Update Thu Aug 22 06:30:49 UTC 2024

2024/CVE-2024-0155.md

@@ -1,11 +1,11 @@
 ### [CVE-2024-0155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0155)
-![](https://img.shields.io/static/v1?label=Product&message=Dell%20Digital%20Delivery%20(D3)%09&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%205.0.86.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Product&message=Dell%20Digital%20Delivery%20(D3)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%205.2.0.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen)
 
 ### Description
 
-Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code.
+Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.
 
 ### POC
 

2024/CVE-2024-0156.md

@@ -1,11 +1,11 @@
 ### [CVE-2024-0156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0156)
 ![](https://img.shields.io/static/v1?label=Product&message=Dell%20Digital%20Delivery%20(D3)&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%205.0.86.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%205.2.0.0%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen)
 
 ### Description
 
-Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.
+Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.
 
 ### POC
 

2024/CVE-2024-28000.md

@@ -0,0 +1,17 @@
+### [CVE-2024-28000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28000)
+![](https://img.shields.io/static/v1?label=Product&message=LiteSpeed%20Cache&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-266%20Incorrect%20Privilege%20Assignment&color=brighgreen)
+
+### Description
+
+Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
+
+### POC
+
+#### Reference
+- https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-32358.md

@@ -5,7 +5,7 @@
 
 ### Description
 
-An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function.
+An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.
 
 ### POC
 

2024/CVE-2024-43022.md

@@ -0,0 +1,17 @@
+### [CVE-2024-43022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43022)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal.
+
+### POC
+
+#### Reference
+- https://gist.github.com/b0rgch3n/6ba0b04da7e48ead20f10b15088fd244
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-43396.md

@@ -0,0 +1,17 @@
+### [CVE-2024-43396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43396)
+![](https://img.shields.io/static/v1?label=Product&message=khoj&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.15.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Khoj is an application that creates personal AI agents. The Automation feature allows a user to insert arbitrary HTML inside the task instructions, resulting in a Stored XSS. The q parameter for the /api/automation endpoint does not get correctly sanitized when rendered on the page, resulting in the ability of users to inject arbitrary HTML/JS. This vulnerability is fixed in 1.15.0.
+
+### POC
+
+#### Reference
+- https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-43399.md

@@ -10,7 +10,7 @@ Mobile Security Framework (MobSF) is a pen-testing, malware analysis and securit
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-43403.md

@@ -0,0 +1,17 @@
+### [CVE-2024-43403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43403)
+![](https://img.shields.io/static/v1?label=Product&message=kanister&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.110.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%3A%20Improper%20Privilege%20Management&color=brighgreen)
+
+### Description
+
+Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.
+
+### POC
+
+#### Reference
+- https://github.com/kanisterio/kanister/security/advisories/GHSA-h27c-6xm3-mcqp
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-43406.md

@@ -0,0 +1,17 @@
+### [CVE-2024-43406](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43406)
+![](https://img.shields.io/static/v1?label=Product&message=ekuiper&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.14.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.
+
+### POC
+
+#### Reference
+- https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-43410.md

@@ -0,0 +1,17 @@
+### [CVE-2024-43410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43410)
+![](https://img.shields.io/static/v1?label=Product&message=russh&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.44.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen)
+
+### Description
+
+Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1.
+
+### POC
+
+#### Reference
+- https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-45163.md

@@ -0,0 +1,18 @@
+### [CVE-2024-45163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45163)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.
+
+### POC
+
+#### Reference
+- https://pastebin.com/6tqHnCva
+- https://youtu.be/aJkvSr85ML8
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-45165.md

@@ -0,0 +1,17 @@
+### [CVE-2024-45165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45165)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string "(c)2007 UCI Software GmbH B.Boll" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks.
+
+### POC
+
+#### Reference
+- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-048.txt
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-45166.md

@@ -0,0 +1,17 @@
+### [CVE-2024-45166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45166)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. There is an access violation and EIP overwrite after five logins.
+
+### POC
+
+#### Reference
+- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-45167.md

