Dashboard Template Enhancements (#3752)

* Enhancement: cves/2021/CVE-2021-1497.yaml by cs

* Enhancement: cves/2010/CVE-2010-1957.yaml by mp

* Enhancement: cves/2010/CVE-2010-1977.yaml by mp

* Enhancement: cves/2010/CVE-2010-1979.yaml by mp

* Enhancement: cves/2010/CVE-2010-1980.yaml by mp

* Enhancement: cves/2010/CVE-2010-1981.yaml by mp

* Enhancement: cves/2010/CVE-2010-1982.yaml by mp

* Enhancement: cves/2010/CVE-2010-1983.yaml by mp

* Enhancement: cves/2010/CVE-2010-2033.yaml by mp

* Enhancement: cves/2010/CVE-2010-2034.yaml by mp

* Enhancement: cves/2010/CVE-2010-2035.yaml by mp

* Enhancement: cves/2010/CVE-2010-2036.yaml by mp

* Enhancement: cves/2010/CVE-2010-2037.yaml by mp

* Enhancement: cves/2010/CVE-2010-2045.yaml by mp

* Enhancement: cves/2010/CVE-2010-2050.yaml by mp

* Enhancement: cves/2010/CVE-2010-2122.yaml by mp

* Enhancement: cves/2010/CVE-2010-1980.yaml by mp

* Enhancement: cves/2010/CVE-2010-1981.yaml by mp

* Enhancement: cves/2010/CVE-2010-1982.yaml by mp

* Enhancement: cves/2010/CVE-2010-2035.yaml by mp

* Enhancement: cves/2010/CVE-2010-2128.yaml by mp

* Enhancement: cves/2010/CVE-2010-2259.yaml by mp

* Enhancement: cves/2010/CVE-2010-2307.yaml by mp

* Enhancement: cves/2010/CVE-2010-2507.yaml by mp

* Enhancement: cves/2010/CVE-2010-2680.yaml by mp

* Enhancement: cves/2010/CVE-2010-2682.yaml by mp

* Enhancement: cves/2010/CVE-2010-2857.yaml by mp

* Enhancement: cves/2010/CVE-2010-2861.yaml by mp

* Enhancement: cves/2010/CVE-2010-2918.yaml by mp

* Enhancement: cves/2010/CVE-2010-2920.yaml by mp

* Enhancement: cves/2010/CVE-2010-3203.yaml by mp

* Enhancement: cves/2010/CVE-2010-3426.yaml by mp

* Enhancement: cves/2010/CVE-2010-4617.yaml by mp

* Enhancement: cves/2010/CVE-2010-4231.yaml by mp

* Enhancement: cves/2010/CVE-2010-4282.yaml by mp

* Enhancement: cves/2010/CVE-2010-4282.yaml by mp

* Enhancement: cves/2010/CVE-2010-4617.yaml by mp

* Enhancement: cves/2010/CVE-2010-4719.yaml by mp

* Enhancement: cves/2010/CVE-2010-4769.yaml by mp

* Enhancement: cves/2010/CVE-2010-4977.yaml by mp

* Enhancement: cves/2010/CVE-2010-5028.yaml by mp

* Enhancement: cves/2010/CVE-2010-5278.yaml by mp

* Enhancement: cves/2010/CVE-2010-5286.yaml by mp

* Enhancement: cves/2011/CVE-2011-0049.yaml by mp

* Enhancement: cves/2011/CVE-2011-1669.yaml by mp

* Enhancement: cves/2011/CVE-2011-2744.yaml by mp

* Enhancement: cves/2000/CVE-2000-0114.yaml by mp

* Enhancement: cves/2011/CVE-2011-3315.yaml by mp

* Enhancement: cves/2011/CVE-2011-4336.yaml by mp

