Update CVE sources 2024-08-26 18:34

2007/CVE-2007-4559.md

@@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/Brianpan/go-creosote
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/JamesDarf/tarpioka
 - https://github.com/NaInSec/CVE-LIST
 - https://github.com/Ooscaar/MALW
 - https://github.com/advanced-threat-research/Creosote

2013/CVE-2013-1060.md

@@ -10,6 +10,7 @@ A certain Ubuntu build procedure for perf, as distributed in the Linux kernel pa
 ### POC
 
 #### Reference
+- http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1060.html
 - http://www.ubuntu.com/usn/USN-1938-1
 
 #### Github

2019/CVE-2019-11358.md

@@ -2037,7 +2037,9 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Sarvesh-Somasundaram/5795UltimateGoal
 - https://github.com/Satgoy152/FreightFrenzy
 - https://github.com/ScarlettRobotics/FTC-2021
+- https://github.com/ScarlettRobotics/FTC20718-2022-23
 - https://github.com/ScarlettRobotics/FTC20718-2023-24
+- https://github.com/ScarlettRobotics/FTC22531-2022-23
 - https://github.com/ScarlettRobotics/FTC22531-2023-24
 - https://github.com/Scarsdale-Robotics/2021-2022-Freight-Frenzy
 - https://github.com/Scarsdale-Robotics/OpenCV-Tutorial
@@ -3412,6 +3414,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/laawingnuts/LAAWingnuts
 - https://github.com/lakeridgeacademy/2022-power-play
 - https://github.com/lancelarsen/PhoenixForceFreightFrenzy
+- https://github.com/lancelarsen/PhoenixForceUltimateGoal
 - https://github.com/largoftc/Firsttech
 - https://github.com/larrytao05/FtcRobotController
 - https://github.com/laupetre/FTC-2021

2019/CVE-2019-19905.md

@@ -10,7 +10,7 @@ NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when read
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
 
 #### Github
 - https://github.com/0xT11/CVE-POC

2020/CVE-2020-25887.md

@@ -0,0 +1,17 @@
+### [CVE-2020-25887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25887)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
+

2022/CVE-2022-21724.md

@@ -22,6 +22,7 @@ No PoCs from references.
 - https://github.com/VeerMuchandi/s3c-springboot-demo
 - https://github.com/Whoopsunix/JavaRce
 - https://github.com/YDCloudSecurity/cloud-security-guides
+- https://github.com/clj-holmes/clj-watson
 - https://github.com/fra-dln/DevSecOps-playground-Actions
 - https://github.com/luelueking/Deserial_Sink_With_JDBC
 - https://github.com/tanjiti/sec_profile

2022/CVE-2022-38072.md

@@ -15,5 +15,5 @@ An improper array index validation vulnerability exists in the stl_fix_normal_di
 - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
 

2023/CVE-2023-0516.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0516](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0516)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Tours%20%26%20Travels%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.219336
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-0530.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0530)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Tours%20%26%20Travels%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219599.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.219599
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-0774.md

@@ -10,6 +10,7 @@ A vulnerability has been found in SourceCodester Medical Certificate Generator A
 ### POC
 
 #### Reference
+- https://vuldb.com/?id.220558
 - https://www.youtube.com/watch?v=s3oK5jebx_I
 
 #### Github

2023/CVE-2023-0960.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0960)
+![](https://img.shields.io/static/v1?label=Product&message=SeaCMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.221630
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-24187.md

@@ -0,0 +1,17 @@
+### [CVE-2023-24187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24187)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/tanjiti/sec_profile
+

2023/CVE-2023-2640.md

@@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/0xsyr0/OSCP
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
+- https://github.com/GhostTroops/TOP
 - https://github.com/HaxorSecInfec/autoroot.sh
 - https://github.com/K5LK/CVE-2023-2640-32629
 - https://github.com/Kiosec/Linux-Exploitation

2023/CVE-2023-27356.md

@@ -0,0 +1,17 @@
+### [CVE-2023-27356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27356)
+![](https://img.shields.io/static/v1?label=Product&message=RAX30&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.9.90_3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
+
+### Description
+
+NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000065618/Security-Advisory-for-Post-authentication-Command-Injection-on-Some-Routers-PSV-2022-0350
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-31209.md

@@ -1,7 +1,7 @@
 ### [CVE-2023-31209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31209)
 ![](https://img.shields.io/static/v1?label=Product&message=Checkmk&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=2.2.0%3C%202.2.0p4%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)
 
 ### Description
 

2023/CVE-2023-32629.md

@@ -17,6 +17,7 @@ Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up
 - https://github.com/0xsyr0/OSCP
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Ev3rPalestine/Analytics-HTB-Walkthrough
+- https://github.com/GhostTroops/TOP
 - https://github.com/HaxorSecInfec/autoroot.sh
 - https://github.com/K5LK/CVE-2023-2640-32629
 - https://github.com/Kiosec/Linux-Exploitation

