CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix
GitHub
GitHub - almogopp/OpenSSH-CVE-2024-6387-Fix: A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing…
A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing an option to upgrade to a secure version or apply a temporary workaround. This repository helps secure systems agai...
CVE-2024-33644
None
Github link:
https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally
None
Github link:
https://github.com/Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally
GitHub
GitHub - Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally: Reproducing the following CVEs with dockerfile:CVE-2024-33644…
Reproducing the following CVEs with dockerfile:CVE-2024-33644 CVE-2024-34370 CVE-2024-22120 - Akshath-Nagulapally/ReproducingCVEs_Akshath_Nagulapally
CVE-2022-3699
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
Github link:
https://github.com/Eap2468/CVE-2022-3699
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
Github link:
https://github.com/Eap2468/CVE-2022-3699
GitHub
GitHub - Eap2468/CVE-2022-3699: Proof of Concept exploit for CVE-2022-3699
Proof of Concept exploit for CVE-2022-3699. Contribute to Eap2468/CVE-2022-3699 development by creating an account on GitHub.
CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Github link:
https://github.com/sanan2004/CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Github link:
https://github.com/sanan2004/CVE-2022-27925
GitHub
GitHub - sanan2004/CVE-2022-27925: PoC
PoC. Contribute to sanan2004/CVE-2022-27925 development by creating an account on GitHub.
CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/sanan2004/CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/sanan2004/CVE-2022-37706
GitHub
GitHub - sanan2004/CVE-2022-37706: PoC
PoC. Contribute to sanan2004/CVE-2022-37706 development by creating an account on GitHub.
CVE-2018-17431
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
Github link:
https://github.com/sanan2004/CVE-2018-17431-Comodo
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
Github link:
https://github.com/sanan2004/CVE-2018-17431-Comodo
GitHub
GitHub - sanan2004/CVE-2018-17431-Comodo: Comodo
Comodo . Contribute to sanan2004/CVE-2018-17431-Comodo development by creating an account on GitHub.
CVE-2023-1177
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Github link:
https://github.com/saimahmed/MLflow-Vuln
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Github link:
https://github.com/saimahmed/MLflow-Vuln
GitHub
GitHub - saimahmed/MLflow-Vuln: MLflow LFI/RFI Vulnerability -CVE-2023-1177 - Reproduced
MLflow LFI/RFI Vulnerability -CVE-2023-1177 - Reproduced - saimahmed/MLflow-Vuln