diff --git a/2016/CVE-2016-8869.md b/2016/CVE-2016-8869.md index 3be6e79e43..110e850ae3 100644 --- a/2016/CVE-2016-8869.md +++ b/2016/CVE-2016-8869.md @@ -10,6 +10,7 @@ The register method in the UsersModelRegistration class in controllers/user.php ### POC #### Reference +- https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r - https://www.exploit-db.com/exploits/40637/ #### Github diff --git a/2016/CVE-2016-8870.md b/2016/CVE-2016-8870.md index 6cfb4a3113..a0cb22abcb 100644 --- a/2016/CVE-2016-8870.md +++ b/2016/CVE-2016-8870.md @@ -10,6 +10,7 @@ The register method in the UsersModelRegistration class in controllers/user.php ### POC #### Reference +- https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r - https://www.exploit-db.com/exploits/40637/ #### Github diff --git a/2017/CVE-2017-14937.md b/2017/CVE-2017-14937.md new file mode 100644 index 0000000000..869caa757f --- /dev/null +++ b/2017/CVE-2017-14937.md @@ -0,0 +1,17 @@ +### [CVE-2017-14937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment. + +### POC + +#### Reference +- https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-18738.md b/2017/CVE-2017-18738.md new file mode 100644 index 0000000000..33f8aa7af3 --- /dev/null +++ b/2017/CVE-2017-18738.md @@ -0,0 +1,17 @@ +### [CVE-2017-18738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18738) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. + +### POC + +#### Reference +- https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 22bd9f9bf9..d5653ba897 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -632,6 +632,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Serylda/Temporary-11503UltimateGoal - https://github.com/ShinigamiHiruzen/SteamOs - https://github.com/ShivenV/FTC-FREIGHT-FRENZY-2021-22 +- https://github.com/Shreyas765/9686-FreightFrenzy - https://github.com/ShrishChou/BioBotsFreightFrenzy - https://github.com/SilasBehnke/UltimateGoal - https://github.com/SilkPDX/New7100Controller diff --git a/2019/CVE-2019-11707.md b/2019/CVE-2019-11707.md index c41da6f30d..d984062e0c 100644 --- a/2019/CVE-2019-11707.md +++ b/2019/CVE-2019-11707.md @@ -25,6 +25,7 @@ A type confusion vulnerability can occur when manipulating JavaScript objects du - https://github.com/googleprojectzero/fuzzilli - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/m1ghtym0/browser-pwn +- https://github.com/securesystemslab/PKRU-Safe - https://github.com/tunnelshade/cve-2019-11707 - https://github.com/vigneshsrao/CVE-2019-11707 diff --git a/2019/CVE-2019-20746.md b/2019/CVE-2019-20746.md new file mode 100644 index 0000000000..2aacbb0e50 --- /dev/null +++ b/2019/CVE-2019-20746.md @@ -0,0 +1,17 @@ +### [CVE-2019-20746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20746) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. + +### POC + +#### Reference +- https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-10262.md b/2020/CVE-2020-10262.md index c0fad49fe3..2a5c889c85 100644 --- a/2020/CVE-2020-10262.md +++ b/2020/CVE-2020-10262.md @@ -11,6 +11,7 @@ An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can #### Reference - https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-10262.md +- https://www.youtube.com/watch?v=Cr5DupGxmL4 #### Github - https://github.com/Jian-Xian/CVE-POC diff --git a/2020/CVE-2020-10263.md b/2020/CVE-2020-10263.md index aab84b4b4b..9eb39805e3 100644 --- a/2020/CVE-2020-10263.md +++ b/2020/CVE-2020-10263.md @@ -11,6 +11,7 @@ An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can #### Reference - https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-10263.md +- https://www.youtube.com/watch?v=Cr5DupGxmL4 #### Github - https://github.com/Jian-Xian/CVE-POC diff --git a/2020/CVE-2020-11959.md b/2020/CVE-2020-11959.md new file mode 100644 index 0000000000..d6ce2cbfd6 --- /dev/null +++ b/2020/CVE-2020-11959.md @@ -0,0 +1,17 @@ +### [CVE-2020-11959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11959) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50. + +### POC + +#### Reference +- https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=14 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-26924.md b/2020/CVE-2020-26924.md new file mode 100644 index 0000000000..7ad1ffcac1 --- /dev/null +++ b/2020/CVE-2020-26924.md @@ -0,0 +1,17 @@ +### [CVE-2020-26924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26924) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. + +### POC + +#### Reference +- https://kb.netgear.com/000062328/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2020-0141 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-6859.md b/2020/CVE-2020-6859.md new file mode 100644 index 0000000000..41c783cbd9 --- /dev/null +++ b/2020/CVE-2020-6859.md @@ -0,0 +1,17 @@ +### [CVE-2020-6859](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6859) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image. + +### POC + +#### Reference +- https://wpvulndb.com/vulnerabilities/10041 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2021/CVE-2021-1732.md b/2021/CVE-2021-1732.md index 91c7379b59..0e3a60234a 100644 --- a/2021/CVE-2021-1732.md +++ b/2021/CVE-2021-1732.md @@ -24,6 +24,7 @@ Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from C #### Reference - http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html +- http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2021/CVE-2021-23337.md b/2021/CVE-2021-23337.md index 85ba9a5208..73c3e3e7fc 100644 --- a/2021/CVE-2021-23337.md +++ b/2021/CVE-2021-23337.md @@ -21,6 +21,7 @@ Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the tem - https://github.com/Refinitiv-API-Samples/Example.EWA.TypeScript.WebApplication - https://github.com/andisfar/LaunchQtCreator - https://github.com/anthonykirby/lora-packet +- https://github.com/cduplantis/blank - https://github.com/marcosrg9/YouTubeTV - https://github.com/p-rog/cve-analyser - https://github.com/samoylenko/sample-vulnerable-app-nodejs-express diff --git a/2021/CVE-2021-24946.md b/2021/CVE-2021-24946.md index f5a7e6e807..cbdedafb3d 100644 --- a/2021/CVE-2021-24946.md +++ b/2021/CVE-2021-24946.md @@ -13,5 +13,6 @@ The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise - http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.html #### Github +- https://github.com/ARPSyndicate/cvemon - https://github.com/Hacker5preme/Exploits diff --git a/2021/CVE-2021-30955.md b/2021/CVE-2021-30955.md index 61a10a9552..390a61ef26 100644 --- a/2021/CVE-2021-30955.md +++ b/2021/CVE-2021-30955.md @@ -17,5 +17,6 @@ A race condition was addressed with improved state handling. This issue is fixed No PoCs from references. #### Github +- https://github.com/ARPSyndicate/cvemon - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2021/CVE-2021-44228.md b/2021/CVE-2021-44228.md index 485c53c853..0f8fe97d3c 100644 --- a/2021/CVE-2021-44228.md +++ b/2021/CVE-2021-44228.md @@ -29,6 +29,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 #### Github - https://github.com/0xsyr0/OSCP +- https://github.com/1in9e/Apache-Log4j2-RCE - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/AndriyKalashnykov/spring-on-k8s @@ -61,13 +62,16 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/J0B10/Voteban - https://github.com/Jean-Francois-C/Windows-Penetration-Testing - https://github.com/KONNEKTIO/konnekt-docs +- https://github.com/KosmX/CVE-2021-44228-example - https://github.com/Log4s/log4s - https://github.com/LoliKingdom/NukeJndiLookupFromLog4j +- https://github.com/MarkusBordihn/BOs-Critical-Version-Forcer - https://github.com/MedKH1684/Log4j-Vulnerability-Exploitation - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/NUMde/compass-num-conformance-checker - https://github.com/Neo23x0/log4shell-detector - https://github.com/NiftyBank/java-app +- https://github.com/NorthwaveSecurity/log4jcheck - https://github.com/OsiriX-Foundation/karnak - https://github.com/OtherDevOpsGene/kubernetes-security-tools - https://github.com/PAXSTORE/paxstore-openapi-java-sdk @@ -120,6 +124,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/git-bom/bomsh - https://github.com/goofball222/unifi - https://github.com/gredler/aegis4j +- https://github.com/greymd/CVE-2021-44228 - https://github.com/guerzon/guerzon - https://github.com/hex0wn/learn-java-bug - https://github.com/hotpotcookie/lol4j-white-box @@ -141,6 +146,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/kward/log4sh - https://github.com/kyoshiaki/docker-compose-wordpress - https://github.com/leonjza/log4jpwn +- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 - https://github.com/linuxserver/davos - https://github.com/linuxserver/docker-fleet - https://github.com/linuxserver/docker-unifi-controller @@ -161,10 +167,12 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/mguessan/davmail - https://github.com/microsoft/ApplicationInsights-Java - https://github.com/mklinkj/log4j2-test +- https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes - https://github.com/nedenwalker/spring-boot-app-using-gradle - https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln - https://github.com/netarchivesuite/solrwayback - https://github.com/newrelic/java-log-extensions +- https://github.com/nkoneko/VictimApp - https://github.com/nlmaca/Wowza_Installers - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nroduit/Weasis diff --git a/2021/CVE-2021-44832.md b/2021/CVE-2021-44832.md index 3cd540900f..770e469175 100644 --- a/2021/CVE-2021-44832.md +++ b/2021/CVE-2021-44832.md @@ -20,6 +20,7 @@ Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases - https://github.com/Qualys/log4jscanwin - https://github.com/aws/aws-msk-iam-auth - https://github.com/domwood/kiwi-kafka +- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 - https://github.com/logpresso/CVE-2021-44228-Scanner - https://github.com/marklogic/marklogic-contentpump - https://github.com/mergebase/csv-compare diff --git a/2021/CVE-2021-45046.md b/2021/CVE-2021-45046.md index 54dcf83863..1d390e3c9f 100644 --- a/2021/CVE-2021-45046.md +++ b/2021/CVE-2021-45046.md @@ -41,6 +41,7 @@ It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was i - https://github.com/jacobalberty/unifi-docker - https://github.com/justb4/docker-jmeter - https://github.com/kdpuvvadi/Omada-Ansible +- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 - https://github.com/logpresso/CVE-2021-44228-Scanner - https://github.com/mergebase/csv-compare - https://github.com/nlmaca/Wowza_Installers diff --git a/2021/CVE-2021-45105.md b/2021/CVE-2021-45105.md index 57e7469c65..db4b21f86c 100644 --- a/2021/CVE-2021-45105.md +++ b/2021/CVE-2021-45105.md @@ -26,6 +26,7 @@ Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) di - https://github.com/davejwilson/azure-spark-pools-log4j - https://github.com/imTigger/webapp-hardware-bridge - https://github.com/jacobalberty/unifi-docker +- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 - https://github.com/logpresso/CVE-2021-44228-Scanner - https://github.com/mergebase/csv-compare - https://github.com/mosaic-hgw/jMeter diff --git a/2022/CVE-2022-0768.md b/2022/CVE-2022-0768.md index 70d3c3da77..df0d511b35 100644 --- a/2022/CVE-2022-0768.md +++ b/2022/CVE-2022-0768.md @@ -10,7 +10,7 @@ Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to ### POC #### Reference -No PoCs from references. +- https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903 #### Github - https://github.com/416e6e61/My-CVEs diff --git a/2022/CVE-2022-21882.md b/2022/CVE-2022-21882.md index 7458bbb9d8..06122e44fd 100644 --- a/2022/CVE-2022-21882.md +++ b/2022/CVE-2022-21882.md @@ -28,7 +28,7 @@ Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022 ### POC #### Reference -No PoCs from references. +- http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-24124.md b/2022/CVE-2022-24124.md index b57104f7de..9f4314eca9 100644 --- a/2022/CVE-2022-24124.md +++ b/2022/CVE-2022-24124.md @@ -10,7 +10,7 @@ The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related ### POC #### Reference -No PoCs from references. +- http://packetstormsecurity.com/files/166163/Casdoor-1.13.0-SQL-Injection.html #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-26155.md b/2022/CVE-2022-26155.md new file mode 100644 index 0000000000..fe561e1427 --- /dev/null +++ b/2022/CVE-2022-26155.md @@ -0,0 +1,19 @@ +### [CVE-2022-26155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26155) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cvemon +- https://github.com/l00neyhacker/CVE-2022-26155 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2022/CVE-2022-26156.md b/2022/CVE-2022-26156.md new file mode 100644 index 0000000000..15988f4aa3 --- /dev/null +++ b/2022/CVE-2022-26156.md @@ -0,0 +1,19 @@ +### [CVE-2022-26156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26156) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cvemon +- https://github.com/l00neyhacker/CVE-2022-26156 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2022/CVE-2022-26157.md b/2022/CVE-2022-26157.md new file mode 100644 index 0000000000..a486ca039b --- /dev/null +++ b/2022/CVE-2022-26157.md @@ -0,0 +1,19 @@ +### [CVE-2022-26157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26157) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cvemon +- https://github.com/l00neyhacker/CVE-2022-26157 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2022/CVE-2022-26158.md b/2022/CVE-2022-26158.md new file mode 100644 index 0000000000..01306a6736 --- /dev/null +++ b/2022/CVE-2022-26158.md @@ -0,0 +1,19 @@ +### [CVE-2022-26158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26158) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ARPSyndicate/cvemon +- https://github.com/l00neyhacker/CVE-2022-26158 +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2022/CVE-2022-26159.md b/2022/CVE-2022-26159.md index 6b1b625465..ad3421a8d8 100644 --- a/2022/CVE-2022-26159.md +++ b/2022/CVE-2022-26159.md @@ -10,9 +10,10 @@ The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenti ### POC #### Reference -No PoCs from references. +- https://podalirius.net/en/cves/2022-26159/ #### Github +- https://github.com/ARPSyndicate/cvemon - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML diff --git a/github.txt b/github.txt index a555c347db..2490851f2f 100644 --- a/github.txt +++ b/github.txt @@ -17163,7 +17163,6 @@ CVE-2018-1002206 - https://github.com/snyk/zip-slip-vulnerability CVE-2018-1002208 - https://github.com/snyk/zip-slip-vulnerability CVE-2018-1002209 - https://github.com/snyk/zip-slip-vulnerability CVE-2018-10023 - https://github.com/p1ay8y3ar/cve_monitor -CVE-2018-1003000 - https://github.com/veo/vscan CVE-2018-10068 - https://github.com/MrR3boot/CVE-Hunting CVE-2018-10071 - https://github.com/bigric3/windrvr1260_poc3 CVE-2018-10072 - https://github.com/bigric3/windrvr1260_poc4 @@ -18852,7 +18851,6 @@ CVE-2018-16335 - https://github.com/Marsman1996/pocs CVE-2018-16336 - https://github.com/Marsman1996/pocs CVE-2018-16341 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-16341 - https://github.com/Elsfa7-110/kenzer-templates -CVE-2018-16341 - https://github.com/sobinge/nuclei-templates CVE-2018-16356 - https://github.com/SexyBeast233/SecBooks CVE-2018-16357 - https://github.com/SexyBeast233/SecBooks CVE-2018-16370 - https://github.com/0xT11/CVE-POC @@ -24504,6 +24502,7 @@ CVE-2019-11358 - https://github.com/Serylda/503RoadJopper CVE-2019-11358 - https://github.com/Serylda/Temporary-11503UltimateGoal CVE-2019-11358 - https://github.com/ShinigamiHiruzen/SteamOs CVE-2019-11358 - https://github.com/ShivenV/FTC-FREIGHT-FRENZY-2021-22 +CVE-2019-11358 - https://github.com/Shreyas765/9686-FreightFrenzy CVE-2019-11358 - https://github.com/ShrishChou/BioBotsFreightFrenzy CVE-2019-11358 - https://github.com/SilasBehnke/UltimateGoal CVE-2019-11358 - https://github.com/SilkPDX/New7100Controller @@ -25300,6 +25299,7 @@ CVE-2019-11707 - https://github.com/developer3000S/PoC-in-GitHub CVE-2019-11707 - https://github.com/googleprojectzero/fuzzilli CVE-2019-11707 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-11707 - https://github.com/m1ghtym0/browser-pwn +CVE-2019-11707 - https://github.com/securesystemslab/PKRU-Safe CVE-2019-11707 - https://github.com/tunnelshade/cve-2019-11707 CVE-2019-11707 - https://github.com/vigneshsrao/CVE-2019-11707 CVE-2019-11708 - https://github.com/0vercl0k/0vercl0k @@ -40666,6 +40666,7 @@ CVE-2021-2333 - https://github.com/radtek/cve_checklist CVE-2021-23337 - https://github.com/Refinitiv-API-Samples/Example.EWA.TypeScript.WebApplication CVE-2021-23337 - https://github.com/andisfar/LaunchQtCreator CVE-2021-23337 - https://github.com/anthonykirby/lora-packet +CVE-2021-23337 - https://github.com/cduplantis/blank CVE-2021-23337 - https://github.com/marcosrg9/YouTubeTV CVE-2021-23337 - https://github.com/p-rog/cve-analyser CVE-2021-23337 - https://github.com/samoylenko/sample-vulnerable-app-nodejs-express @@ -40975,6 +40976,7 @@ CVE-2021-24926 - https://github.com/ARPSyndicate/cvemon CVE-2021-24926 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-24931 - https://github.com/ARPSyndicate/cvemon CVE-2021-24931 - https://github.com/Hacker5preme/Exploits +CVE-2021-24946 - https://github.com/ARPSyndicate/cvemon CVE-2021-24946 - https://github.com/Hacker5preme/Exploits CVE-2021-24947 - https://github.com/ARPSyndicate/cvemon CVE-2021-24947 - https://github.com/ARPSyndicate/kenzer-templates @@ -42379,6 +42381,7 @@ CVE-2021-30907 - https://github.com/joydo/CVE-Writeups CVE-2021-30909 - https://github.com/joydo/CVE-Writeups CVE-2021-30916 - https://github.com/joydo/CVE-Writeups CVE-2021-30924 - https://github.com/darling-x0r/0day_dos_apple +CVE-2021-30955 - https://github.com/ARPSyndicate/cvemon CVE-2021-30955 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-30970 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2021-30970 - https://github.com/joydo/CVE-Writeups @@ -42645,7 +42648,6 @@ CVE-2021-3156 - https://github.com/xtaran/sshudo CVE-2021-3156 - https://github.com/yaunsky/cve-2021-3156 CVE-2021-3156 - https://github.com/ymrsmns/CVE-2021-3156 CVE-2021-3157 - https://github.com/ARPSyndicate/cvemon -CVE-2021-3157 - https://github.com/CrackerCat/cve-2021-3157 CVE-2021-3157 - https://github.com/developer3000S/PoC-in-GitHub CVE-2021-3157 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-31581 - https://github.com/ARPSyndicate/cvemon @@ -42804,7 +42806,6 @@ CVE-2021-32305 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-3239 - https://github.com/yshneyderman/CS590J-Capstone CVE-2021-32424 - https://github.com/Galapag0s/Trendnet_TW100-S4W1CA CVE-2021-32426 - https://github.com/Galapag0s/Trendnet_TW100-S4W1CA -CVE-2021-32452 - https://github.com/Somerset-Recon/furbo-research CVE-2021-32471 - https://github.com/ARPSyndicate/cvemon CVE-2021-32471 - https://github.com/Spacial/awesome-csirt CVE-2021-32471 - https://github.com/intrinsic-propensity/intrinsic-propensity.github.io @@ -43713,7 +43714,6 @@ CVE-2021-37343 - https://github.com/ARPSyndicate/cvemon CVE-2021-3737 - https://github.com/GitHubForSnap/matrix-commander-gael CVE-2021-3740 - https://github.com/ajmalabubakkr/CVE CVE-2021-3741 - https://github.com/ajmalabubakkr/CVE -CVE-2021-37413 - https://github.com/martinkubecka/CVE-References CVE-2021-37414 - https://github.com/p1ay8y3ar/cve_monitor CVE-2021-37419 - https://github.com/STMCyber/CVEs CVE-2021-3742 - https://github.com/ajmalabubakkr/CVE @@ -45095,6 +45095,7 @@ CVE-2021-44217 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-44217 - https://github.com/p1ay8y3ar/cve_monitor CVE-2021-44223 - https://github.com/vavkamil/wp-update-confusion CVE-2021-44228 - https://github.com/0xsyr0/OSCP +CVE-2021-44228 - https://github.com/1in9e/Apache-Log4j2-RCE CVE-2021-44228 - https://github.com/ARPSyndicate/cvemon CVE-2021-44228 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-44228 - https://github.com/AndriyKalashnykov/spring-on-k8s @@ -45127,13 +45128,16 @@ CVE-2021-44228 - https://github.com/J0B10/Minzomat CVE-2021-44228 - https://github.com/J0B10/Voteban CVE-2021-44228 - https://github.com/Jean-Francois-C/Windows-Penetration-Testing CVE-2021-44228 - https://github.com/KONNEKTIO/konnekt-docs +CVE-2021-44228 - https://github.com/KosmX/CVE-2021-44228-example CVE-2021-44228 - https://github.com/Log4s/log4s CVE-2021-44228 - https://github.com/LoliKingdom/NukeJndiLookupFromLog4j +CVE-2021-44228 - https://github.com/MarkusBordihn/BOs-Critical-Version-Forcer CVE-2021-44228 - https://github.com/MedKH1684/Log4j-Vulnerability-Exploitation CVE-2021-44228 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2021-44228 - https://github.com/NUMde/compass-num-conformance-checker CVE-2021-44228 - https://github.com/Neo23x0/log4shell-detector CVE-2021-44228 - https://github.com/NiftyBank/java-app +CVE-2021-44228 - https://github.com/NorthwaveSecurity/log4jcheck CVE-2021-44228 - https://github.com/OsiriX-Foundation/karnak CVE-2021-44228 - https://github.com/OtherDevOpsGene/kubernetes-security-tools CVE-2021-44228 - https://github.com/PAXSTORE/paxstore-openapi-java-sdk @@ -45186,6 +45190,7 @@ CVE-2021-44228 - https://github.com/getsentry/sentry-java CVE-2021-44228 - https://github.com/git-bom/bomsh CVE-2021-44228 - https://github.com/goofball222/unifi CVE-2021-44228 - https://github.com/gredler/aegis4j +CVE-2021-44228 - https://github.com/greymd/CVE-2021-44228 CVE-2021-44228 - https://github.com/guerzon/guerzon CVE-2021-44228 - https://github.com/hex0wn/learn-java-bug CVE-2021-44228 - https://github.com/hotpotcookie/lol4j-white-box @@ -45207,6 +45212,7 @@ CVE-2021-44228 - https://github.com/kvbutler/solr8-rehl8.5-fips-sip CVE-2021-44228 - https://github.com/kward/log4sh CVE-2021-44228 - https://github.com/kyoshiaki/docker-compose-wordpress CVE-2021-44228 - https://github.com/leonjza/log4jpwn +CVE-2021-44228 - https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 CVE-2021-44228 - https://github.com/linuxserver/davos CVE-2021-44228 - https://github.com/linuxserver/docker-fleet CVE-2021-44228 - https://github.com/linuxserver/docker-unifi-controller @@ -45227,10 +45233,12 @@ CVE-2021-44228 - https://github.com/mgreau/log4shell-cpatch CVE-2021-44228 - https://github.com/mguessan/davmail CVE-2021-44228 - https://github.com/microsoft/ApplicationInsights-Java CVE-2021-44228 - https://github.com/mklinkj/log4j2-test +CVE-2021-44228 - https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes CVE-2021-44228 - https://github.com/nedenwalker/spring-boot-app-using-gradle CVE-2021-44228 - https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln CVE-2021-44228 - https://github.com/netarchivesuite/solrwayback CVE-2021-44228 - https://github.com/newrelic/java-log-extensions +CVE-2021-44228 - https://github.com/nkoneko/VictimApp CVE-2021-44228 - https://github.com/nlmaca/Wowza_Installers CVE-2021-44228 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-44228 - https://github.com/nroduit/Weasis @@ -45324,6 +45332,7 @@ CVE-2021-44832 - https://github.com/NiftyBank/java-app CVE-2021-44832 - https://github.com/Qualys/log4jscanwin CVE-2021-44832 - https://github.com/aws/aws-msk-iam-auth CVE-2021-44832 - https://github.com/domwood/kiwi-kafka +CVE-2021-44832 - https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 CVE-2021-44832 - https://github.com/logpresso/CVE-2021-44228-Scanner CVE-2021-44832 - https://github.com/marklogic/marklogic-contentpump CVE-2021-44832 - https://github.com/mergebase/csv-compare @@ -45385,6 +45394,7 @@ CVE-2021-45046 - https://github.com/integralads/dependency-deep-scan-utilities CVE-2021-45046 - https://github.com/jacobalberty/unifi-docker CVE-2021-45046 - https://github.com/justb4/docker-jmeter CVE-2021-45046 - https://github.com/kdpuvvadi/Omada-Ansible +CVE-2021-45046 - https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 CVE-2021-45046 - https://github.com/logpresso/CVE-2021-44228-Scanner CVE-2021-45046 - https://github.com/mergebase/csv-compare CVE-2021-45046 - https://github.com/nlmaca/Wowza_Installers @@ -45418,6 +45428,7 @@ CVE-2021-45105 - https://github.com/binkley/modern-java-practices CVE-2021-45105 - https://github.com/davejwilson/azure-spark-pools-log4j CVE-2021-45105 - https://github.com/imTigger/webapp-hardware-bridge CVE-2021-45105 - https://github.com/jacobalberty/unifi-docker +CVE-2021-45105 - https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228 CVE-2021-45105 - https://github.com/logpresso/CVE-2021-44228-Scanner CVE-2021-45105 - https://github.com/mergebase/csv-compare CVE-2021-45105 - https://github.com/mosaic-hgw/jMeter @@ -45635,6 +45646,7 @@ CVE-2022-0653 - https://github.com/ARPSyndicate/cvemon CVE-2022-0653 - https://github.com/ARPSyndicate/kenzer-templates CVE-2022-0676 - https://github.com/wtdcode/wtdcode CVE-2022-0695 - https://github.com/wtdcode/wtdcode +CVE-2022-0725 - https://github.com/ARPSyndicate/cvemon CVE-2022-0725 - https://github.com/ByteHackr/keepass_poc CVE-2022-0725 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-0750 - https://github.com/karimhabush/cyberowl @@ -46030,6 +46042,7 @@ CVE-2022-26157 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-26158 - https://github.com/ARPSyndicate/cvemon CVE-2022-26158 - https://github.com/l00neyhacker/CVE-2022-26158 CVE-2022-26158 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2022-26159 - https://github.com/ARPSyndicate/cvemon CVE-2022-26159 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-26159 - https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML CVE-2022-6099 - https://github.com/rastidoust/rastidoust.github.io diff --git a/references.txt