From 9796ddb6dbe89efea7468fdff9e187d306756fa8 Mon Sep 17 00:00:00 2001 From: trickest-workflows Date: Mon, 30 Dec 2024 04:13:45 +0000 Subject: [PATCH] Update Mon Dec 30 04:13:45 UTC 2024 --- 2017/CVE-2017-18790.md | 17 +++++++++++++++++ 2019/CVE-2019-19601.md | 17 +++++++++++++++++ 2020/CVE-2020-7465.md | 17 +++++++++++++++++ references.txt | 3 +++ 4 files changed, 54 insertions(+) create mode 100644 2017/CVE-2017-18790.md create mode 100644 2019/CVE-2019-19601.md create mode 100644 2020/CVE-2020-7465.md diff --git a/2017/CVE-2017-18790.md b/2017/CVE-2017-18790.md new file mode 100644 index 0000000000..10e15920df --- /dev/null +++ b/2017/CVE-2017-18790.md @@ -0,0 +1,17 @@ +### [CVE-2017-18790](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18790) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. + +### POC + +#### Reference +- https://kb.netgear.com/000049372/Security-Advisory-for-Sensitive-Information-Disclosure-Vulnerability-on-Some-Routers-PSV-2017-0317 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-19601.md b/2019/CVE-2019-19601.md new file mode 100644 index 0000000000..c155a4d2ca --- /dev/null +++ b/2019/CVE-2019-19601.md @@ -0,0 +1,17 @@ +### [CVE-2019-19601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19601) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf. + +### POC + +#### Reference +- https://github.com/pkubowicz/opendetex/issues/60 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-7465.md b/2020/CVE-2020-7465.md new file mode 100644 index 0000000000..2c4499e251 --- /dev/null +++ b/2020/CVE-2020-7465.md @@ -0,0 +1,17 @@ +### [CVE-2020-7465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7465) +![](https://img.shields.io/static/v1?label=Product&message=MPD%3A%20FreeBSD%20PPP%20daemon&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). + +### POC + +#### Reference +- https://sourceforge.net/p/mpd/svn/2377/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/references.txt b/references.txt index 5058a24c1a..df854bc07e 100644 --- a/references.txt +++ b/references.txt @@ -48218,6 +48218,7 @@ CVE-2017-18783 - https://kb.netgear.com/000049536/Security-Advisory-for-Cross-Si CVE-2017-18784 - https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951 CVE-2017-18785 - https://kb.netgear.com/000049534/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2950 CVE-2017-18788 - https://kb.netgear.com/000049527/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2947 +CVE-2017-18790 - https://kb.netgear.com/000049372/Security-Advisory-for-Sensitive-Information-Disclosure-Vulnerability-on-Some-Routers-PSV-2017-0317 CVE-2017-18793 - https://kb.netgear.com/000049369/Security-Advisory-for-Command-Injection-Vulnerability-on-R7800-PSV-2017-0618 CVE-2017-18798 - https://kb.netgear.com/000049358/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-Some-Routers-and-Some-DSL-Modem-Routers-PSV-2017-2159 CVE-2017-18800 - https://kb.netgear.com/000049356/Security-Advisory-for-Reflected-Cross-Site-Scripting-Vulnerability-on-R6700v2-and-R6800-PSV-2017-2162 @@ -64411,6 +64412,7 @@ CVE-2019-19594 - https://ia-informatica.com/it/CVE-2019-19594 CVE-2019-19595 - https://ia-informatica.com/it/CVE-2019-19595 CVE-2019-19597 - https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/ CVE-2019-19598 - https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/ +CVE-2019-19601 - https://github.com/pkubowicz/opendetex/issues/60 CVE-2019-19602 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 CVE-2019-19603 - https://www.oracle.com/security-alerts/cpuapr2020.html CVE-2019-19603 - https://www.sqlite.org/ @@ -75498,6 +75500,7 @@ CVE-2020-7377 - https://github.com/rapid7/metasploit-framework/issues/14015 CVE-2020-7384 - http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html CVE-2020-7384 - http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html CVE-2020-7457 - http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html +CVE-2020-7465 - https://sourceforge.net/p/mpd/svn/2377/ CVE-2020-7470 - https://sku11army.blogspot.com/2020/01/sonoff-sonoff-th-module-vuln-xss.html CVE-2020-7483 - https://www.se.com/ww/en/download/document/SESB-2020-105-01 CVE-2020-7484 - https://www.se.com/ww/en/download/document/SESB-2020-105-01