Update Thu Jan 9 04:20:03 UTC 2025

2001/CVE-2001-0533.md

@@ -0,0 +1,17 @@
+### [CVE-2001-0533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0533)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
+
+### POC
+
+#### Reference
+- http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt
+
+#### Github
+No PoCs found on GitHub currently.
+

2008/CVE-2008-5500.md

@@ -11,6 +11,7 @@ The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, T
 
 #### Reference
 - http://www.ubuntu.com/usn/usn-690-2
+- http://www.ubuntu.com/usn/usn-701-2
 
 #### Github
 No PoCs found on GitHub currently.

2008/CVE-2008-5503.md

@@ -11,6 +11,7 @@ The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunder
 
 #### Reference
 - http://www.ubuntu.com/usn/usn-690-2
+- http://www.ubuntu.com/usn/usn-701-2
 
 #### Github
 No PoCs found on GitHub currently.

2008/CVE-2008-5506.md

@@ -11,6 +11,7 @@ Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before
 
 #### Reference
 - http://www.ubuntu.com/usn/usn-690-2
+- http://www.ubuntu.com/usn/usn-701-2
 
 #### Github
 No PoCs found on GitHub currently.

2008/CVE-2008-5507.md

@@ -11,6 +11,7 @@ Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before
 
 #### Reference
 - http://www.ubuntu.com/usn/usn-690-2
+- http://www.ubuntu.com/usn/usn-701-2
 - https://bugzilla.mozilla.org/show_bug.cgi?id=461735
 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376
 

2008/CVE-2008-5508.md

@@ -11,6 +11,7 @@ Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before
 
 #### Reference
 - http://www.ubuntu.com/usn/usn-690-2
+- http://www.ubuntu.com/usn/usn-701-2
 
 #### Github
 No PoCs found on GitHub currently.

2008/CVE-2008-5511.md

@@ -11,6 +11,7 @@ Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before
 
 #### Reference
 - http://www.ubuntu.com/usn/usn-690-2
+- http://www.ubuntu.com/usn/usn-701-2
 
 #### Github
 No PoCs found on GitHub currently.

2008/CVE-2008-5512.md

@@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x
 
 #### Reference
 - http://www.ubuntu.com/usn/usn-690-2
+- http://www.ubuntu.com/usn/usn-701-2
 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9814
 
 #### Github

2011/CVE-2011-3048.md

@@ -0,0 +1,17 @@
+### [CVE-2011-3048](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
+
+### POC
+
+#### Reference
+- http://ubuntu.com/usn/usn-1417-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2012/CVE-2012-1571.md

@@ -0,0 +1,17 @@
+### [CVE-2012-1571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2123-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2013/CVE-2013-6497.md

@@ -0,0 +1,17 @@
+### [CVE-2013-6497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2423-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-1943.md

@@ -10,7 +10,7 @@ Fine Free file before 5.17 allows context-dependent attackers to cause a denial
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-2123-1
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2014-1943

2014/CVE-2014-9050.md

@@ -0,0 +1,17 @@
+### [CVE-2014-9050](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2423-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-14437.md

@@ -0,0 +1,17 @@
+### [CVE-2018-14437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14437)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
+
+### POC
+
+#### Reference
+- https://github.com/ImageMagick/ImageMagick/issues/1190
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-21185.md

@@ -0,0 +1,17 @@
+### [CVE-2018-21185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21185)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.34, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000055173/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2610
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-19908.md

@@ -10,7 +10,7 @@ phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://sourceforge.net/projects/phpmychat/
 
 #### Github
 - https://github.com/20142995/nuclei-templates

2020/CVE-2020-15708.md

@@ -0,0 +1,17 @@
+### [CVE-2020-15708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15708)
+![](https://img.shields.io/static/v1?label=Product&message=libvirt&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%206.0.0-0ubuntu8.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen)
+
+### Description
+
+Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
+
+### POC
+
+#### Reference
+- https://usn.ubuntu.com/usn/usn-4452-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-27531.md

@@ -0,0 +1,17 @@
+### [CVE-2023-27531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27531)
+![](https://img.shields.io/static/v1?label=Product&message=Kredis%20JSON&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.3.0.1%3C%201.3.0.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/HackrHub1/Hacker1-Report
+

2023/CVE-2023-27539.md

@@ -0,0 +1,17 @@
+### [CVE-2023-27539](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27539)
+![](https://img.shields.io/static/v1?label=Product&message=Rack&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=2.2.6.4%3C%202.2.6.4%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+There is a denial of service vulnerability in the header parsing component of Rack.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/HackrHub1/Hacker1-Report
+

2023/CVE-2023-28362.md

@@ -0,0 +1,17 @@
+### [CVE-2023-28362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362)
+![](https://img.shields.io/static/v1?label=Product&message=Action%20Pack&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=7.0.5.1%3C%207.0.5.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/elttam/publications
+

2024/CVE-2024-27980.md

@@ -0,0 +1,18 @@
+### [CVE-2024-27980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27980)
+![](https://img.shields.io/static/v1?label=Product&message=Node.js&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=21.7.0%3C%3D%2021.7.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/tanjiti/sec_profile
+- https://github.com/tianstcht/tianstcht
+

2024/CVE-2024-52869.md

@@ -0,0 +1,17 @@
+### [CVE-2024-52869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52869)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise.
+
+### POC
+
+#### Reference
+- https://chrismanson.com/CVE/cve-2024-52869.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-53995.md

@@ -0,0 +1,17 @@
+### [CVE-2024-53995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53995)
+![](https://img.shields.io/static/v1?label=Product&message=sickchill&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%202024.3.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)
+
+### Description
+
+SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.
+
+### POC
+
+#### Reference
+- https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill/
+
+#### Github
+No PoCs found on GitHub currently.
+