* Enhancement: cves/2011/CVE-2011-4618.yaml by mp

* Enhancement: cves/2011/CVE-2011-4624.yaml by mp

* Enhancement: cves/2011/CVE-2011-4804.yaml by mp

* Enhancement: cves/2011/CVE-2011-0049.yaml by mp

* Enhancement: cves/2011/CVE-2011-2780.yaml by mp

* Enhancement: cves/2011/CVE-2011-2780.yaml by mp

* Enhancement: cves/2012/CVE-2012-1823.yaml by mp

* Enhancement: cves/2012/CVE-2012-0392.yaml by mp

* Enhancement: cves/2012/CVE-2012-1226.yaml by mp

* Enhancement: cves/2012/CVE-2012-0996.yaml by mp

* Enhancement: cves/2021/CVE-2021-39226.yaml by cs

* Enhancement: cves/2021/CVE-2021-27358.yaml by cs

* Enhancement: cves/2021/CVE-2021-43798.yaml by cs

* Enhancement: cves/2021/CVE-2021-43798.yaml by cs

* Enhancement: cves/2021/CVE-2021-43798.yaml by cs

* Enhancement: cves/2012/CVE-2012-1835.yaml by mp

* Enhancement: cves/2012/CVE-2012-0901.yaml by mp

* Enhancement: cves/2011/CVE-2011-5265.yaml by mp

* Enhancement: cves/2011/CVE-2011-5181.yaml by mp

* Enhancement: cves/2011/CVE-2011-5179.yaml by mp

* Enhancement: cves/2011/CVE-2011-5107.yaml by mp

* Enhancement: cves/2011/CVE-2011-5106.yaml by mp

* Enhancement: cves/2011/CVE-2011-4926.yaml by mp

* Enhancement: cves/2012/CVE-2012-0991.yaml by mp

* Enhancement: cves/2012/CVE-2012-0981.yaml by mp

* Enhancement: cves/2012/CVE-2012-0896.yaml by mp

* Enhancement: cves/2012/CVE-2012-0392.yaml by mp

* Enhancement: cves/2012/CVE-2012-0392.yaml by mp
Fix "too few spaces before comment" lint errors

* Enhancement: cves/2011/CVE-2011-5106.yaml by mp

* Enhancement: cves/2011/CVE-2011-4926.yaml by mp

* Enhancement: cves/2013/CVE-2013-2287.yaml by mp

* Enhancement: cves/2012/CVE-2012-5913.yaml by mp

* Enhancement: cves/2012/CVE-2012-4889.yaml by mp

* Enhancement: cves/2012/CVE-2012-4768.yaml by mp

* Enhancement: cves/2012/CVE-2012-4547.yaml by mp

* Enhancement: cves/2012/CVE-2012-4273.yaml by mp

* Enhancement: cves/2012/CVE-2012-4242.yaml by mp

* Enhancement: cves/2012/CVE-2012-2371.yaml by mp

* Enhancement: cves/2013/CVE-2013-2248.yaml by mp

* Enhancement: cves/2012/CVE-2012-4940.yaml by mp

* Enhancement: cves/2012/CVE-2012-4878.yaml by mp

* Enhancement: cves/2012/CVE-2012-4253.yaml by mp

* Enhancement: cves/2012/CVE-2012-4253.yaml by mp
Trailing space

* Enhancement: cves/2013/CVE-2013-2251.yaml by mp

* Enhancement: cves/2013/CVE-2013-1965.yaml by mp

* Enhancement: cves/2012/CVE-2012-3153.yaml by mp

* Enhancement: cves/2012/CVE-2012-5913.yaml by mp

* Enhancement: cves/2012/CVE-2012-4242.yaml by mp

* Merge conflict

* Fix references syntax

* Fix syntax. Again.

