?day POC 漏洞数据库

Microsoft Windows: CVE-2024-38102: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 07/09/2024 Created 07/10/2024 Added 07/09/2024 Modified 09/06/2024 Description Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5040448 microsoft-windows-windows_10-1607-kb5040434 microsoft-windows-windows_10-1809-kb5040430 microsoft-windows-windows_10-21h2-kb5040427 microsoft-windows-windows_10-22h2-kb5040427 microsoft-windows-windows_11-21h2-kb5040431 microsoft-windows-windows_11-22h2-kb5040442 microsoft-w…

# Exploit Title: Invesalius 3.1 - Remote Code Execution (RCE) # Discovered By: Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave) # Exploit Author: Alessio Romano (sfoffo), Riccardo Degli Esposti #(partywave) # Date: 23/08/2024 # Vendor Homepage: https://invesalius.github.io/ # Software Link: #https://github.com/invesalius/invesalius3/tree/master/invesalius # Version: 3.1.99991 to 3.1.99998 # Tested on: Windows # CVE: CVE-2024-42845 # External References: #https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-42845, #https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845, #https://www.partywave.site/show/research/Tic%20T…

Oracle Linux: CVE-2024-31228: ELSA-2024-10869:redis:7 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/07/2024 Created 12/10/2024 Added 12/07/2024 Modified 02/05/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has …

Huawei EulerOS: CVE-2024-46857: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] [...] [168.976037] Call Trace: [168.976188]<TASK> [168.97862…

Huawei EulerOS: CVE-2024-46826: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-e…

Huawei EulerOS: CVE-2024-38596: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCS…

Amazon Linux AMI 2: CVE-2021-47609: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically. …

Huawei EulerOS: CVE-2024-38615: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't present. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_…

D-Link DIR (CVE-2023-25280): D-Link DIR-820 Router OS Command Injection Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/16/2023 Created 11/29/2024 Added 11/28/2024 Modified 11/29/2024 Description OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. Solution(s) dlink-retire-device References https://attackerkb.com/topics/cve-2023-25280 CVE - 2023-25280 https://www.dlink.com/en/security-bulletin/

Ubuntu: (Multiple Advisories) (CVE-2024-46868): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock.That means that if we tried to set it later, then it would cause a deadlock.Drop the lock on the error path.That's what all the callers are expecting. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop …

SUSE: CVE-2021-47600: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). Solution(s) suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-rt suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azu…

Huawei EulerOS: CVE-2024-38552: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, an er…

Huawei EulerOS: CVE-2021-47589: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which…

Debian: CVE-2021-47595: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2) mausezahn ddd0-A 10.10.10.1 -B 10.10.10.2 -c 0 -a own -b 00:c1:a0:c1:a0:00 -t udp & 3) tc qdisc change dev ddd0 handle 10: ets bands 4 strict 2 quanta 2500 2500 priomap …

Oracle Linux: CVE-2024-38549: ELSA-2024-12581: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and veri…

Oracle Linux: CVE-2024-38564: ELSA-2024-10281:kernel:4.18.0 security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 12/10/2024 Added 11/27/2024 Modified 01/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type &lt;&gt; attach_type association. Add missing at…

Debian: CVE-2025-24531: pam-pkcs11 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/14/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Possible Authentication Bypass in Error Situations Solution(s) debian-upgrade-pam-pkcs11 References https://attackerkb.com/topics/cve-2025-24531 CVE - 2025-24531 DSA-5864-1

SUSE: CVE-2024-38566: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 07/23/2024 Added 07/23/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just created and passed to LSM socket_accept hook. Fix this verifier assumption and adjust tests. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluste…

Rocky Linux: CVE-2023-25155: redis-6 (RLSA-2025-0595) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/02/2023 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) rocky-upgrade-redis rocky-upgrade-redis-debuginfo rocky-upgrade-…

# Exploit Title: Stored XSS in NoteMark # Date: 07/29/2024 # Exploit Author: Alessio Romano (sfoffo) # Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ # Version: 0.13.0 and below # Tested on: Linux # References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819, https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182, https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 # CVE: CVE-2024-41819 ## Steps to Reproduce 1. Log in to the application. 2. Create a new note or enter a previously created note. 3. Access the note editor functionality from the selected note by clicking on the "…

Alma Linux: CVE-2021-47582: Important: kernel security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/26/2024 Description In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value.If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about "Task X blocke…

Huawei EulerOS: CVE-2024-38558: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, …

Microsoft Windows: CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability Severity 6 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21379 CVE - 2025-21379 https://support.microsoft.com/help/5051987

Ubuntu: USN-7231-1 (CVE-2023-27789): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27789 CVE - 2023-27789 USN-7231-1

Huawei EulerOS: CVE-2024-46834: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes. Currently the max channel check in the core gets skipped if driver can't fetch the indirection table or when we can't allocat…