 @@ The CRM platform Twenty is vulnerable to stored cross site scripting via file up
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

diff --git a/references.txt b/references.txt
@@ -48221,6 +48221,7 @@ CVE-2018-10832 - http://packetstormsecurity.com/files/147573/ModbusPal-1.6b-XML-
 CVE-2018-10832 - https://www.exploit-db.com/exploits/44607/
 CVE-2018-10853 - https://usn.ubuntu.com/3777-1/
 CVE-2018-10858 - https://kc.mcafee.com/corporate/index?page=content&id=SB10284
+CVE-2018-10858 - https://usn.ubuntu.com/3738-1/
 CVE-2018-1087 - http://www.openwall.com/lists/oss-security/2018/05/08/5
 CVE-2018-10872 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
 CVE-2018-10872 - https://www.oracle.com/security-alerts/cpujul2020.html
@@ -48245,6 +48246,8 @@ CVE-2018-10901 - https://help.ecostruxureit.com/display/public/UADCE725/Security
 CVE-2018-10901 - https://www.oracle.com/security-alerts/cpujul2020.html
 CVE-2018-10903 - https://usn.ubuntu.com/3720-1/
 CVE-2018-10906 - https://www.exploit-db.com/exploits/45106/
+CVE-2018-10918 - https://usn.ubuntu.com/3738-1/
+CVE-2018-10919 - https://usn.ubuntu.com/3738-1/
 CVE-2018-1093 - https://bugzilla.kernel.org/show_bug.cgi?id=199181
 CVE-2018-10933 - https://www.exploit-db.com/exploits/45638/
 CVE-2018-10933 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
@@ -48620,6 +48623,7 @@ CVE-2018-11366 - https://wpvulndb.com/vulnerabilities/9088
 CVE-2018-11371 - https://github.com/zorlan/skycaiji/issues/9
 CVE-2018-11372 - https://github.com/hi-KK/CVE-Hunter/blob/master/1.md
 CVE-2018-11373 - https://github.com/hi-KK/CVE-Hunter/blob/master/2.md
+CVE-2018-1139 - https://usn.ubuntu.com/3738-1/
 CVE-2018-11392 - http://packetstormsecurity.com/files/147878/PHP-Login-And-User-Management-4.1.0-Shell-Upload.html
 CVE-2018-11396 - https://bugzilla.gnome.org/show_bug.cgi?id=795740
 CVE-2018-11403 - https://www.exploit-db.com/exploits/44782/
@@ -61005,6 +61009,7 @@ CVE-2019-5485 - http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0
 CVE-2019-5485 - https://hackerone.com/reports/685447
 CVE-2019-5486 - https://hackerone.com/reports/617896
 CVE-2019-5487 - https://hackerone.com/reports/692252
+CVE-2019-5489 - https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
 CVE-2019-5489 - https://seclists.org/bugtraq/2019/Jun/26
 CVE-2019-5489 - https://www.oracle.com/security-alerts/cpujul2020.html
 CVE-2019-5489 - https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/
@@ -94972,6 +94977,7 @@ CVE-2024-28429 - https://github.com/itsqian797/cms/blob/main/2.md
 CVE-2024-28430 - https://github.com/itsqian797/cms/blob/main/1.md
 CVE-2024-28431 - https://github.com/itsqian797/cms/blob/main/3.md
 CVE-2024-28432 - https://github.com/itsqian797/cms/blob/main/4.md
+CVE-2024-28434 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434
 CVE-2024-28435 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435
 CVE-2024-28441 - https://github.com/iamHuFei/HVVault/blob/main/webapp/%E9%AD%94%E6%96%B9%E7%BD%91%E8%A1%A8/magicflu-mailupdate-jsp-fileupload.md
 CVE-2024-28442 - https://medium.com/@deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227