* Update CVE-2011-4926.yaml

* Enhancement: cves/2021/CVE-2021-28073.yaml by cs

* Enhancement: cves/2021/CVE-2021-39226.yaml by cs

* Enhancement: cves/2021/CVE-2021-20167.yaml by cs

* Enhancement: cves/2021/CVE-2021-40438.yaml by cs

* Enhancement: cves/2021/CVE-2021-40438.yaml by cs

Co-authored-by: sullo <sullo@cirt.net>
patch-1
MostInterestingBotInTheWorld 2022-02-23 03:00:19 -05:00 committed by GitHub
parent fade3db21a
commit 3e13f1cce6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 7 deletions

View File

@ -4,7 +4,8 @@ info:
name: Netgear RAX43 - Unauthenticated Command Injection / Authentication Bypass Buffer Overrun via LAN Interface name: Netgear RAX43 - Unauthenticated Command Injection / Authentication Bypass Buffer Overrun via LAN Interface
author: gy741 author: gy741
severity: critical severity: critical
description: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167. Netgear RAX43 version 1.0.3.96 contains a command injection and authbypass vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. and The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton. description: "Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloud_control.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the application. Note: This vulnerability uses a combination of CVE-2021-20166 and CVE-2021-20167."
remediation: Upgrade to newer release of the RAX43 firmware.
reference: reference:
- https://www.tenable.com/security/research/tra-2021-55 - https://www.tenable.com/security/research/tra-2021-55
- https://nvd.nist.gov/vuln/detail/CVE-2021-20166 - https://nvd.nist.gov/vuln/detail/CVE-2021-20166
@ -30,3 +31,5 @@ requests:
part: interactsh_protocol part: interactsh_protocol
words: words:
- "http" - "http"
# Enhanced by cs on 2022/02/22

View File

@ -4,11 +4,15 @@ info:
name: Ntopng Authentication Bypass name: Ntopng Authentication Bypass
author: z3bd author: z3bd
severity: critical severity: critical
description: Ntopng is a passive network monitoring tool focused on flows and statistics that can be obtained from the traffic captured by the server. There is a authentication bypass vulnerability in ntopng <= 4.2 description: Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2
remediation: Upgrade to version 4.3 or later.
tags: ntopng,cve,cve2021 tags: ntopng,cve,cve2021
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27573
- http://noahblog.360.cn/ntopng-multiple-vulnerabilities/ - http://noahblog.360.cn/ntopng-multiple-vulnerabilities/
- https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md - https://github.com/AndreaOm/docs/blob/c27d2db8dbedb35c9e69109898aaecd0f849186a/wikipoc/PeiQi_Wiki/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/HongKe/HongKe%20ntopng%20%E6%B5%81%E9%87%8F%E5%88%86%E6%9E%90%E7%B3%BB%E7%BB%9F%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2021-28073.md
classification:
cve-id: CVE-2021-28073
requests: requests:
- method: GET - method: GET
@ -34,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by cs on 2022/02/22

View File

@ -3,7 +3,7 @@ id: CVE-2021-39226
info: info:
name: Grafana Snapshot Authentication Bypass name: Grafana Snapshot Authentication Bypass
author: Evan Rubinstein author: Evan Rubinstein
description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of wether or not the snapshot is set to public mode (disabled by default). description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).
remediation: "This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects." remediation: "This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects."
reference: reference:
- https://github.com/advisories/GHSA-69j6-29vr-p3j9 - https://github.com/advisories/GHSA-69j6-29vr-p3j9
@ -31,4 +31,4 @@ requests:
words: words:
- '"isSnapshot":true' - '"isSnapshot":true'
# Enhanced by cs on 2022/02/18 # Enhanced by cs on 2022/02/22

View File

@ -1,10 +1,11 @@
id: CVE-2021-40438 id: CVE-2021-40438
info: info:
name: Apache <= 2.4.48 - Mod_Proxy SSRF name: Apache <= 2.4.48 Mod_Proxy SSRF
author: pdteam author: pdteam
severity: critical severity: critical
description: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. description: Apache 2.4.8 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.
remediation: Upgrade to Apache version 2.4.49 or newer.
reference: reference:
- https://firzen.de/building-a-poc-for-cve-2021-40438 - https://firzen.de/building-a-poc-for-cve-2021-40438
- https://httpd.apache.org/security/vulnerabilities_24.html - https://httpd.apache.org/security/vulnerabilities_24.html
@ -27,3 +28,5 @@ requests:
- type: word - type: word
words: words:
- "Interactsh Server" - "Interactsh Server"
# Enhanced by cs on 2022/02/22