Update Thu Dec 19 22:27:51 UTC 2024

trickest · Dec 19, 2024 · e44a89c · e44a89c
1 parent a1e3032
commit e44a89c
Show file tree

Hide file tree

Showing 70 changed files with 845 additions and 3 deletions.
diff --git a/1999/CVE-1999-0095.md b/1999/CVE-1999-0095.md
@@ -21,4 +21,5 @@ The debug command in Sendmail is enabled, allowing attackers to execute commands
 - https://github.com/d01mittal/NLP-Project
 - https://github.com/joscanoga/Reto-python-CRM
 - https://github.com/muchdogesec/cve2stix
+- https://github.com/soumyajitjalua1/NLP_CVE_project
 
diff --git a/2003/CVE-2003-1425.md b/2003/CVE-2003-1425.md
@@ -0,0 +1,17 @@
+### [CVE-2003-1425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1425)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/krlabs/cpanel-vulnerabilities
+
diff --git a/2004/CVE-2004-1769.md b/2004/CVE-2004-1769.md
@@ -17,5 +17,6 @@ No PoCs from references.
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Redsplit/shiguresh
+- https://github.com/krlabs/cpanel-vulnerabilities
 - https://github.com/sinkaroid/shiguresh
 
diff --git a/2008/CVE-2008-1499.md b/2008/CVE-2008-1499.md
@@ -0,0 +1,17 @@
+### [CVE-2008-1499](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1499)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/krlabs/cpanel-vulnerabilities
+
diff --git a/2008/CVE-2008-2070.md b/2008/CVE-2008-2070.md
@@ -13,5 +13,5 @@ The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22
 - http://securityreason.com/securityalert/3866
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/krlabs/cpanel-vulnerabilities
 
diff --git a/2008/CVE-2008-2478.md b/2008/CVE-2008-2478.md
@@ -0,0 +1,17 @@
+### [CVE-2008-2478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2478)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+** DISPUTED **  scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box).  NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/krlabs/cpanel-vulnerabilities
+
diff --git a/2008/CVE-2008-7142.md b/2008/CVE-2008-7142.md
@@ -0,0 +1,17 @@
+### [CVE-2008-7142](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7142)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/krlabs/cpanel-vulnerabilities
+
diff --git a/2009/CVE-2009-2265.md b/2009/CVE-2009-2265.md
@@ -16,6 +16,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r
 #### Github
 - https://github.com/0xConstant/CVE-2009-2265
 - https://github.com/0xConstant/ExploitDevJourney
+- https://github.com/0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265
 - https://github.com/0xkasra/CVE-2009-2265
 - https://github.com/0xkasra/ExploitDevJourney
 - https://github.com/0xwh1pl4sh/CVE-2009-2265

diff --git a/2014/CVE-2014-9418.md b/2014/CVE-2014-9418.md
@@ -16,4 +16,5 @@ The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Deskt
 - https://github.com/0xt4nuk1/python-value-objects
 - https://github.com/javierparadadev/python-value-objects
 - https://github.com/jparadadev/python-value-objects
+- https://github.com/n1nj4t4nuk1/python-value-objects
 
diff --git a/2017/CVE-2017-1002000.md b/2017/CVE-2017-1002000.md
@@ -13,6 +13,7 @@ Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0,
 - https://www.exploit-db.com/exploits/41540/
 
 #### Github
+- https://github.com/4LPH4ONE/all-cves
 - https://github.com/CVEList/cvelist
 - https://github.com/CVEProject/cvelist
 - https://github.com/CVEProject/cvelist-dev

diff --git a/2017/CVE-2017-3000.md b/2017/CVE-2017-3000.md
@@ -13,6 +13,7 @@ Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the r
 No PoCs from references.
 
 #### Github
+- https://github.com/4LPH4ONE/all-cves
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CVEList/cvelist
 - https://github.com/CVEProject/cvelist

diff --git a/2017/CVE-2017-3999.md b/2017/CVE-2017-3999.md
@@ -13,6 +13,7 @@
 No PoCs from references.
 
