Update Mon Apr 15 02:00:41 UTC 2024

trickest · Apr 15, 2024 · efb0cfb · efb0cfb
1 parent a4d3132
commit efb0cfb
Show file tree

Hide file tree

Showing 16 changed files with 147 additions and 1 deletion.
diff --git a/2009/CVE-2009-2629.md b/2009/CVE-2009-2629.md
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/andrebro242/https-github.com-andrebro242-13-01.md
 - https://github.com/badd1e/Disclosures
+- https://github.com/secure-rewind-and-discard/sdrad_utils
 
diff --git a/2011/CVE-2011-4971.md b/2011/CVE-2011-4971.md
@@ -13,5 +13,5 @@ Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process
 - http://insecurety.net/?p=872
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/secure-rewind-and-discard/sdrad_utils
 
diff --git a/2016/CVE-2016-4977.md b/2016/CVE-2016-4977.md
@@ -37,6 +37,7 @@ No PoCs from references.
 - https://github.com/b1narygl1tch/awesome-oauth-sec
 - https://github.com/bakery312/Vulhub-Reproduce
 - https://github.com/huimzjty/vulwiki
+- https://github.com/hxysaury/saury-vulnhub
 - https://github.com/jweny/pocassistdb
 - https://github.com/langu-xyz/JavaVulnMap
 - https://github.com/superfish9/pt

diff --git a/2021/CVE-2021-45535.md b/2021/CVE-2021-45535.md
@@ -0,0 +1,17 @@
+### [CVE-2021-45535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45535)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064457/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0052
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-3786.md b/2022/CVE-2022-3786.md
@@ -45,6 +45,7 @@ No PoCs from references.
 - https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc
 - https://github.com/roycewilliams/openssl-nov-1-critical-cve-2022-tracking
 - https://github.com/sarutobi12/sarutobi12
+- https://github.com/secure-rewind-and-discard/sdrad_utils
 - https://github.com/tamus-cyber/OpenSSL-vuln-2022
 - https://github.com/vulnersCom/vulners-sbom-parser
 - https://github.com/weeka10/-hktalent-TOP

diff --git a/2024/CVE-2024-20670.md b/2024/CVE-2024-20670.md
@@ -0,0 +1,17 @@
+### [CVE-2024-20670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20670)
+![](https://img.shields.io/static/v1?label=Product&message=Outlook%20for%20Windows&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%201.2023.0322.0100%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen)
+
+### Description
+
+Outlook for Windows Spoofing Vulnerability
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/tanjiti/sec_profile
+
diff --git a/2024/CVE-2024-22363.md b/2024/CVE-2024-22363.md
@@ -0,0 +1,17 @@
+### [CVE-2024-22363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22363)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/francoatmega/francoatmega
+
diff --git a/2024/CVE-2024-24576.md b/2024/CVE-2024-24576.md
@@ -25,6 +25,7 @@ No PoCs from references.
 - https://github.com/frostb1ten/CVE-2024-24576-PoC
 - https://github.com/jafshare/GithubTrending
 - https://github.com/kherrick/lobsters
+- https://github.com/lpn/CVE-2024-24576.jl
 - https://github.com/mishalhossin/CVE-2024-24576-PoC-Python
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/securitycipher/daily-bugbounty-writeups

diff --git a/2024/CVE-2024-24862.md b/2024/CVE-2024-24862.md
@@ -0,0 +1,17 @@
+### [CVE-2024-24862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24862)
+![](https://img.shields.io/static/v1?label=Product&message=Linux%20kernel&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=v6.2%3C%20v6.9-rc3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen)
+
+### Description
+
+In function pci1xxxx_spi_probe, there is a potential null pointer thatmay be caused by a failed memory allocation by the function devm_kzalloc.Hence, a null pointer check needs to be added to prevent null pointerdereferencing later in the code.To fix this issue, spi_bus->spi_int[iter] should be checked. The memoryallocated by devm_kzalloc will be automatically released, so just directlyreturn -ENOMEM without worrying about memory leaks.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-24863.md b/2024/CVE-2024-24863.md
@@ -0,0 +1,17 @@
+### [CVE-2024-24863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24863)
+![](https://img.shields.io/static/v1?label=Product&message=Linux%20kernel&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=v4.19-rc1%3C%20v6.9-rc2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen)
+
+### Description
+
+In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-26817.md b/2024/CVE-2024-26817.md
@@ -0,0 +1,18 @@
+### [CVE-2024-26817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26817)
+![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20e6721ea845fc%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In the Linux kernel, the following vulnerability has been resolved:amdkfd: use calloc instead of kzalloc to avoid integer overflowThis uses calloc instead of doing the multiplication which mightoverflow.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd
+- https://github.com/nomi-sec/PoC-in-GitHub
+
diff --git a/2024/CVE-2024-27462.md b/2024/CVE-2024-27462.md
@@ -0,0 +1,18 @@
+### [CVE-2024-27462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27462)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Alaatk/CVE-2024-27462
+- https://github.com/nomi-sec/PoC-in-GitHub
+
diff --git a/2024/CVE-2024-27983.md b/2024/CVE-2024-27983.md
@@ -17,4 +17,6 @@ No PoCs from references.
 - https://github.com/DrewskyDev/H2Flood
 - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
 - https://github.com/hex0punk/cont-flood-poc
+- https://github.com/lirantal/CVE-2024-27983-nodejs-http2
+- https://github.com/nomi-sec/PoC-in-GitHub
 