b/references.txt index 724d0dfdfe..25d2294527 100644 --- a/references.txt +++ b/references.txt @@ -24664,7 +24664,9 @@ CVE-2016-8812 - https://www.exploit-db.com/exploits/40660/ CVE-2016-8855 - https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html CVE-2016-8855 - https://www.exploit-db.com/exploits/41618/ CVE-2016-8863 - https://www.tenable.com/security/research/tra-2017-10 +CVE-2016-8869 - https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r CVE-2016-8869 - https://www.exploit-db.com/exploits/40637/ +CVE-2016-8870 - https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r CVE-2016-8870 - https://www.exploit-db.com/exploits/40637/ CVE-2016-8887 - http://www.openwall.com/lists/oss-security/2016/10/23/6 CVE-2016-8897 - http://www.openwall.com/lists/oss-security/2016/09/30/5 @@ -26524,6 +26526,7 @@ CVE-2017-14931 - https://github.com/skysider/openexif_vulnerabilities CVE-2017-14932 - https://sourceware.org/bugzilla/show_bug.cgi?id=22204 CVE-2017-14933 - https://sourceware.org/bugzilla/show_bug.cgi?id=22210 CVE-2017-14934 - https://sourceware.org/bugzilla/show_bug.cgi?id=22219 +CVE-2017-14937 - https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts CVE-2017-14938 - http://www.securityfocus.com/bid/101212 CVE-2017-14938 - https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/ CVE-2017-14939 - https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c/ @@ -27764,6 +27767,7 @@ CVE-2017-18635 - https://github.com/ShielderSec/cve-2017-18635 CVE-2017-18635 - https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/ CVE-2017-18638 - https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html#second-bug-internal-graphite-ssrf CVE-2017-18639 - https://www.exploit-db.com/exploits/42792 +CVE-2017-18738 - https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706 CVE-2017-18924 - https://codeburst.io/missing-the-point-in-securing-oauth-2-0-83968708b467 CVE-2017-18926 - https://www.openwall.com/lists/oss-security/2017/06/07/1 CVE-2017-2096 - http://jvn.jp/en/jp/JVN50197114/index.html @@ -37948,6 +37952,7 @@ CVE-2019-20636 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 CVE-2019-20675 - https://kb.netgear.com/000061464/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0544 CVE-2019-20689 - https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132 CVE-2019-20718 - https://kb.netgear.com/000061210/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0195 +CVE-2019-20746 - https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252 CVE-2019-20760 - https://kb.netgear.com/000060639/Security-Advisory-for-Authentication-Bypass-on-R9000-PSV-2018-0615 CVE-2019-20798 - https://github.com/cherokee/webserver/issues/1227 CVE-2019-20798 - https://logicaltrust.net/blog/2019/11/cherokee.html @@ -39382,7 +39387,9 @@ CVE-2020-10251 - https://github.com/ImageMagick/ImageMagick/issues/1859 CVE-2020-10256 - https://support.1password.com/kb/202010/ CVE-2020-10257 - https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/ CVE-2020-10262 - https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-10262.md +CVE-2020-10262 - https://www.youtube.com/watch?v=Cr5DupGxmL4 CVE-2020-10263 - https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-10263.md +CVE-2020-10263 - https://www.youtube.com/watch?v=Cr5DupGxmL4 CVE-2020-10283 - https://github.com/aliasrobotics/RVD/issues/3316 CVE-2020-10289 - https://github.com/ros/actionlib/pull/171 CVE-2020-10290 - https://github.com/aliasrobotics/RVD/issues/1495 @@ -40087,6 +40094,7 @@ CVE-2020-11953 - https://sec-consult.com/en/blog/advisories/multiple-critical-vu CVE-2020-11955 - https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/ CVE-2020-11956 - https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/ CVE-2020-11958 - https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a +CVE-2020-11959 - https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=14 CVE-2020-11971 - https://www.oracle.com/security-alerts/cpujan2021.html CVE-2020-11972 - https://www.oracle.com/security-alerts/cpujan2021.html CVE-2020-11973 - https://www.oracle.com/security-alerts/cpujan2021.html @@ -42392,6 +42400,7 @@ CVE-2020-26882 - https://www.playframework.com/security/vulnerability CVE-2020-26883 - https://www.playframework.com/security/vulnerability