Update Mon Apr 22 02:02:04 UTC 2024

2010/CVE-2010-0601.md

@@ -0,0 +1,17 @@
+### [CVE-2010-0601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0601)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-0602.md

@@ -0,0 +1,17 @@
+### [CVE-2010-0602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0602)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-0603.md

@@ -0,0 +1,17 @@
+### [CVE-2010-0603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0603)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-0604.md

@@ -0,0 +1,17 @@
+### [CVE-2010-0604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0604)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-1561.md

@@ -0,0 +1,17 @@
+### [CVE-2010-1561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1561)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-1562.md

@@ -0,0 +1,17 @@
+### [CVE-2010-1562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1562)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-1563.md

@@ -0,0 +1,17 @@
+### [CVE-2010-1563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1563)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-1565.md

@@ -0,0 +1,17 @@
+### [CVE-2010-1565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1565)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-1567.md

@@ -0,0 +1,17 @@
+### [CVE-2010-1567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1567)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.
+
+### POC
+
+#### Reference
+- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-20695.md

@@ -0,0 +1,17 @@
+### [CVE-2019-20695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20695)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by disclosure of sensitive information. This affects SRK60 before 2.3.5.106, SRR60 before 2.3.5.106, and SRS60 before 2.3.5.106.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000061234/Security-Advisory-for-Sensitive-Information-Disclosure-on-Orbi-Pro-WiFi-System-PSV-2019-0158
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-16843.md

@@ -0,0 +1,17 @@
+### [CVE-2020-16843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16843)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered.
+
+### POC
+
+#### Reference
+- https://github.com/firecracker-microvm/firecracker/issues/2057
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-21503.md

@@ -0,0 +1,17 @@
+### [CVE-2021-21503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21503)
+![](https://img.shields.io/static/v1?label=Product&message=PowerScale%20OneFS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%208.1.2%2C%208.2.2%2C9.1.0.x%2CEMPIRE%20(9.2.0)%2C%20GOTHAM%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
+
+### Description
+
+PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.
+
+### POC
+
+#### Reference
+- https://www.dell.com/support/kbdoc/000183717
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-21506.md

@@ -0,0 +1,17 @@
+### [CVE-2021-21506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21506)
+![](https://img.shields.io/static/v1?label=Product&message=PowerScale%20OneFS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%208.1.2%2C%208.2.2%2C9.1.0.x%2CEMPIRE%20(9.2.0)%2C%20GOTHAM%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Other&color=brighgreen)
+
+### Description
+
+PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation.
+
+### POC
+
+#### Reference
+- https://www.dell.com/support/kbdoc/000183717
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-24655.md