diff --git a/2024/CVE-2024-28255.md b/2024/CVE-2024-28255.md
@@ -17,4 +17,5 @@ OpenMetadata is a unified platform for discovery, observability, and governance
 - https://github.com/YongYe-Security/CVE-2024-28255
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
+- https://github.com/wy876/POC
 
diff --git a/github.txt b/github.txt
@@ -3845,6 +3845,7 @@ CVE-2009-2532 - https://github.com/uroboros-security/SMB-CVE
 CVE-2009-2532 - https://github.com/ycdxsb/WindowsPrivilegeEscalation
 CVE-2009-2629 - https://github.com/andrebro242/https-github.com-andrebro242-13-01.md
 CVE-2009-2629 - https://github.com/badd1e/Disclosures
+CVE-2009-2629 - https://github.com/secure-rewind-and-discard/sdrad_utils
 CVE-2009-2643 - https://github.com/0xCyberY/CVE-T4PDF
 CVE-2009-2643 - https://github.com/ARPSyndicate/cvemon
 CVE-2009-2646 - https://github.com/0xCyberY/CVE-T4PDF
@@ -7444,6 +7445,7 @@ CVE-2011-4968 - https://github.com/lukeber4/usn-search
 CVE-2011-4969 - https://github.com/FallibleInc/retirejslib
 CVE-2011-4969 - https://github.com/ctcpip/jquery-security
 CVE-2011-4969 - https://github.com/eliasgranderubio/4depcheck
+CVE-2011-4971 - https://github.com/secure-rewind-and-discard/sdrad_utils
 CVE-2011-5000 - https://github.com/ARPSyndicate/cvemon
 CVE-2011-5000 - https://github.com/DButter/whitehat_public
 CVE-2011-5000 - https://github.com/Dokukin1/Metasploitable
@@ -24995,6 +24997,7 @@ CVE-2016-4977 - https://github.com/ax1sX/SpringSecurity
 CVE-2016-4977 - https://github.com/b1narygl1tch/awesome-oauth-sec
 CVE-2016-4977 - https://github.com/bakery312/Vulhub-Reproduce
 CVE-2016-4977 - https://github.com/huimzjty/vulwiki
+CVE-2016-4977 - https://github.com/hxysaury/saury-vulnhub
 CVE-2016-4977 - https://github.com/jweny/pocassistdb
 CVE-2016-4977 - https://github.com/langu-xyz/JavaVulnMap
 CVE-2016-4977 - https://github.com/superfish9/pt
@@ -130796,6 +130799,7 @@ CVE-2022-3786 - https://github.com/protecode-sc/helm-chart
 CVE-2022-3786 - https://github.com/rbowes-r7/cve-2022-3602-and-cve-2022-3786-openssl-poc
 CVE-2022-3786 - https://github.com/roycewilliams/openssl-nov-1-critical-cve-2022-tracking
 CVE-2022-3786 - https://github.com/sarutobi12/sarutobi12
+CVE-2022-3786 - https://github.com/secure-rewind-and-discard/sdrad_utils
 CVE-2022-3786 - https://github.com/tamus-cyber/OpenSSL-vuln-2022
 CVE-2022-3786 - https://github.com/vulnersCom/vulners-sbom-parser
 CVE-2022-3786 - https://github.com/weeka10/-hktalent-TOP
@@ -140168,6 +140172,7 @@ CVE-2023-33252 - https://github.com/BeosinBlockchainSecurity/Security-Incident-R
 CVE-2023-33253 - https://github.com/Toxich4/CVE-2023-33253
 CVE-2023-33253 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-33264 - https://github.com/PeterXMR/Demo
+CVE-2023-33264 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-33268 - https://github.com/dtssec/CVE-Disclosures
 CVE-2023-33268 - https://github.com/l4rRyxz/CVE-Disclosures
 CVE-2023-33269 - https://github.com/dtssec/CVE-Disclosures
@@ -140581,6 +140586,7 @@ CVE-2023-3443 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34432 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34439 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-34458 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-34458 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-34459 - https://github.com/0xCRC32/test
 CVE-2023-3446 - https://github.com/adegoodyer/kubernetes-admin-toolkit
 CVE-2023-3446 - https://github.com/chnzzh/OpenSSL-CVE-lib
@@ -142812,6 +142818,7 @@ CVE-2023-41448 - https://github.com/RNPG/CVEs
 CVE-2023-41448 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2023-41449 - https://github.com/RNPG/CVEs
 CVE-2023-41449 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2023-4145 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2023-41450 - https://github.com/RNPG/CVEs
 CVE-2023-41451 - https://github.com/RNPG/CVEs
 CVE-2023-41451 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -152792,6 +152799,7 @@ CVE-2024-20666 - https://github.com/nnotwen/Script-For-CVE-2024-20666
 CVE-2024-20666 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-20667 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-2067 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-20670 - https://github.com/tanjiti/sec_profile