 #### Github
+- https://github.com/4LPH4ONE/all-cves
 - https://github.com/CVEList/cvelist
 - https://github.com/CVEProject/cvelist
 - https://github.com/CVEProject/cvelist-dev

diff --git a/2017/CVE-2017-7494.md b/2017/CVE-2017-7494.md
@@ -189,6 +189,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r
 - https://github.com/jared1981/More-Pentest-Tools
 - https://github.com/jbmihoub/all-poc
 - https://github.com/jklinges14/Cyber-Security-Final-Project
+- https://github.com/joetanx/htb
 - https://github.com/john-80/cve-2017-7494
 - https://github.com/joxeankoret/CVE-2017-7494
 - https://github.com/justone0127/Red-Hat-Advanced-Cluster-Security-for-Kubernetes-Operator-Installation

diff --git a/2017/CVE-2017-9785.md b/2017/CVE-2017-9785.md
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/BitcoinChatGPT/DeserializeSignature-Vulnerability-Algorithm
+- https://github.com/BitcoinChatGPT/Joux-Lercier-Vulnerability-Algorithm
 
diff --git a/2018/CVE-2018-14847.md b/2018/CVE-2018-14847.md
@@ -58,6 +58,7 @@ MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read a
 - https://github.com/firmanandriansyah/WinboxExploitMikrotik
 - https://github.com/gladiopeace/awesome-stars
 - https://github.com/hacker30468/Mikrotik-router-hack
+- https://github.com/henriquesebastiao/mkx
 - https://github.com/hktalent/TOP
 - https://github.com/jas502n/CVE-2018-14847
 - https://github.com/jbmihoub/all-poc

diff --git a/2018/CVE-2018-3646.md b/2018/CVE-2018-3646.md
@@ -37,6 +37,7 @@ Systems with microprocessors utilizing speculative execution and address transla
 - https://github.com/merlinepedra25/spectre-meltdown-checker
 - https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance
 - https://github.com/omniosorg/lx-port-data
+- https://github.com/placebeyondtheclouds/gpu-home-server
 - https://github.com/rosenbergj/cpu-report
 - https://github.com/savchenko/windows10
 - https://github.com/speed47/spectre-meltdown-checker

diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md
@@ -248,6 +248,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/ATAARobotics/16596-robot-code-2023
 - https://github.com/ATAARobotics/16596robotcode2024
 - https://github.com/ATAARobotics/23468RobotCode2024
+- https://github.com/ATOM23806/ChampsRepo
 - https://github.com/ATejada1203/Roboknights-8569
 - https://github.com/ATurico26/201-Centerstage-2023-Aidan-code
 - https://github.com/ATurico26/202-CenterStage-Code
@@ -1938,6 +1939,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/MasterH6168/Power-Play
 - https://github.com/MasterH6168/freight-frenzy-2021-2022-
 - https://github.com/Matei-V/FTC24
+- https://github.com/Matei-V/Mironobot2025
 - https://github.com/Maths-and-Physics-Are-Fun/17556---VegeMight-In-The-Deep
 - https://github.com/Mau-MD/Voltrons2022
 - https://github.com/Mau38/SparePartsFTC
@@ -2303,6 +2305,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/PearceRobotics/Inspire-2020
 - https://github.com/PearceRobotics/Involve-2020
 - https://github.com/Pedro-Pathing-Projects/Beginner-Quickstart
+- https://github.com/Pedro-Pathing/Beginner-Quickstart
 - https://github.com/PenguinoTEA/MovementForRobot
 - https://github.com/Perfect-Paradox-Team-8400/8400_2022
 - https://github.com/Perfect-Paradox-Team-8400/8400_2023
@@ -3260,6 +3263,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/YoungInnovatorOrganization/PowerPlay
 - https://github.com/Yttberium/EchoPulse
 - https://github.com/Yttberium/FtcRobot
+- https://github.com/Yttberium/ftcrobotcontroller-2023-2024-echopulse-master
 - https://github.com/Yuvraj-R/Equilibrium-Freight-Frenzy-Code-2021-2022
 - https://github.com/ZRJohnson/18443IntoTheDeep
 - https://github.com/Za1ea/Into-the-Deep_2024-2025
@@ -4805,6 +4809,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/saghor502/FTC_2023-2024_v1
 - https://github.com/sai-varshini-chinnasani/13266UltimateGoal
 - https://github.com/saisrikar8/ftc-poseidon-intothedeep
+- https://github.com/sakura-tempesta-6909/FTC-2023
 - https://github.com/sakura-tempesta-6909/ftc-2023
 - https://github.com/samgcode/ftc-19041-2021
 - https://github.com/sammypbaird/2022OffSeasonFtcRobotController

diff --git a/2020/CVE-2020-10148.md b/2020/CVE-2020-10148.md
@@ -22,6 +22,7 @@ No PoCs from references.
 - https://github.com/Elsfa7-110/kenzer-templates
 - https://github.com/Hatcat123/my_stars
 - https://github.com/HimmelAward/Goby_POC
+- https://github.com/Himnish/Cyber-9-12
 - https://github.com/Live-Hack-CVE/CVE-2020-10148
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

diff --git a/2020/CVE-2020-12820.md b/2020/CVE-2020-12820.md
@@ -13,5 +13,5 @@ Under non-default configuration, a stack-based buffer overflow in FortiOS versio
 - https://fortiguard.fortinet.com/psirt/FG-IR-20-083
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
 
