Fix timestamps

content/cves/CVE-2023-0666.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2023-0666 🤘
 aliases: ["/cves/CVE-2023-0666.html"]
+pubDate: 2023-06-06T13:37:00-05:00
 ---
 
 # CVE-2023-0666: Wireshark RTPS Parsing Buffer Overflow

content/cves/CVE-2023-0667.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2023-0667
 aliases: ["/cves/CVE-2023-0667.html"]
+pubDate: 2023-06-06T13:37:00-05:00
 ---
 
 # CVE-2023-0667: Wireshark MSMMS parsing buffer overflow
@@ -63,7 +64,7 @@ Following, on line 471, the length is multiplied by 8, then 8 is subtracted from
  472
 ```
 
-Following the length remaining calculation, the `command_id` retrieved earlier is used to determine the command type and on line 480, the `dissect_client_transport_info` is called 
+Following the length remaining calculation, the `command_id` retrieved earlier is used to determine the command type and on line 480, the `dissect_client_transport_info` is called
 
 `/wireshark/epan/dissectors/packet-ms-mms.c`
 ```

content/cves/CVE-2023-0668.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2023-0668
 aliases: ["/cves/CVE-2023-0668.html"]
+pubDate: 2023-06-06T13:37:00-05:00
 ---
 
 
@@ -20,12 +21,12 @@ This crash is caused by an out of bounds read from the global buffer `conf_phaso
 
 `wireshark/epan/dissectors/packet-synphasor.c`
 ```
- 363 static const value_string conf_phasor_type[] = {               
+ 363 static const value_string conf_phasor_type[] = {
  364         { 0, "Voltage, Zero sequence"           },
  365         { 1, "Voltage, Positive sequence"       },
  366         { 2, "Voltage, Negative sequence"       },
- 367         { 3, "Voltage, Reserved"                },                
- 368         { 4, "Voltage, Phase A"                 },                
+ 367         { 3, "Voltage, Reserved"                },
+ 368         { 4, "Voltage, Phase A"                 },
  369         { 5, "Voltage, Phase B"                 },
  370         { 6, "Voltage, Phase C"                 },
  371         { 7, "Voltage, Reserved"                },
@@ -48,36 +49,36 @@ In `dissect_PHSCALE` (which can be found in the top frame of the stack trace.) o
 
 ```
 1190 static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint cnt)
-1191 {       
+1191 {
 1192         proto_tree *temp_tree;
 1193         gint i;
-1194 
+1194
 1195         if (0 == cnt) {
 1196                 return offset;
 1197         }
-1198 
+1198
 1199         temp_tree = proto_tree_add_subtree_format(tree, tvb, offset, 12 * cnt, ett_conf_phconv, NULL,
 1200                                                   "Phasor scaling and data flags (%u)", cnt);
-1201         
+1201
 1202         for (i = 0; i < cnt; i++) {
 1203                 proto_tree *single_phasor_scaling_and_flags_tree;
 1204                 proto_tree *phasor_flag1_tree;
 1205                 proto_tree *phasor_flag2_tree;
 1206                 proto_tree *data_flag_tree;
-1207 
+1207
 1208                 single_phasor_scaling_and_flags_tree = proto_tree_add_subtree_format(temp_tree, tvb, offset, 12,
 1209                                                                                      ett_conf_phlist, NULL,
 1210                                                                                      "Phasor #%u", i + 1);
-1211         
+1211
 1212                 data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
 1213                                                                ett_conf_phflags, NULL, "Phasor Data flags: %s",
 1214                                                                conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
-1215         
+1215
 1216                 /* first and second bytes - phasor modification flags*/
 1217                 phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
 1218                                                                   NULL, "Modification Flags: 0x%04x",
 1219                                                                   tvb_get_ntohs(tvb, offset));
-1220         
+1220
 ```
 
 A Base64 encoded blob of an example PCAP that can trigger the issue is below.

content/cves/CVE-2023-2905.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2023-2905
 aliases: ["/cves/CVE-2023-2905.html"]
+pubDate: 2023-08-08T13:37:00-05:00
 ---
 
 # CVE-2023-2905: Cesanta Mongoose MQTT Message Parsing Heap Overflow
@@ -61,7 +62,7 @@ src/mqtt.c
 406         m->props_size = decode_variable_length((char *) p, &len_len);
 ```
 
