?day POC 漏洞数据库

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-37020): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-37020

FreeBSD: VID-FE7031D3-3000-4B43-9FA6-52C2B624B8F9: zeek -- potential DoS vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/05/2024 Created 10/08/2024 Added 10/06/2024 Modified 10/06/2024 Description Tim Wojtulewicz of Corelight reports: Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially trigge…

Microsoft Edge Chromium: CVE-2025-21262 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 01/24/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/03/2025 Description User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21262 CVE - 2025-21262 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21262

FreeBSD: VID-41711C0D-DB27-11EF-873E-8447094A420F: Vaultwarden -- Muiltiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/25/2025 Created 01/28/2025 Added 01/26/2025 Modified 01/26/2025 Description The Vaultwarden project reports: RCE in the admin panel. Getting access to the Admin Panel via CSRF. Escalation of privilege via variable confusion in OrgHeaders trait. Solution(s) freebsd-upgrade-package-vaultwarden

Huawei EulerOS: CVE-2024-38608: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. However, mlx5e_resume changes the state of netif, via mlx5e_nic_enable, only if reg_state == NETREG_REGISTERED. In the below case, the above leads to NULL-ptr Oops[1] and memory leaks: mlx5e_probe _mlx5e_resume mlx5e_attach_netdev mlx5e_nic_enable<-- netdev not reg, not calling…

OS X update for AppleMobileFileIntegrity (CVE-2025-24122) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24122 CVE - 2025-24122 https://support…

Debian: CVE-2024-38548: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. Solution(s…

Alma Linux: CVE-2024-38556: Moderate: kernel security update (ALSA-2024-8162) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/29/2024 Added 10/28/2024 Modified 10/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely for the sem, blocking flow now waits for index to be allocated or a sem acquisition timeout before beginning the timer for FW completion. Kerne…

# Exploit Title: openSIS 9.1 - SQLi (Authenticated) # Google Dork: intext:"openSIS is a product" # Date: 09.09.2024 # Exploit Author: Devrim Dıragumandan (d0ub1edd) # Vendor Homepage: https://www.os4ed.com/ # Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 # Version: 9.1 # Tested on: Linux A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v9.1 via the "X-Forwarded-For" header parameters in POST request sent to /Ajax.php. GET /Ajax.php?modname=x HTTP/1.1 --- Parameter: X-Forwarded-For #1* ((custom) HEADER) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY o…

Google Chrome Vulnerability: CVE-2024-6103 Use after free in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/19/2024 Created 06/20/2024 Added 06/19/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-6103 CVE - 2024-6103

Red Hat: CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/26/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) redhat-upgrade-libxml2 redhat-upgrade-libxml2-debuginfo redhat-upgrade-libxml2-debugsource redhat-upgrade-libxml2-devel redhat-upgrade-python3-libxml2 redhat-upgrade-python3-libxml2-debuginfo References CVE-2022-49043 RHSA-2025:1350

OS X update for ImageIO (CVE-2025-24086) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/03/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service. Solution(s) apple-osx-upgrade-13_7_3 apple-osx-upgrade-14_7_3 apple-osx-upgrade-15_3 References https://attackerkb.com/topics/cve-2025-24086 CVE - 2025-24086 https://support.appl…

Huawei EulerOS: CVE-2021-47579: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overlayfs at a later stage during setup, but to prevent such …

Debian: CVE-2021-47464: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/22/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: audit: fix possible null-pointer dereference in audit_filter_rules Fixpossible null-pointer dereference in audit_filter_rules. audit_filter_rules() error: we previously assumed 'ctx' could be null Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47464 CVE - 2021-47464

FreeBSD: VID-E7974CA5-E4C8-11EF-AAB3-40B034429ECF (CVE-2024-54145): cacti -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/11/2025 Added 02/08/2025 Modified 02/08/2025 Description Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. Solution(s) freebsd-upgrade-package-cacti References CVE-2024-54145

Amazon Linux AMI 2: CVE-2021-47593: Security patch for kernel (ALASKERNEL-5.10-2022-009) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk->sk_sock_kern being set correctly: It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); from working for plain tcp sockets (any userspace-exposed socket). But in case of fallback, accept() can return a plain tcp sk. In such case, sk is still tagged as 'kernel' and …

SUSE: CVE-2024-6292: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/24/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-6292 CVE - 2024-6292

Debian: CVE-2023-27103: libde265 -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27103 CVE - 2023-27103 DLA-3676-1

Huawei EulerOS: CVE-2024-38541: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating…

Red Hat: CVE-2024-38796: edk2: Integer overflows in PeCoffLoaderRelocateImage (Multiple Advisories) Severity 6 CVSS (AV:A/AC:H/Au:S/C:P/I:C/A:P) Published 09/27/2024 Created 11/28/2024 Added 11/27/2024 Modified 02/10/2025 Description EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. Solution(s) redhat-upgrade-edk2-aarch64 redhat-upgrade-edk2-debugsource redhat-upgrade-edk2-ovmf redhat-upgrade-edk2-tools redhat-upgrade-edk2…

Alma Linux: CVE-2022-49043: Important: libxml2 security update (ALSA-2025-1350) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/26/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) alma-upgrade-libxml2 alma-upgrade-libxml2-devel alma-upgrade-python3-libxml2 References https://attackerkb.com/topics/cve-2022-49043 CVE - 2022-49043 https://errata.almalinux.org/9/ALSA-2025-1350.html

SUSE: CVE-2023-26768: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Solution(s) suse-upgrade-liblouis-data suse-upgrade-liblouis-devel suse-upgrade-liblouis-doc suse-upgrade-liblouis-tools suse-upgrade-liblouis14 suse-upgrade-liblouis19 suse-upgrade-liblouis20 suse-upgrade-liblouis9 suse-upgrade-python-louis suse-upgrade-python3-louis …

Oracle Linux: CVE-2021-47582: ELSA-2024-7000:kernel security update (IMPORTANT) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 06/19/2024 Created 10/24/2024 Added 10/16/2024 Modified 12/10/2024 Description In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value.If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about …

Huawei EulerOS: CVE-2024-38555: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually. Kernel log: ------------[ cut here ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_s…

Ubuntu: (Multiple Advisories) (CVE-2024-38615): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 08/10/2024 Added 08/09/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't present. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0…