diff --git a/2018/CVE-2018-10858.md b/2018/CVE-2018-10858.md index ecd2864a83..693305e2d2 100644 --- a/2018/CVE-2018-10858.md +++ b/2018/CVE-2018-10858.md @@ -11,6 +11,7 @@ A heap-buffer overflow was found in the way samba clients processed extra long f #### Reference - https://kc.mcafee.com/corporate/index?page=content&id=SB10284 +- https://usn.ubuntu.com/3738-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-10918.md b/2018/CVE-2018-10918.md new file mode 100644 index 0000000000..f4db7e926c --- /dev/null +++ b/2018/CVE-2018-10918.md @@ -0,0 +1,17 @@ +### [CVE-2018-10918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10918) +![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476&color=brighgreen) + +### Description + +A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable. + +### POC + +#### Reference +- https://usn.ubuntu.com/3738-1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-10919.md b/2018/CVE-2018-10919.md new file mode 100644 index 0000000000..2409425738 --- /dev/null +++ b/2018/CVE-2018-10919.md @@ -0,0 +1,17 @@ +### [CVE-2018-10919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919) +![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203&color=brighgreen) + +### Description + +The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. + +### POC + +#### Reference +- https://usn.ubuntu.com/3738-1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-1139.md b/2018/CVE-2018-1139.md new file mode 100644 index 0000000000..aa43a40c60 --- /dev/null +++ b/2018/CVE-2018-1139.md @@ -0,0 +1,17 @@ +### [CVE-2018-1139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139) +![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen) + +### Description + +A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. + +### POC + +#### Reference +- https://usn.ubuntu.com/3738-1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-5489.md b/2019/CVE-2019-5489.md index 7c9cfd34f2..cb8c37f1f6 100644 --- a/2019/CVE-2019-5489.md +++ b/2019/CVE-2019-5489.md @@ -10,6 +10,7 @@ The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 ### POC #### Reference +- https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e - https://seclists.org/bugtraq/2019/Jun/26 - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/ diff --git a/2024/CVE-2024-28434.md b/2024/CVE-2024-28434.md index eabb92a112..6d239af621 100644 --- a/2024/CVE-2024-28434.md +++ b/2024/CVE-2024-28434.md @@ -10,7 +10,7 @@ The CRM platform Twenty is vulnerable to stored cross site scripting via file up ### POC #### Reference -No PoCs from references. +- https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/references.txt b/references.txt index fd07333cf0..84683b9e6e 100644 --- a/references.txt +++ b/references.txt @@ -48221,6 +48221,7 @@ CVE-2018-10832 - http://packetstormsecurity.com/files/147573/ModbusPal-1.6b-XML- CVE-2018-10832 - https://www.exploit-db.com/exploits/44607/ CVE-2018-10853 - https://usn.ubuntu.com/3777-1/ CVE-2018-10858 - https://kc.mcafee.com/corporate/index?page=content&id=SB10284 +CVE-2018-10858 - https://usn.ubuntu.com/3738-1/ CVE-2018-1087 - http://www.openwall.com/lists/oss-security/2018/05/08/5 CVE-2018-10872 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 CVE-2018-10872 - https://www.oracle.com/security-alerts/cpujul2020.html @@ -48245,6 +48246,8 @@ CVE-2018-10901 - https://help.ecostruxureit.com/display/public/UADCE725/Security CVE-2018-10901 - https://www.oracle.com/security-alerts/cpujul2020.html CVE-2018-10903 - https://usn.ubuntu.com/3720-1/ CVE-2018-10906 - https://www.exploit-db.com/exploits/45106/ +CVE-2018-10918 - https://usn.ubuntu.com/3738-1/ +CVE-2018-10919 - https://usn.ubuntu.com/3738-1/ CVE-2018-1093 - https://bugzilla.kernel.org/show_bug.cgi?id=199181 CVE-2018-10933 - https://www.exploit-db.com/exploits/45638/ CVE-2018-10933 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html @@ -48620,6 +48623,7 @@ CVE-2018-11366 - https://wpvulndb.com/vulnerabilities/9088 CVE-2018-11371 - https://github.com/zorlan/skycaiji/issues/9 CVE-2018-11372 - https://github.com/hi-KK/CVE-Hunter/blob/master/1.md CVE-2018-11373 - https://github.com/hi-KK/CVE-Hunter/blob/master/2.md +CVE-2018-1139 - https://usn.ubuntu.com/3738-1/ CVE-2018-11392 - http://packetstormsecurity.com/files/147878/PHP-Login-And-User-Management-4.1.0-Shell-Upload.html CVE-2018-11396 - https://bugzilla.gnome.org/show_bug.cgi?id=795740 CVE-2018-11403 - https://www.exploit-db.com/exploits/44782/ @@ -61005,6 +61009,7 @@ CVE-2019-5485 - http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0 CVE-2019-5485 - https://hackerone.com/reports/685447 CVE-2019-5486 - https://hackerone.com/reports/617896 CVE-2019-5487 - https://hackerone.com/reports/692252 +CVE-2019-5489 - https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e CVE-2019-5489 - https://seclists.org/bugtraq/2019/Jun/26 CVE-2019-5489 - https://www.oracle.com/security-alerts/cpujul2020.html CVE-2019-5489 - https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/ @@ -94972,6 +94977,7 @@ CVE-2024-28429 - https://github.com/itsqian797/cms/blob/main/2.md CVE-2024-28430 - https://github.com/itsqian797/cms/blob/main/1.md CVE-2024-28431 - https://github.com/itsqian797/cms/blob/main/3.md CVE-2024-28432 - https://github.com/itsqian797/cms/blob/main/4.md +CVE-2024-28434 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434 CVE-2024-28435 - https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435 CVE-2024-28441 - https://github.com/iamHuFei/HVVault/blob/main/webapp/%E9%AD%94%E6%96%B9%E7%BD%91%E8%A1%A8/magicflu-mailupdate-jsp-fileupload.md CVE-2024-28442 - https://medium.com/@deepsahu1/cve-2024-28442-yealink-ip-phone-webview-escape-leads-to-sensitive-file-disclosure-via-directory-686ef8f80227