?day POC 漏洞数据库

Huawei EulerOS: CVE-2023-25690: httpd security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngi…

SUSE: CVE-2022-3854: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Solution(s) suse-upgrade-ceph suse-upgrade-ceph-base suse-upgrade-ceph-common suse-upgrade-ceph-fuse suse-upgrade-ceph-grafana-dashboards suse-upgrade-ceph-immutable-object-cache suse-upgrade-ceph-mds suse-upgrade-ceph-mgr suse-upgrade-ceph-mgr-cephadm suse-upgrade-ce…

Microsoft Edge Chromium: CVE-2023-1213 Use after free in Swiftshader Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1213 CVE - 2023-1213 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1213

Alpine Linux: CVE-2022-45141: Inadequate Encryption Strength Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) alpine-linux-upgrade-samba References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-…

Ubuntu: USN-6063-1 (CVE-2022-3854): Ceph vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Solution(s) ubuntu-upgrade-ceph ubuntu-upgrade-ceph-base ubuntu-upgrade-ceph-common References https://attackerkb.com/topics/cve-2022-3854 CVE - 2022-3854 USN-6063-1

Debian: CVE-2023-1175: vim -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 06/14/2023 Added 06/14/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 DLA-3453-1

Debian: CVE-2023-1170: vim -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170

Alpine Linux: CVE-2019-8720: Improper Restriction of Operations within the Bounds of a Memory Buffer Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Solution(s) alpine-linux-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2019-8720 CVE - 2019-8720 https://security.alpinelinux.org/vuln/CVE-2019-8720

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-36401) Severity 4 CVSS (AV:A/AC:M/Au:S/C:P/I:P/A:N) Published 03/06/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. Solution(s) moodle-upgrade-3_10_5 moodle-upgrade-3_11_1 moodle-upgrade-3_9_8 References https://attackerkb.com/topics/cve-2021-36401 CVE - 2021-36401 https://moodle.org/mod/forum/discuss.php?d=424807

Oracle Linux: CVE-2024-38618: ELSA-2024-12581: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer.Such a situation may lead to an unexpected RCU stall, wherethe callback repeatedly queuing the expire update, as reporte…

Oracle Linux: CVE-2021-47579: ELSA-2024-5101:kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 11/29/2024 Description In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overla…

Huawei EulerOS: CVE-2024-38601: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following that, if the operation is successful, old->list.next->prev gets updated too. This means the underlying doubly-linked list is temporarily inconsistent, page->p…

Debian: CVE-2023-1534: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 DSA-5377-1

Gentoo Linux: CVE-2023-28101: Flatpak: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/16/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, …

Rocky Linux: CVE-2024-36025: kernel-rt (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/30/2024 Created 08/23/2024 Added 08/22/2024 Modified 11/18/2024 Description In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements.Thus this > comparison needs to be >= to prevent memory corruption. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cro…

Debian: CVE-2024-9632: xorg-server, xwayland -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/31/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Solution(s) debian-upgrade-xorg-server debian-upgrade-xwayland References https://attackerkb.com/to…

Microsoft Office: CVE-2025-21386: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21386: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002687 microsoft-office_online_server-kb5002679 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21386 CVE - 2025-21386 https://support.microsoft.com/help/5002679 https://support.microsoft.com/help/5002687

OS X update for Face Gallery (CVE-2023-32409) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2022-48713: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/20/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fix crash with stop filters in single-range mode Add a check for !buf->single before calling pt_buffer_region_size in a place where a missing check can cause a kernel crash. Fixes a bug introduced by commit 670638477aed ("perf/x86/intel/pt: Opportunistically use single range output mode"), which added a support for PT single-range output mode. Since that commit if a PT s…

Debian: CVE-2022-48714: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/20/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: bpf: Use VM_MAP instead of VM_ALLOC for ringbuf After commit 2fd3fb0be1d1 ("kasan, vmalloc: unpoison VM_ALLOC pages after mapping"), non-VM_ALLOC mappings will be marked as accessible in __get_vm_area_node() when KASAN is enabled. But now the flag for ringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access after vmap() returns. Because the ringbuf area is created by mapping allocated pa…

Debian: CVE-2024-8926: php8.2 -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/30/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arb…

Huawei EulerOS: CVE-2023-28617: emacs security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/19/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Solution(s) huawei-euleros-2_0_sp10-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2023-28617 CVE - 2023-28617 EulerOS-SA-2023-1819

漏洞描述金盘 微信管理平台 getsysteminfo接口存在未授权访问漏洞，攻击者通过漏洞可以获取账号密码信息，获取后台管理员权限。 漏洞影响金盘 微信管理平台 网络测绘title=”微信管理后台” && icon_hash=”116323821″ 漏洞复现登陆页面 验证POC /admin/weichatcfg/getsysteminfo

SUSE: CVE-2023-1534: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2023-1072): Gitlab -- Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SC…