diff --git a/2020/CVE-2020-15368.md b/2020/CVE-2020-15368.md
@@ -34,4 +34,5 @@ AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from us
 - https://github.com/sl4v3k/KDU
 - https://github.com/soosmile/POC
 - https://github.com/stong/CVE-2020-15368
+- https://github.com/stong/writing
 
diff --git a/2020/CVE-2020-15934.md b/2020/CVE-2020-15934.md
@@ -0,0 +1,17 @@
+### [CVE-2020-15934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15934)
+![](https://img.shields.io/static/v1?label=Product&message=FortiClientLinux&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%206.4.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Escalation%20of%20privilege&color=brighgreen)
+
+### Description
+
+An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2020/CVE-2020-3359.md b/2020/CVE-2020-3359.md
@@ -0,0 +1,17 @@
+### [CVE-2020-3359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3359)
+![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen)
+
+### Description
+
+A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2020/CVE-2020-3390.md b/2020/CVE-2020-3390.md
@@ -0,0 +1,17 @@
+### [CVE-2020-3390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3390)
+![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen)
+
+### Description
+
+A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2020/CVE-2020-3393.md b/2020/CVE-2020-3393.md
@@ -0,0 +1,17 @@
+### [CVE-2020-3393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3393)
+![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269&color=brighgreen)
+
+### Description
+
+A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2020/CVE-2020-3503.md b/2020/CVE-2020-3503.md
@@ -0,0 +1,17 @@
+### [CVE-2020-3503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3503)
+![](https://img.shields.io/static/v1?label=Product&message=Cisco%20IOS%20XE%20Software%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284&color=brighgreen)
+
+### Description
+
+A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2021/CVE-2021-26102.md b/2021/CVE-2021-26102.md
@@ -0,0 +1,26 @@
+### [CVE-2021-26102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26102)
+![](https://img.shields.io/static/v1?label=Product&message=FortiWAN&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.5.0%3C%3D%204.5.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control&color=brighgreen)
+
+### Description
+
+A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/NaInSec/CVE-PoC-in-GitHub
+- https://github.com/SleepyCofe/CVE-2021-26102
+- https://github.com/WhooAmii/POC_to_review
+- https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/k0mi-tg/CVE-POC
+- https://github.com/manas3c/CVE-POC
+- https://github.com/soosmile/POC
+- https://github.com/whoforget/CVE-POC
+- https://github.com/youwizard/CVE-POC
+- https://github.com/zecool/cve
+
diff --git a/2021/CVE-2021-26115.md b/2021/CVE-2021-26115.md
@@ -0,0 +1,17 @@
+### [CVE-2021-26115](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26115)
+![](https://img.shields.io/static/v1?label=Product&message=FortiWAN&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.5.0%3C%3D%204.5.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Escalation%20of%20privilege&color=brighgreen)
+
+### Description
+
+An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2021/CVE-2021-26855.md b/2021/CVE-2021-26855.md
@@ -73,6 +73,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability
 - https://github.com/H0j3n/EzpzCheatSheet
 - https://github.com/HackingCost/AD_Pentest
 - https://github.com/HimmelAward/Goby_POC
+- https://github.com/Himnish/Cyber-9-12
 - https://github.com/HubTou/oab
 - https://github.com/Immersive-Labs-Sec/ProxyLogon
 - https://github.com/JERRY123S/all-poc

diff --git a/2021/CVE-2021-3156.md b/2021/CVE-2021-3156.md
@@ -317,6 +317,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based
 - https://github.com/skilian-enssat/datura-ctf
 - https://github.com/soosmile/POC
 - https://github.com/stong/CVE-2021-3156
+- https://github.com/stong/writing
 - https://github.com/stressboi/TA-Samedit
 - https://github.com/substing/internal_ctf
 - https://github.com/substing/vulnerability_capstone_ctf

diff --git a/2021/CVE-2021-31589.md b/2021/CVE-2021-31589.md
@@ -21,5 +21,6 @@ A cross-site scripting (XSS) vulnerability has been reported and confirmed for B
 - https://github.com/daffainfo/Oneliner-Bugbounty
 - https://github.com/ghostxsec/one-liner
 - https://github.com/karthi-the-hacker/CVE-2021-31589
+- https://github.com/krlabs/cpanel-vulnerabilities
 - https://github.com/tucommenceapousser/Oneliner-Bugbounty2
 
diff --git a/2021/CVE-2021-32589.md b/2021/CVE-2021-32589.md
@@ -0,0 +1,18 @@
+### [CVE-2021-32589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32589)
+![](https://img.shields.io/static/v1?label=Product&message=FortiAnalyzer&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen)
+
+### Description
+
+A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+