-The below shows the buffer from the crash file showing a 10 byte mqtt message with the 8th byte having the MSB set. 
+The below shows the buffer from the crash file showing a 10 byte mqtt message with the 8th byte having the MSB set.
 
 ```
 Thread 1 "fuzzer" hit Breakpoint 7, LLVMFuzzerTestOneInput (data=0xffffb4500790 "5\b", size=10) at test/fuzz.c:38

content/cves/CVE-2023-2906.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2023-2906
 aliases: ["/cves/CVE-2023-2906.html"]
+pubDate: 2023-08-24T13:37:00-05:00
 ---
 
 # CVE-2023-2906: Wireshark CP2179 Parsing Divide By Zero DoS
@@ -25,11 +26,11 @@ The relevant code snippet from `epan/dissectors/packet-cp2179.c` is:
  719                 {
  720                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_moredata, tvb, offset, 1, ENC_LITTLE_ENDIAN);
  721                     proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_numsets, tvb, offset, 1, ENC_LITTLE_ENDIAN);
- 722 
+ 722
  723                     num_records = tvb_get_guint8(tvb, offset) & 0x7F;
  724                     recordsize = (numberofcharacters-1) / num_records;
  725                     num_values = (recordsize-6) / 2;      /* Determine how many 16-bit analog values are present in each event record */
- 726 
+ 726
  727                     offset += 1;
 ```
 

content/cves/CVE-2023-4504.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2023-4504
 aliases: ["/cves/CVE-2023-4504.html"]
+pubDate: 2023-09-21T13:37:00-05:00
 ---
 # CVE-2023-4504: OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
 
@@ -17,7 +18,7 @@ Due to failure in validating the length provided by an attacker-crafted CUPS PPD
 
 # Technical Details
 
-The `scan_ps` function in the CUPS codebase provides functionality that scans through a string looking for the next Postscript object. When iterating through a string which contains an open parenthesis and ends with a single backslash (0x5c) character, the code incorrectly iterates forward a character without properly checking the bounds of the string resulting in a 1 byte read beyond the allocated heap buffer. 
+The `scan_ps` function in the CUPS codebase provides functionality that scans through a string looking for the next Postscript object. When iterating through a string which contains an open parenthesis and ends with a single backslash (0x5c) character, the code incorrectly iterates forward a character without properly checking the bounds of the string resulting in a 1 byte read beyond the allocated heap buffer.
 
 Snippet of the vulnerable code:
 
@@ -107,7 +108,7 @@ Line 1085 contains the case statement which provides the logic used to iterate t
 
 On line 1091, the for loop within the case statement is used to iterate through each character after encountering an open paranthesis character (0x28), storing the pointer to the current character in `cur`.
 
-On line 1111, the code checks if the current character is a backslash and finally, in line 1117, the character index is incremented without checking the length, now pointing to the null byte terminating the string. 
+On line 1111, the code checks if the current character is a backslash and finally, in line 1117, the character index is incremented without checking the length, now pointing to the null byte terminating the string.
 
 Upon the next iteration of the loop, on line 1094, the loop now begins iterating through unallocated memory resulting in undefined behaviour.
 
@@ -142,4 +143,3 @@ This issue is being disclosed through the AHA! CNA and is credited to: [zenofex]
 [disclosure policy]: https://takeonme.org/cve.html
 [AHA!]: https://takeonme.org/
 [CWE-122]: https://cwe.mitre.org/data/definitions/122.html
-

content/cves/CVE-2023-5841.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2023-5841
 aliases: ["/cves/CVE-2023-5841.html"]
+pubDate: 2024-01-31T13:37:00-05:00
 ---
 