 CVE-2024-20671 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-20672 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-20673 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -153623,6 +153631,7 @@ CVE-2024-2236 - https://github.com/TimoTielens/TwT.Docker.Aspnet
 CVE-2024-2236 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-2236 - https://github.com/fokypoky/places-list
 CVE-2024-22361 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-22363 - https://github.com/francoatmega/francoatmega
 CVE-2024-22365 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-22365 - https://github.com/fokypoky/places-list
 CVE-2024-22368 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -154477,6 +154486,7 @@ CVE-2024-24576 - https://github.com/foxoman/CVE-2024-24576-PoC---Nim
 CVE-2024-24576 - https://github.com/frostb1ten/CVE-2024-24576-PoC
 CVE-2024-24576 - https://github.com/jafshare/GithubTrending
 CVE-2024-24576 - https://github.com/kherrick/lobsters
+CVE-2024-24576 - https://github.com/lpn/CVE-2024-24576.jl
 CVE-2024-24576 - https://github.com/mishalhossin/CVE-2024-24576-PoC-Python
 CVE-2024-24576 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-24576 - https://github.com/securitycipher/daily-bugbounty-writeups
@@ -154592,6 +154602,8 @@ CVE-2024-24858 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24859 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24860 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24861 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-24862 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-24863 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24864 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24866 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-24867 - https://github.com/NaInSec/CVE-LIST
@@ -155550,6 +155562,8 @@ CVE-2024-2680 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-26800 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-2681 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-26811 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-26817 - https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd
+CVE-2024-26817 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-2682 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-2683 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-2684 - https://github.com/NaInSec/CVE-LIST
@@ -155946,6 +155960,8 @@ CVE-2024-27983 - https://github.com/Ampferl/poc_http2-continuation-flood
 CVE-2024-27983 - https://github.com/DrewskyDev/H2Flood
 CVE-2024-27983 - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC
 CVE-2024-27983 - https://github.com/hex0punk/cont-flood-poc
+CVE-2024-27983 - https://github.com/lirantal/CVE-2024-27983-nodejs-http2
+CVE-2024-27983 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-27985 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-27986 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-27988 - https://github.com/NaInSec/CVE-LIST
@@ -156141,6 +156157,7 @@ CVE-2024-28255 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-28255 - https://github.com/YongYe-Security/CVE-2024-28255
 CVE-2024-28255 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-28255 - https://github.com/tanjiti/sec_profile
+CVE-2024-28255 - https://github.com/wy876/POC
 CVE-2024-2826 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-2826 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-2827 - https://github.com/NaInSec/CVE-LIST

diff --git a/references.txt b/references.txt
@@ -77264,6 +77264,7 @@ CVE-2021-45523 - https://kb.netgear.com/000064442/Security-Advisory-for-Post-Aut
 CVE-2021-45524 - https://kb.netgear.com/000064123/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-R8000-PSV-2020-0315
 CVE-2021-45526 - https://kb.netgear.com/000064446/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Extenders-PSV-2019-0078
 CVE-2021-45532 - https://kb.netgear.com/000064454/Security-Advisory-for-Post-Authentication-Command-Injection-on-R8000-PSV-2019-0294
+CVE-2021-45535 - https://kb.netgear.com/000064457/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0052
 CVE-2021-45536 - https://kb.netgear.com/000064080/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0056
 CVE-2021-45541 - https://kb.netgear.com/000064479/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0246
 CVE-2021-45542 - https://kb.netgear.com/000064143/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0540