Update Mon Feb 21 06:13:38 UTC 2022

trickest-workflows · trickest-workflows · commit ee35bdeb0549 · 2022-02-21T06:13:38.000Z
diff --git a/2009/CVE-2009-3850.md b/2009/CVE-2009-3850.md
@@ -0,0 +1,17 @@
+### [CVE-2009-3850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3850)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
+
+### POC
+
+#### Reference
+- http://www.coresecurity.com/content/blender-scripting-injection
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-20675.md b/2019/CVE-2019-20675.md
@@ -0,0 +1,17 @@
+### [CVE-2019-20675](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20675)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000061464/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0544
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -10123,6 +10123,7 @@ CVE-2009-3825 - http://www.exploit-db.com/exploits/9103
 CVE-2009-3837 - http://www.packetstormsecurity.org/0910-exploits/eurekamc-dos.txt
 CVE-2009-3838 - http://www.packetstormsecurity.org/0910-exploits/pegasusmc-dos.txt
 CVE-2009-3840 - http://seclists.org/fulldisclosure/2009/Nov/199
+CVE-2009-3850 - http://www.coresecurity.com/content/blender-scripting-injection
 CVE-2009-3857 - http://www.exploit-db.com/exploits/9133
 CVE-2009-3859 - http://www.exploit-db.com/exploits/9114
 CVE-2009-3863 - http://www.exploit-db.com/exploits/9683
@@ -36733,6 +36734,7 @@ CVE-2019-20629 - https://github.com/gpac/gpac/issues/1264
 CVE-2019-20632 - https://github.com/gpac/gpac/issues/1271
 CVE-2019-20633 - https://savannah.gnu.org/bugs/index.php?56683
 CVE-2019-20636 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12
+CVE-2019-20675 - https://kb.netgear.com/000061464/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-WiFi-Systems-PSV-2018-0544
 CVE-2019-20689 - https://kb.netgear.com/000061450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Gateways-and-Extenders-PSV-2018-0132
 CVE-2019-20760 - https://kb.netgear.com/000060639/Security-Advisory-for-Authentication-Bypass-on-R9000-PSV-2018-0615
 CVE-2019-20798 - https://github.com/cherokee/webserver/issues/1227