CVE-2020-26887 - http://packetstormsecurity.com/files/159606/FRITZ-Box-7.20-DNS-Rebinding-Protection-Bypass.html CVE-2020-26887 - https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses +CVE-2020-26924 - https://kb.netgear.com/000062328/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2020-0141 CVE-2020-26943 - https://launchpad.net/bugs/1895688 CVE-2020-26947 - https://github.com/monero-project/monero-gui/issues/3142#issuecomment-705940446 CVE-2020-26950 - https://bugzilla.mozilla.org/show_bug.cgi?id=1675905 @@ -43690,6 +43699,7 @@ CVE-2020-6857 - http://seclists.org/fulldisclosure/2020/Jan/29 CVE-2020-6857 - http://seclists.org/fulldisclosure/2020/Jan/35 CVE-2020-6857 - https://seclists.org/bugtraq/2020/Jan/30 CVE-2020-6858 - https://github.com/HotelsDotCom/styx/security/advisories/GHSA-6v7p-v754-j89v +CVE-2020-6859 - https://wpvulndb.com/vulnerabilities/10041 CVE-2020-6860 - https://github.com/hoene/libmysofa/issues/96 CVE-2020-6861 - https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html CVE-2020-6862 - http://packetstormsecurity.com/files/159135/ZTE-F602W-CAPTCHA-Bypass.html @@ -44372,6 +44382,7 @@ CVE-2021-1645 - http://seclists.org/fulldisclosure/2021/Mar/33 CVE-2021-1675 - http://packetstormsecurity.com/files/163349/Microsoft-PrintNightmare-Proof-Of-Concept.html CVE-2021-1675 - http://packetstormsecurity.com/files/163351/PrintNightmare-Windows-Spooler-Service-Remote-Code-Execution.html CVE-2021-1732 - http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html +CVE-2021-1732 - http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html CVE-2021-1810 - http://packetstormsecurity.com/files/164375/Gatekeeper-Bypass-Proof-Of-Concept.html CVE-2021-1886 - https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin CVE-2021-1887 - https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin @@ -47951,6 +47962,7 @@ CVE-2022-0746 - https://huntr.dev/bounties/b812ea22-0c02-46fe-b89f-04519dfb1ebd CVE-2022-0762 - https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48 CVE-2022-0763 - https://huntr.dev/bounties/6de9c621-740d-4d7a-9d77-d90c6c87f3b6 CVE-2022-0764 - https://huntr.dev/bounties/001d1c29-805a-4035-93bb-71a0e81da3e5 +CVE-2022-0768 - https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903 CVE-2022-20659 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-P8fBz2FW CVE-2022-20660 - http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html CVE-2022-20660 - http://seclists.org/fulldisclosure/2022/Jan/34 @@ -47981,6 +47993,7 @@ CVE-2022-21681 - https://github.com/markedjs/marked/security/advisories/GHSA-5v2 CVE-2022-21689 - https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc CVE-2022-21711 - https://github.com/liyansong2018/elfspirit/issues/1 CVE-2022-21817 - https://nvidia.custhelp.com/app/answers/detail/a_id/5318 +CVE-2022-21882 - http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html CVE-2022-21907 - http://packetstormsecurity.com/files/165566/HTTP-Protocol-Stack-Denial-Of-Service-Remote-Code-Execution.html CVE-2022-21907 - https://github.com/nu11secur1ty/Windows10Exploits/tree/master/2022/CVE-2022-21907 CVE-2022-22107 - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22107 @@ -48047,6 +48060,7 @@ CVE-2022-23409 - http://packetstormsecurity.com/files/165706/Ethercreative-Logs- CVE-2022-23409 - https://sec-consult.com/vulnerability-lab/ CVE-2022-23967 - https://github.com/MaherAzzouzi/CVE-2022-23967 CVE-2022-23968 - https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers/ +CVE-2022-24124 - http://packetstormsecurity.com/files/166163/Casdoor-1.13.0-SQL-Injection.html CVE-2022-24129 - https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220127-01_Shibboleth_IdP_OIDC_OP_Plugin_SSRF CVE-2022-24196 - https://github.com/itext/itext7/pull/78 CVE-2022-24197 - https://github.com/itext/itext7/pull/78 @@ -48087,3 +48101,4 @@ CVE-2022-25402 - https://github.com/dota-st/Vulnerability/blob/master/HMS/HMS.md CVE-2022-25403 - https://github.com/dota-st/Vulnerability/blob/master/HMS/HMS.md CVE-2022-25417 - https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/3 CVE-2022-25418 - https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/2 +CVE-2022-26159 - https://podalirius.net/en/cves/2022-26159/