👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31499
Github: https://github.com/omarhashem123/CVE-2022-31499
Describe:
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Mumber: CVE-2022-31499
Github: https://github.com/omarhashem123/CVE-2022-31499
Describe:
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
GitHub
GitHub - omarhashem123/CVE-2022-31499: CVE-2022-31499 Proof of Concept
CVE-2022-31499 Proof of Concept. Contribute to omarhashem123/CVE-2022-31499 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31798
Github: https://github.com/omarhashem123/CVE-2022-31798
Describe:
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
Mumber: CVE-2022-31798
Github: https://github.com/omarhashem123/CVE-2022-31798
Describe:
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
GitHub
GitHub - omarhashem123/CVE-2022-31798: CVE-2022-31798 Proof of Concept
CVE-2022-31798 Proof of Concept. Contribute to omarhashem123/CVE-2022-31798 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-25845
Github: https://github.com/expl0despl0it/CVE-2022-25845
Describe:
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Mumber: CVE-2022-25845
Github: https://github.com/expl0despl0it/CVE-2022-25845
Describe:
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
GitHub
GitHub - expl0despl0it/CVE-2022-25845: Fastjson exploit
Fastjson exploit. Contribute to expl0despl0it/CVE-2022-25845 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34729
Github: https://github.com/Pwnrin/CVE-2022-34729
Describe:
Windows GDI Elevation of Privilege Vulnerability.
Mumber: CVE-2022-34729
Github: https://github.com/Pwnrin/CVE-2022-34729
Describe:
Windows GDI Elevation of Privilege Vulnerability.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2274
Github: https://github.com/Malwareman007/CVE-2022-2274
Describe:
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
Mumber: CVE-2022-2274
Github: https://github.com/Malwareman007/CVE-2022-2274
Describe:
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
GitHub
GitHub - Malwareman007/CVE-2022-2274: A POC OF CVE-2022-2274 (openssl)
A POC OF CVE-2022-2274 (openssl). Contribute to Malwareman007/CVE-2022-2274 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-28282
Github: https://github.com/Pwnrin/CVE-2022-28282
Describe:
**
Mumber: CVE-2022-28282
Github: https://github.com/Pwnrin/CVE-2022-28282
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29581
Github: https://github.com/nidhi7598/linux-4.19.72_CVE-2022-29581
Describe:
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
Mumber: CVE-2022-29581
Github: https://github.com/nidhi7598/linux-4.19.72_CVE-2022-29581
Describe:
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
GitHub
GitHub - nidhi7598/linux-4.19.72_CVE-2022-29581
Contribute to nidhi7598/linux-4.19.72_CVE-2022-29581 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36934
Github: https://github.com/F1uk369/CVE-2022-36934
Describe:
An integer overflow in WhatsApp could result in remote code execution in an established video call.
Mumber: CVE-2022-36934
Github: https://github.com/F1uk369/CVE-2022-36934
Describe:
An integer overflow in WhatsApp could result in remote code execution in an established video call.
💩1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3236
Github: https://github.com/Xu0Tex1/CVE-2022-3236
Describe:
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
Mumber: CVE-2022-3236
Github: https://github.com/Xu0Tex1/CVE-2022-3236
Describe:
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
👎1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40916
Github: https://github.com/whitej3rry/CVE-2022-40916
Describe:
**
Mumber: CVE-2022-40916
Github: https://github.com/whitej3rry/CVE-2022-40916
Describe:
**
GitHub
GitHub - whitej3rry/CVE-2022-40916
Contribute to whitej3rry/CVE-2022-40916 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40490
Github: https://github.com/whitej3rry/CVE-2022-40490
Describe:
**
Mumber: CVE-2022-40490
Github: https://github.com/whitej3rry/CVE-2022-40490
Describe:
**
GitHub
GitHub - whitej3rry/CVE-2022-40490: Tiny File Manager v2.4.7 and below are vulnerable to Cross Site Scripting
Tiny File Manager v2.4.7 and below are vulnerable to Cross Site Scripting - GitHub - whitej3rry/CVE-2022-40490: Tiny File Manager v2.4.7 and below are vulnerable to Cross Site Scripting
** MDUT ** 🔧Tool update
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/ba7365f4f69be90353fde39dee6b62f246387195
commitUpdate log:
Merge pull request #48 from SafeGroceryStore/dev
pr
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/ba7365f4f69be90353fde39dee6b62f246387195
commitUpdate log:
Merge pull request #48 from SafeGroceryStore/dev
pr
GitHub
Merge pull request #48 from SafeGroceryStore/dev · SafeGroceryStore/MDUT@ba7365f
pr
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40126
Github: https://github.com/LovelyWei/CVE-2022-40126
Describe:
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
Mumber: CVE-2022-40126
Github: https://github.com/LovelyWei/CVE-2022-40126
Describe:
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
GitHub
GitHub - LovelyWei/CVE-2022-40126: Don't be evil.
Don't be evil. Contribute to LovelyWei/CVE-2022-40126 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26726
Github: https://github.com/acheong08/CVE-2022-26726-POC
Describe:
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
Mumber: CVE-2022-26726
Github: https://github.com/acheong08/CVE-2022-26726-POC
Describe:
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
GitHub
GitHub - acheong08/CVE-2022-26726-POC: TCC Bypass
TCC Bypass. Contribute to acheong08/CVE-2022-26726-POC development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41218
Github: https://github.com/V4bel/CVE-2022-41218
Describe:
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
Mumber: CVE-2022-41218
Github: https://github.com/V4bel/CVE-2022-41218
Describe:
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41082
Github: https://github.com/revers0id/CVE-2022-41082-PoC
Describe:
**
Mumber: CVE-2022-41082
Github: https://github.com/revers0id/CVE-2022-41082-PoC
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37434
Github: https://github.com/nidhi7598/external_zlib-1.2.7_CVE-2022-37434
Describe:
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Mumber: CVE-2022-37434
Github: https://github.com/nidhi7598/external_zlib-1.2.7_CVE-2022-37434
Describe:
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
GitHub
GitHub - nidhi7598/external_zlib-1.2.7_CVE-2022-37434
Contribute to nidhi7598/external_zlib-1.2.7_CVE-2022-37434 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41040
Github: https://github.com/kev1n-beaum0nt/CVE-2022-41040-RCE-POC
Describe:
**
Mumber: CVE-2022-41040
Github: https://github.com/kev1n-beaum0nt/CVE-2022-41040-RCE-POC
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-35914
Github: https://github.com/cactuschibre/CVE-2022-35914-poc
Describe:
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
Mumber: CVE-2022-35914
Github: https://github.com/cactuschibre/CVE-2022-35914-poc
Describe:
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
GitHub
GitHub - cosad3s/CVE-2022-35914-poc
Contribute to cosad3s/CVE-2022-35914-poc development by creating an account on GitHub.