Update Wed Jan 4 13:51:38 UTC 2023

2017/CVE-2017-7870.md

@@ -0,0 +1,17 @@
+### [CVE-2017-7870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7870)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
+
+### POC
+
+#### Reference
+- http://www.securityfocus.com/bid/97671
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-27962.md

@@ -10,6 +10,7 @@ Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a
 ### POC
 
 #### Reference
+- https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 - https://community.grafana.com/t/release-notes-v6-7-x/27119
 
 #### Github

2021/CVE-2021-28146.md

@@ -10,6 +10,7 @@ The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect
 ### POC
 
 #### Reference
+- https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 - https://community.grafana.com/t/release-notes-v6-7-x/27119
 
 #### Github

2021/CVE-2021-28147.md

@@ -10,6 +10,7 @@ The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10
 ### POC
 
 #### Reference
+- https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 - https://community.grafana.com/t/release-notes-v6-7-x/27119
 
 #### Github

2021/CVE-2021-28148.md

@@ -10,6 +10,7 @@ One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.
 ### POC
 
 #### Reference
+- https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 - https://community.grafana.com/t/release-notes-v6-7-x/27119
 
 #### Github

2021/CVE-2021-32821.md

@@ -0,0 +1,17 @@
+### [CVE-2021-32821](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32821)
+![](https://img.shields.io/static/v1?label=Product&message=mootools-core&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.6.0%3C%3D%201.6.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
+
+### Description
+
+MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.
+
+### POC
+
+#### Reference
+- https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-32824.md

@@ -0,0 +1,17 @@
+### [CVE-2021-32824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32824)
+![](https://img.shields.io/static/v1?label=Product&message=Dubbo&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=2.6.10%3C%202.6.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
+
+### Description
+
+Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the providers and methods exposed by the service and it can even allow to shutdown the service. This endpoint is unprotected. Additionally, a provider method can be invoked using the `invoke` handler. This handler uses a safe version of FastJson to process the call arguments. However, the resulting list is later processed with `PojoUtils.realize` which can be used to instantiate arbitrary classes and invoke its setters. Even though FastJson is properly protected with a default blocklist, `PojoUtils.realize` is not, and an attacker can leverage that to achieve remote code execution. Versions 2.6.10 and 2.7.10 contain fixes for this issue.
+
+### POC
+
+#### Reference
+- https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-40337.md

@@ -0,0 +1,17 @@
+### [CVE-2021-40337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40337)
+![](https://img.shields.io/static/v1?label=Product&message=LinkOne&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=3.20%3D%203.20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
+
+### POC
+
+#### Reference
+- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-40338.md

@@ -0,0 +1,17 @@
+### [CVE-2021-40338](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40338)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
+
+### POC
+
+#### Reference
+- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-40339.md

@@ -0,0 +1,17 @@
+### [CVE-2021-40339](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40339)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Configuration vulnerability in Hitachi Energy LinkOne application due to the lack of HTTP Headers, allows an attacker that manages to exploit this vulnerability to retrieve sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
+
+### POC
+
+#### Reference
+- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-40340.md

@@ -0,0 +1,17 @@
+### [CVE-2021-40340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40340)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Information Exposure vulnerability in Hitachi Energy LinkOne application, due to a misconfiguration in the ASP server exposes server and ASP.net information, an attacker that manages to exploit this vulnerability can use the exposed information as a reconnaissance for further exploitation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
+
+### POC
+
+#### Reference
+- https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-30594.md

@@ -11,6 +11,7 @@ The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE
 
 #### Reference
 - http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
+- http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
 