 # CVE-2023-5841: Academy Software Foundation OpenEXR Heap Overflow in Scanline Deep Data Parsing
@@ -27,7 +28,7 @@ src/lib/OpenEXRCore/unpack.c
 1214     uint8_t*       cdata;
 1215     int            w, h, bpc, ubpc;
 1216     size_t         totsamps = 0;
-1217 
+1217
 ...
 ...
 1253             for (int x = 0; x < w; ++x)
@@ -38,18 +39,18 @@ src/lib/OpenEXRCore/unpack.c
 1258                 {
 1259                     int32_t tmp = samps - prevsamps;
 1260                     prevsamps   = samps;
-1261                     samps       = tmp; 
-1262                 } 
-1263             
+1261                     samps       = tmp;
+1262                 }
+1263
 1264                 UNPACK_SAMPLES (samps)
-1265 
+1265
 1266                 srcbuffer += bpc * samps;
 1267                 if (incr_tot) totsamps += (size_t) samps;
-1268             }   
-1269         }       
+1268             }
+1269         }
 1270         sampbuffer += w;
-1271     }           
-1272                     
+1271     }
+1272
 1273     return EXR_ERR_SUCCESS;
 1274 }
 ```
@@ -179,7 +180,7 @@ src/lib/OpenEXRCore/unpack.c
 1090     }
 ```
 
-This vulernability is by default unreachable through the exr\* utilities provided with 
+This vulernability is by default unreachable through the exr\* utilities provided with
 the OpenEXR library because of a conditional in the `checkCoreFile` function (lines 1489-1492 below) which prevent the processing of EXR image files with the `DEEP_SCANLINE`/`DEEP_TILE` storage modes.
 
