Skip to content

Commit

Permalink
Update Sun Jan 8 13:53:15 UTC 2023
Browse files Browse the repository at this point in the history
  • Loading branch information
@trickest-workflows
trickest-workflows committed Jan 8, 2023
1 parent f70d596 commit f04d79c
Show file tree
Hide file tree
Showing 6 changed files with 42 additions and 1 deletion.
1 change: 1 addition & 0 deletions 2005/CVE-2005-3178.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assiste

#### Reference
- http://marc.info/?l=bugtraq&m=112862493918840&w=2
- http://www.redhat.com/support/errata/RHSA-2005-802.html

#### Github
No PoCs found on GitHub currently.
Expand Down
17 changes: 17 additions & 0 deletions 2017/CVE-2017-18813.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2017-18813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18813)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

### POC

#### Reference
- https://kb.netgear.com/000049052/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0296

#### Github
No PoCs found on GitHub currently.

1 change: 1 addition & 0 deletions 2021/CVE-2021-29921.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ In Python before 3,9,5, the ipaddress library mishandles leading zero characters

#### Reference
- https://github.com/python/cpython/pull/12577
- https://github.com/python/cpython/pull/25099
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
- https://sick.codes/sick-2021-014
- https://www.oracle.com/security-alerts/cpuoct2021.html
Expand Down
2 changes: 1 addition & 1 deletion 2022/CVE-2022-34962.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contai
### POC

#### Reference
No PoCs from references.
- https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034

#### Github
- https://github.com/ARPSyndicate/cvemon
Expand Down
17 changes: 17 additions & 0 deletions 2022/CVE-2022-37450.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2022-37450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37450)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.

### POC

#### Reference
- https://medium.com/@aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef

#### Github
No PoCs found on GitHub currently.

5 changes: 5 additions & 0 deletions references.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1725,6 +1725,7 @@ CVE-2005-3156 - http://marc.info/?l=bugtraq&m=112812059917394&w=2
CVE-2005-3157 - http://marc.info/?l=bugtraq&m=112793982604963&w=2
CVE-2005-3158 - http://marc.info/?l=bugtraq&m=112801702000944&w=2
CVE-2005-3178 - http://marc.info/?l=bugtraq&m=112862493918840&w=2
CVE-2005-3178 - http://www.redhat.com/support/errata/RHSA-2005-802.html
CVE-2005-3180 - http://www.redhat.com/support/errata/RHSA-2005-808.html
CVE-2005-3180 - http://www.securityfocus.com/archive/1/428028/100/0/threaded
CVE-2005-3181 - http://www.redhat.com/support/errata/RHSA-2005-808.html
Expand Down Expand Up @@ -35784,6 +35785,7 @@ CVE-2017-18800 - https://kb.netgear.com/000049356/Security-Advisory-for-Reflecte
CVE-2017-18807 - https://kb.netgear.com/000049058/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-2001
CVE-2017-18810 - https://kb.netgear.com/000049055/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0300
CVE-2017-18812 - https://kb.netgear.com/000049053/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0298
CVE-2017-18813 - https://kb.netgear.com/000049052/Security-Advisory-for-Stored-Cross-Site-Scripting-Vulnerability-on-Some-ReadyNAS-Devices-PSV-2017-0296
CVE-2017-18833 - https://kb.netgear.com/000049029/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1955
CVE-2017-18835 - https://kb.netgear.com/000049027/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Fully-Managed-Switches-PSV-2017-1957
CVE-2017-18836 - https://kb.netgear.com/000049026/Security-Advisory-for-Denial-of-Service-on-Some-Fully-Managed-Switches-PSV-2017-1959
Expand Down Expand Up @@ -60064,6 +60066,7 @@ CVE-2021-29662 - https://github.com/sickcodes/security/blob/master/advisories/SI
CVE-2021-29662 - https://sick.codes/sick-2021-018/
CVE-2021-29663 - http://sourceforge.net/projects/coursems
CVE-2021-29921 - https://github.com/python/cpython/pull/12577
CVE-2021-29921 - https://github.com/python/cpython/pull/25099
CVE-2021-29921 - https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
CVE-2021-29921 - https://sick.codes/sick-2021-014
CVE-2021-29921 - https://www.oracle.com/security-alerts/cpuoct2021.html
Expand Down Expand Up @@ -66727,6 +66730,7 @@ CVE-2022-3495 - https://github.com/Hakcoder/Simple-Online-Public-Access-Catalog-
CVE-2022-34955 - https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/261
CVE-2022-34956 - https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/261
CVE-2022-34961 - https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c
CVE-2022-34962 - https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034
CVE-2022-34963 - https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3
CVE-2022-34964 - https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c
CVE-2022-34966 - https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6
Expand Down Expand Up @@ -67183,6 +67187,7 @@ CVE-2022-37415 - https://gist.github.com/alfarom256/220cb75816ca2b5556e7fc8d8d28
CVE-2022-37416 - https://issuetracker.google.com/issues/231026247
CVE-2022-37434 - http://seclists.org/fulldisclosure/2022/Oct/41
CVE-2022-37434 - https://github.com/ivd38/zlib_overflow
CVE-2022-37450 - https://medium.com/@aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef
CVE-2022-37454 - https://mouha.be/sha-3-buffer-overflow/
CVE-2022-37461 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=30693
CVE-2022-3747 - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-3747.txt
Expand Down

0 comments on commit f04d79c

Please sign in to comment.