 #### Github

references.txt

@@ -37623,6 +37623,7 @@ CVE-2017-7858 - https://www.oracle.com/security-alerts/cpuapr2020.html
 CVE-2017-7864 - https://www.oracle.com/security-alerts/cpuapr2020.html
 CVE-2017-7867 - http://bugs.icu-project.org/trac/changeset/39671
 CVE-2017-7868 - http://bugs.icu-project.org/trac/changeset/39671
+CVE-2017-7870 - http://www.securityfocus.com/bid/97671
 CVE-2017-7877 - https://github.com/flatCore/flatCore-CMS/issues/27
 CVE-2017-7881 - https://www.cdxy.me/?p=765
 CVE-2017-7885 - https://bugs.ghostscript.com/show_bug.cgi?id=697703
@@ -59465,6 +59466,7 @@ CVE-2021-27933 - http://seclists.org/fulldisclosure/2021/Apr/61
 CVE-2021-27946 - http://packetstormsecurity.com/files/161918/MyBB-1.8.25-SQL-Injection.html
 CVE-2021-27956 - https://raxis.com/blog/cve-2021-27956-manage-engine-xss
 CVE-2021-27956 - https://www.manageengine.com
+CVE-2021-27962 - https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 CVE-2021-27962 - https://community.grafana.com/t/release-notes-v6-7-x/27119
 CVE-2021-27963 - https://github.com/erberkan/SonLogger-vulns
 CVE-2021-27964 - http://packetstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.html
@@ -59511,8 +59513,11 @@ CVE-2021-28142 - http://packetstormsecurity.com/files/162182/CITSmart-ITSM-9.1.2
 CVE-2021-28143 - https://github.com/vitorespf/Advisories/blob/master/DLINK-DIR-841-command-injection.txt
 CVE-2021-28144 - http://packetstormsecurity.com/files/161757/D-Link-DIR-3060-1.11b04-Command-Injection.html
 CVE-2021-28144 - http://seclists.org/fulldisclosure/2021/Mar/23
+CVE-2021-28146 - https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 CVE-2021-28146 - https://community.grafana.com/t/release-notes-v6-7-x/27119
+CVE-2021-28147 - https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 CVE-2021-28147 - https://community.grafana.com/t/release-notes-v6-7-x/27119
+CVE-2021-28148 - https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724
 CVE-2021-28148 - https://community.grafana.com/t/release-notes-v6-7-x/27119
 CVE-2021-28153 - https://gitlab.gnome.org/GNOME/glib/-/issues/2325
 CVE-2021-28155 - https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
@@ -60317,7 +60322,9 @@ CVE-2021-32817 - https://securitylab.github.com/advisories/GHSL-2021-019-express
 CVE-2021-32818 - https://securitylab.github.com/advisories/GHSL-2021-025-haml-coffee/
 CVE-2021-32819 - https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/
 CVE-2021-32820 - https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
+CVE-2021-32821 - https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
 CVE-2021-32822 - https://securitylab.github.com/advisories/GHSL-2021-020-pillarjs-hbs/
+CVE-2021-32824 - https://securitylab.github.com/advisories/GHSL-2021-034_043-apache-dubbo/
 CVE-2021-32825 - https://securitylab.github.com/advisories/GHSL-2020-258-zipslip-bblfshd/
 CVE-2021-32826 - https://securitylab.github.com/advisories/GHSL-2021-053-proxyee-down/
 CVE-2021-32827 - https://securitylab.github.com/advisories/GHSL-2021-059-mockserver/
@@ -61665,8 +61672,12 @@ CVE-2021-40309 - https://www.exploit-db.com/exploits/50249
 CVE-2021-40310 - https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
 CVE-2021-40310 - https://www.youtube.com/watch?v=aPKPUDmmYpc
 CVE-2021-4033 - https://huntr.dev/bounties/e05be1f7-d00c-4cfd-9390-ccd9d1c737b7
+CVE-2021-40337 - https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
+CVE-2021-40338 - https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
+CVE-2021-40339 - https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
 CVE-2021-4034 - http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
 CVE-2021-4034 - http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
+CVE-2021-40340 - https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch
 CVE-2021-40352 - http://packetstormsecurity.com/files/164011/OpenEMR-6.0.0-Insecure-Direct-Object-Reference.html
 CVE-2021-40371 - http://packetstormsecurity.com/files/164621/GridPro-Request-Management-For-Windows-Azure-Pack-2.0.7905-Directory-Traversal.html
 CVE-2021-40371 - http://seclists.org/fulldisclosure/2021/Oct/33
@@ -65669,6 +65680,7 @@ CVE-2022-30543 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-
 CVE-2022-30547 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1547
 CVE-2022-30552 - https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
 CVE-2022-30594 - http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html
+CVE-2022-30594 - http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html
 CVE-2022-30594 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
 CVE-2022-3060 - https://gitlab.com/gitlab-org/gitlab/-/issues/365427
 CVE-2022-30603 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1562