@@ -0,0 +1,18 @@
+### [CVE-2024-45167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45167)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. A certain XmlMessage document causes 100% CPU consumption.
+
+### POC
+
+#### Reference
+- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt
+- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-051.txt
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-45168.md

@@ -0,0 +1,17 @@
+### [CVE-2024-45168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45168)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable.
+
+### POC
+
+#### Reference
+- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-049.txt
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-45169.md

@@ -0,0 +1,17 @@
+### [CVE-2024-45169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45169)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence.
+
+### POC
+
+#### Reference
+- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-052.txt
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -97928,6 +97928,7 @@ CVE-2024-27934 - https://github.com/denoland/deno/security/advisories/GHSA-3j27-
 CVE-2024-27935 - https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp
 CVE-2024-27936 - https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw
 CVE-2024-27938 - https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide
+CVE-2024-28000 - https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve
 CVE-2024-2805 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md
 CVE-2024-28056 - https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/
 CVE-2024-2806 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md
@@ -99923,16 +99924,22 @@ CVE-2024-42986 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda
 CVE-2024-42987 - https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/Tenda/FH1206/fromPptpUserAdd.md
 CVE-2024-42994 - https://www.shielder.com/advisories/vtiger-mailmanager-sqli/
 CVE-2024-42995 - https://www.shielder.com/advisories/vtiger-migration-bac/
+CVE-2024-43022 - https://gist.github.com/b0rgch3n/6ba0b04da7e48ead20f10b15088fd244
 CVE-2024-4305 - https://wpscan.com/vulnerability/635be98d-4c17-4e75-871f-9794d85a2eb1/
 CVE-2024-43167 - https://github.com/NLnetLabs/unbound/issues/1072
 CVE-2024-43168 - https://github.com/NLnetLabs/unbound/issues/1039
 CVE-2024-43360 - https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj
 CVE-2024-43373 - https://github.com/j4k0xb/webcrack/security/advisories/GHSA-ccqh-278p-xq6w
 CVE-2024-43374 - https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw
 CVE-2024-43381 - https://github.com/yogeshojha/rengine/security/advisories/GHSA-96q4-fj2m-jqf7
+CVE-2024-43396 - https://github.com/khoj-ai/khoj/security/advisories/GHSA-cf72-vg59-4j4h
+CVE-2024-43399 - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j
 CVE-2024-4340 - https://github.com/advisories/GHSA-2m57-hf25-phgg
 CVE-2024-4340 - https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/
 CVE-2024-43401 - https://jira.xwiki.org/browse/XWIKI-20331
+CVE-2024-43403 - https://github.com/kanisterio/kanister/security/advisories/GHSA-h27c-6xm3-mcqp
+CVE-2024-43406 - https://github.com/lf-edge/ekuiper/security/advisories/GHSA-r5ph-4jxm-6j9p
+CVE-2024-43410 - https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg
 CVE-2024-4348 - https://vuldb.com/?submit.320855
 CVE-2024-4349 - https://github.com/CveSecLook/cve/issues/19
 CVE-2024-4372 - https://wpscan.com/vulnerability/13dcfd8a-e378-44b4-af6f-940bc41539a4/
@@ -99958,6 +99965,14 @@ CVE-2024-4495 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/
 CVE-2024-4496 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formWifiMacFilterSet.md
 CVE-2024-4497 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formexeCommand.md
 CVE-2024-4512 - https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss.md
+CVE-2024-45163 - https://pastebin.com/6tqHnCva
+CVE-2024-45163 - https://youtu.be/aJkvSr85ML8
+CVE-2024-45165 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-048.txt
+CVE-2024-45166 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt
+CVE-2024-45167 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-050.txt
+CVE-2024-45167 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-051.txt
+CVE-2024-45168 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-049.txt
+CVE-2024-45169 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-052.txt
 CVE-2024-4528 - https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss2.md
 CVE-2024-4529 - https://wpscan.com/vulnerability/082ff0b8-2ecd-4292-832d-0a79e1ba8cb3/
 CVE-2024-4530 - https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/