2023/CVE-2023-48864.md

@@ -10,7 +10,7 @@ SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the lang
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://gitee.com/NoBlake/cve-2023-48864
 
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub

2023/CVE-2023-48957.md

@@ -0,0 +1,18 @@
+### [CVE-2023-48957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48957)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
+
+### POC
+
+#### Reference
+- https://latesthackingnews.com/2023/11/13/multiple-vulnerabilities-found-in-purevpn-one-remains-unpatched/
+- https://www.rafaybaloch.com/2023/11/Multiple%20Critical-Vulnerabilities-in-PureVPN.html?m=1
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-1939.md

@@ -14,4 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/rycbar77/V8Exploits
 

2024/CVE-2024-2316.md

@@ -10,7 +10,7 @@ A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.256270
 
 #### Github
 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities

2024/CVE-2024-23692.md

@@ -22,6 +22,7 @@
 - https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/onewinner/POCS
+- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/tanjiti/sec_profile
 - https://github.com/vanboomqi/CVE-2024-23692
 - https://github.com/wjlin0/poc-doc

2024/CVE-2024-24809.md

@@ -15,4 +15,5 @@ Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnera
 
 #### Github
 - https://github.com/20142995/nuclei-templates
+- https://github.com/Ostorlab/KEV
 

2024/CVE-2024-2887.md

@@ -16,4 +16,5 @@ No PoCs from references.
 - https://github.com/TrojanAZhen/Self_Back
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/rycbar77/V8Exploits
 

2024/CVE-2024-31380.md

@@ -1,11 +1,11 @@
 ### [CVE-2024-31380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31380)
 ![](https://img.shields.io/static/v1?label=Product&message=Oxygen%20Builder&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.8.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.9%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
 
 ### Description
 
-Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.3.
+Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9.
 
 ### POC
 

2024/CVE-2024-38856.md

@@ -20,6 +20,7 @@ No PoCs from references.
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/k3ppf0r/2024-PocLib
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/qiuluo-oss/Tiger
 - https://github.com/tanjiti/sec_profile
 - https://github.com/wy876/POC

2024/CVE-2024-41849.md

@@ -0,0 +1,17 @@
+### [CVE-2024-41849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41849)
+![](https://img.shields.io/static/v1?label=Product&message=Adobe%20Experience%20Manager&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation%20(CWE-20)&color=brighgreen)
+
+### Description
+
+Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-41996.md

@@ -0,0 +1,18 @@
+### [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
+
+### POC
+
+#### Reference
+- https://dheatattack.gitlab.io/details/
+- https://dheatattack.gitlab.io/faq/
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-42056.md

@@ -0,0 +1,17 @@
+### [CVE-2024-42056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42056)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-42085.md

@@ -0,0 +1,17 @@
+### [CVE-2024-42085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42085)
+![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=2fa487a94667%3C%207026576e8909%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In the Linux kernel, the following vulnerability has been resolved:usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlockWhen config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger systemto enter suspend status with below command:echo mem > /sys/power/stateThere will be a deadlock issue occurring. Detailed invoking path asbelow:dwc3_suspend_common()    spin_lock_irqsave(&dwc->lock, flags);              <-- 1st    dwc3_gadget_suspend(dwc);        dwc3_gadget_soft_disconnect(dwc);            spin_lock_irqsave(&dwc->lock, flags);      <-- 2ndThis issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: FixNULL pointer dereference in dwc3_gadget_suspend") that removes the codeof checking whether dwc->gadget_driver is NULL or not. It causes thefollowing code is executed and deadlock occurs when trying to get thespinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3:Remove DWC3 locking during gadget suspend/resume") that forgot to removethe lock of otg mode. So, remove the redundant lock of otg mode duringgadget suspend/resume.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-42090.md

@@ -0,0 +1,17 @@
+### [CVE-2024-42090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090)
+![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=42fed7ba44e4%3C%20e65a0dc2e85e%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In the Linux kernel, the following vulnerability has been resolved:pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFERIn create_pinctrl(), pinctrl_maps_mutex is acquired before callingadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()calls pinctrl_free(). However, pinctrl_free() attempts to acquirepinctrl_maps_mutex, which is already held by create_pinctrl(), leading toa potential deadlock.This patch resolves the issue by releasing pinctrl_maps_mutex beforecalling pinctrl_free(), preventing the deadlock.This bug was discovered and resolved using Coverity Static AnalysisSecurity Testing (SAST) by Synopsys, Inc.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-42093.md

@@ -0,0 +1,17 @@
+### [CVE-2024-42093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42093)
+![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20b2262b3be27c%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In the Linux kernel, the following vulnerability has been resolved:net/dpaa2: Avoid explicit cpumask var allocation on stackFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumaskvariable on stack is not recommended since it can cause potential stackoverflow.Instead, kernel code should always use *cpumask_var API(s) to allocatecpumask var in config-neutral way, leaving allocation strategy toCONFIG_CPUMASK_OFFSTACK.Use *cpumask_var API(s) to address it.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+