@@ -0,0 +1,17 @@
+### [CVE-2022-24655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24655)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064615/Security-Advisory-for-Pre-Authentication-Command-Injection-on-EX6100v1-and-Pre-Authentication-Stack-Overflow-on-Multiple-Products-PSV-2021-0282-PSV-2021-0288
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -16676,6 +16676,10 @@ CVE-2010-0554 - http://www.redteam-pentesting.de/en/advisories/rt-sa-2010-003/-g
 CVE-2010-0555 - http://isc.sans.org/diary.html?n&storyid=8152
 CVE-2010-0555 - http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag
 CVE-2010-0565 - https://exchange.xforce.ibmcloud.com/vulnerabilities/56339
+CVE-2010-0601 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+CVE-2010-0602 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+CVE-2010-0603 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+CVE-2010-0604 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
 CVE-2010-0605 - http://osticket.com/forums/project.php?issueid=176
 CVE-2010-0605 - http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf
 CVE-2010-0605 - http://www.exploit-db.com/exploits/11380
@@ -17234,6 +17238,11 @@ CVE-2010-1549 - https://www.exploit-db.com/exploits/43411/
 CVE-2010-1552 - http://securityreason.com/securityalert/8157
 CVE-2010-1553 - http://securityreason.com/securityalert/8153
 CVE-2010-1554 - http://securityreason.com/securityalert/8154
+CVE-2010-1561 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+CVE-2010-1562 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+CVE-2010-1563 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+CVE-2010-1565 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
+CVE-2010-1567 - http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml
 CVE-2010-1583 - http://www.exploit-db.com/exploits/12452
 CVE-2010-1583 - http://www.madirish.net/?article=456
 CVE-2010-1584 - http://drupal.org/node/794718
@@ -59193,6 +59202,7 @@ CVE-2019-20688 - https://kb.netgear.com/000061451/Security-Advisory-for-Post-Aut
 CVE-2019-20689 - https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132
 CVE-2019-20690 - https://kb.netgear.com/000061449/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-and-Gateways-PSV-2018-0073
 CVE-2019-20693 - https://kb.netgear.com/000061236/Security-Advisory-for-Security-Misconfiguration-on-WAC505-and-WAC510-PSV-2019-0084
+CVE-2019-20695 - https://kb.netgear.com/000061234/Security-Advisory-for-Sensitive-Information-Disclosure-on-Orbi-Pro-WiFi-System-PSV-2019-0158
 CVE-2019-20700 - https://kb.netgear.com/000061194/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2018
 CVE-2019-20706 - https://kb.netgear.com/000061223/Security-Advisory-for-Post-Authentication-Command-Injection-on-R7800-and-XR500-PSV-2018-0354
 CVE-2019-20708 - https://kb.netgear.com/000061221/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0340
@@ -64434,6 +64444,7 @@ CVE-2020-16608 - https://sghosh2402.medium.com/cve-2020-16608-8cdad9f4d9b4
 CVE-2020-16630 - https://www.usenix.org/system/files/sec20-zhang-yue.pdf
 CVE-2020-1667 - https://kb.juniper.net/
 CVE-2020-1670 - https://kb.juniper.net/
+CVE-2020-16843 - https://github.com/firecracker-microvm/firecracker/issues/2057
 CVE-2020-16845 - https://www.oracle.com/security-alerts/cpuApr2021.html
 CVE-2020-16846 - http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html
 CVE-2020-16846 - https://github.com/saltstack/salt/releases
@@ -70241,6 +70252,8 @@ CVE-2021-21480 - https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c
 CVE-2021-2149 - https://www.oracle.com/security-alerts/cpuapr2021.html
 CVE-2021-21495 - https://gist.github.com/alacerda/98853283be6009e75b7d94968d50b88e
 CVE-2021-2150 - https://www.oracle.com/security-alerts/cpuapr2021.html
+CVE-2021-21503 - https://www.dell.com/support/kbdoc/000183717
+CVE-2021-21506 - https://www.dell.com/support/kbdoc/000183717
 CVE-2021-2151 - https://www.oracle.com/security-alerts/cpuapr2021.html
 CVE-2021-21513 - https://www.tenable.com/security/research/tra-2021-07
 CVE-2021-2152 - https://www.oracle.com/security-alerts/cpuapr2021.html
@@ -80442,6 +80455,7 @@ CVE-2022-24646 - https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-20
 CVE-2022-24647 - https://github.com/CuppaCMS/CuppaCMS/issues/23
 CVE-2022-24654 - https://github.com/leonardobg/CVE-2022-24654
 CVE-2022-24654 - https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-Scripting.html
+CVE-2022-24655 - https://kb.netgear.com/000064615/Security-Advisory-for-Pre-Authentication-Command-Injection-on-EX6100v1-and-Pre-Authentication-Stack-Overflow-on-Multiple-Products-PSV-2021-0282-PSV-2021-0288
 CVE-2022-24656 - https://github.com/zhuzhuyule/HexoEditor/issues/3
 CVE-2022-2467 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md
 CVE-2022-24676 - https://github.com/hyyyp/HYBBS2/issues/33