Update Sat Jan 4 04:04:16 UTC 2025

2010/CVE-2010-1157.md

@@ -12,6 +12,7 @@ Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote a
 #### Reference
 - http://www.vmware.com/security/advisories/VMSA-2011-0003.html
 - http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
+- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19492
 
 #### Github
 - https://github.com/RodeoWhopper/TSGK-PCAP-Analysis

2012/CVE-2012-3381.md

@@ -0,0 +1,17 @@
+### [CVE-2012-3381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3381)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809&atid=712784
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-4580.md

@@ -0,0 +1,17 @@
+### [CVE-2012-4580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4580)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10020
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-4581.md

@@ -0,0 +1,17 @@
+### [CVE-2012-4581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4581)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10020
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-4582.md

@@ -0,0 +1,17 @@
+### [CVE-2012-4582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4582)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10020
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-4583.md

@@ -0,0 +1,17 @@
+### [CVE-2012-4583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4583)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10020
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-4584.md

@@ -0,0 +1,17 @@
+### [CVE-2012-4584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4584)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10020
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-4585.md

@@ -0,0 +1,17 @@
+### [CVE-2012-4585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4585)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10020
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-4586.md

@@ -0,0 +1,17 @@
+### [CVE-2012-4586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4586)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10020
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-32890.md

@@ -10,7 +10,7 @@ In modem EMM, there is a possible system crash due to improper input validation.
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-10927.md

@@ -0,0 +1,18 @@
+### [CVE-2024-10927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10927)
+![](https://img.shields.io/static/v1?label=Product&message=MonoCMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240528%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross%20Site%20Scripting&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.283326
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-20039.md

@@ -10,7 +10,7 @@ In modem protocol, there is a possible out of bounds write due to a missing boun
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20040.md

@@ -10,7 +10,7 @@ In wlan firmware, there is a possible out of bounds write due to improper input
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20041.md

@@ -10,7 +10,7 @@ In da, there is a possible out of bounds read due to a missing bounds check. Thi
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20042.md

@@ -10,7 +10,7 @@ In da, there is a possible out of bounds write due to a missing bounds check. Th
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20043.md

@@ -10,7 +10,7 @@ In da, there is a possible out of bounds write due to a missing bounds check. Th
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20044.md

@@ -10,7 +10,7 @@ In da, there is a possible out of bounds write due to a missing bounds check. Th
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20045.md

@@ -10,7 +10,7 @@ In audio, there is a possible out of bounds read due to an incorrect calculation
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20046.md

@@ -10,7 +10,7 @@ In battery, there is a possible escalation of privilege due to an integer overfl
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20047.md

@@ -10,7 +10,7 @@ In battery, there is a possible out of bounds read due to an integer overflow. T
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20048.md

@@ -10,7 +10,7 @@ In flashc, there is a possible information disclosure due to an uncaught excepti
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20049.md

@@ -10,7 +10,7 @@ In flashc, there is a possible information disclosure due to an uncaught excepti
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20050.md

@@ -10,7 +10,7 @@ In flashc, there is a possible information disclosure due to an uncaught excepti
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20051.md

@@ -10,7 +10,7 @@ In flashc, there is a possible system crash due to an uncaught exception. This c
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20052.md

@@ -10,7 +10,7 @@ In flashc, there is a possible information disclosure due to an uncaught excepti
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20053.md

@@ -10,7 +10,7 @@ In flashc, there is a possible out of bounds write due to an uncaught exception.
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20054.md

@@ -10,7 +10,7 @@ In gnss, there is a possible escalation of privilege due to a missing bounds che
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-20055.md

@@ -10,7 +10,7 @@ In imgsys, there is a possible information disclosure due to a missing bounds ch
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://corp.mediatek.com/product-security-bulletin/April-2024
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-47745.md

@@ -10,6 +10,7 @@ In the Linux kernel, the following vulnerability has been resolved:mm: call the
 ### POC
 
 #### Reference
+- https://git.kernel.org/stable/c/0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1
 - https://git.kernel.org/stable/c/49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178
 - https://git.kernel.org/stable/c/ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3
 - https://git.kernel.org/stable/c/ea7e2d5e49c05e5db1922387b09ca74aa40f46e2