 This however only prevents the exr\* utilities from reaching the vulnerable code and direct calls
@@ -192,21 +193,21 @@ src/lib/OpenEXRUtil/ImfCheckFile.cpp
 1476 {
 1477     exr_result_t rv;
 1478     int          numparts;
-1479 
+1479
 1480     rv = exr_get_count (f, &numparts);
 1481     if (rv != EXR_ERR_SUCCESS) return true;
-1482 
+1482
 1483     for (int p = 0; p < numparts; ++p)
 1484     {
 1485         exr_storage_t store;
 1486         rv = exr_get_storage (f, p, &store);
 1487         if (rv != EXR_ERR_SUCCESS) return true;
-1488 
+1488
 1489         // TODO: Need to fill this in
 1490         if (store == EXR_STORAGE_DEEP_SCANLINE ||
 1491             store == EXR_STORAGE_DEEP_TILED)
 1492             continue;
-1493 
+1493
 1494         if (store == EXR_STORAGE_SCANLINE)
 1495         {
 1496             if (readCoreScanlinePart (f, p, reduceMemory, reduceTime))
@@ -217,7 +218,7 @@ src/lib/OpenEXRUtil/ImfCheckFile.cpp
 1501             if (readCoreTiledPart (f, p, reduceMemory, reduceTime)) return true;
 1502         }
 1503     }
-1504 
+1504
 1505     return false;
 1506 }
 ```

content/cves/CVE-2024-4224.md

@@ -1,6 +1,7 @@
 ---
 title: CVE-2024-4224
 aliases: ["/cves/CVE-2024-4224.html"]
+pubDate: 2024-07-15T14:34:53.699-05:00
 ---
 
 # CVE-2024-4224: TP-Link TL-SG1016DE XSS

content/cves/CVE-2025-2894.md

@@ -2,6 +2,7 @@
 title: CVE-2025-2894
 aliases:
   - /cves/CVE-2025-2894.html
+pubDate: 2025-03-27T20:57:13-05:00
 ---
 
 # CVE-2025-2894: Unitree Go1 Backdoor Control Channel

content/cves/CVE-2025-32455.md

@@ -2,6 +2,7 @@
 title: CVE-2025-32455
 aliases:
   - /cves/CVE-2025-32455.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-32455: ON Semiconductor Quantenna router_command.sh run_cmd Argument Injection

content/cves/CVE-2025-32456.md

@@ -2,6 +2,7 @@
 title: CVE-2025-32456
 aliases:
   - /cves/CVE-2025-32456.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-32456: ON Semiconductor Quantenna router_command.sh put_file_to_qtn Argument Injection

content/cves/CVE-2025-32457.md

@@ -2,6 +2,7 @@
 title: CVE-2025-32457
 aliases:
   - /cves/CVE-2025-32457.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-32457: ON Semiconductor Quantenna router_command.sh get_file_from_qtn Argument Injection

content/cves/CVE-2025-32458.md

@@ -2,6 +2,7 @@
 title: CVE-2025-32458
 aliases:
   - /cves/CVE-2025-32458.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-32458: ON Semiconductor Quantenna router_command.sh get_syslog_from_qtn Argument Injection

content/cves/CVE-2025-32459.md

@@ -2,6 +2,7 @@
 title: CVE-2025-32459
 aliases:
   - /cves/CVE-2025-32459.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-32459: ON Semiconductor Quantenna router_command.sh sync_time Argument Injection

content/cves/CVE-2025-3459.md

@@ -2,6 +2,7 @@
 title: CVE-2025-3459
 aliases:
   - /cves/CVE-2025-3459.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-3459: ON Semiconductor Quantenna transmit_file Argument Injection

content/cves/CVE-2025-3460.md

@@ -2,6 +2,7 @@
 title: CVE-2025-3460
 aliases:
   - /cves/CVE-2025-3460.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-3460: ON Semiconductor Quantenna set_tx_pow Argument Injection

content/cves/CVE-2025-3461.md

@@ -2,6 +2,7 @@
 title: CVE-2025-3461
 aliases:
   - /cves/CVE-2025-3461.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-3461: ON Semiconductor Quantenna Telnet Missing Authentication

content/cves/CVE-2025-35004.md

@@ -2,6 +2,7 @@
 title: CVE-2025-35004
 aliases:
   - /cves/CVE-2025-35004.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-35004: Microhard Bullet-LTE and IPn4Gii AT+MFIP Argument Injection
@@ -47,7 +48,7 @@ size_t FUN_0000e9a0(undefined4 param_1,char *param_2,void *param_3,size_t param_
   FILE *__stream;
   char *__s;
   size_t sVar1;
-  
+
   __stream = popen(param_2,"r");
   if (__stream != (FILE *)0x0) {
     memset(param_3,0,param_4);
@@ -115,7 +116,7 @@ This vulnerability was discovered and documented by Ricky "HeadlessZeke" Lawshae
 * 2025-04-02 (Wed): Contact initiated to several guessed email aliases, such as [email protected],  [email protected], etc.
 * 2025-04-02 (Wed): Bounces collected from media@, press@, security@, and secure@. No bounce notification was generated from info@ and support@, though a customer account was required to further communicate with support@, which [AHA!] does not have.
 * 2025 (April and May): No further communication from the vendor was received.
-* 2025-06-08 (Sun): Verified current IPn4Gii/BulletLTE [firmware] remains at v1.2.0-r1132 
+* 2025-06-08 (Sun): Verified current IPn4Gii/BulletLTE [firmware] remains at v1.2.0-r1132
 * 2025-06-08 (Sun): Public disclosure of [CVE-2025-35004]
 
 ----

content/cves/CVE-2025-35005.md

@@ -2,6 +2,7 @@
 title: CVE-2025-35005
 aliases:
   - /cves/CVE-2025-35005.html
+pubDate: 2025-06-08T15:58:51-05:00
 ---
 
 # CVE-2025-35005: Microhard Bullet-LTE and IPn4Gii AT+MFMAC Argument Injection
@@ -44,7 +45,7 @@ size_t FUN_0000e9a0(undefined4 param_1,char *param_2,void *param_3,size_t param_
   FILE *__stream;
   char *__s;
   size_t sVar1;
-  
+
   __stream = popen(param_2,"r");
   if (__stream != (FILE *)0x0) {
     memset(param_3,0,param_4);
@@ -112,7 +113,7 @@ This vulnerability was discovered and documented by Ricky "HeadlessZeke" Lawshae
 * 2025-04-02 (Wed): Contact initiated to several guessed email aliases, such as [email protected],  [email protected], etc.
 * 2025-04-02 (Wed): Bounces collected from media@, press@, security@, and secure@. No bounce notification was generated from info@ and support@, though a customer account was required to further communicate with support@, which [AHA!] does not have.
 * 2025 (April and May): No further communication from the vendor was received.
-* 2025-06-08 (Sun): Verified current IPn4Gii/BulletLTE [firmware] remains at v1.2.0-r1132 
+* 2025-06-08 (Sun): Verified current IPn4Gii/BulletLTE [firmware] remains at v1.2.0-r1132
 * 2025-06-08 (Sun): Public disclosure of [CVE-2025-35005]
 
 ----