?day POC 漏洞数据库

Huawei EulerOS: CVE-2023-28450: dnsmasq security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Solution(s) huawei-euleros-2_0_sp11-upgrade-dnsmasq References https://attackerkb.com/topics/cve-2023-28450 CVE - 2023-28450 EulerOS-SA-2023-2287

# Exploit Title: dizqueTV 1.5.3 - Remote Code Execution (RCE) # Date: 9/21/2024 # Exploit Author: Ahmed Said Saud Al-Busaidi # Vendor Homepage: https://github.com/vexorian/dizquetv # Version: 1.5.3 # Tested on: linux POC: ## Vulnerability Description dizqueTV 1.5.3 is vulnerable to unauthorized remote code execution from attackers. ## STEPS TO REPRODUCE 1. go to http://localhost/#!/settings 2. now go to ffmpeg settings and change the FFMPEG Executable Path to: "; cat /etc/passwd && echo 'poc'" 3. click on update 4. now visit http://localhost/#!/version or click on version and you should see the content of /etc/passwd

# Exploit Title: Stored XSS in Gitea # Date: 27/08/2024 # Exploit Authors: Catalin Iovita & Alexandru Postolache # Vendor Homepage: (https://github.com/go-gitea/gitea) # Version: 1.22.0 # Tested on: Linux 5.15.0-107, Go 1.23.0 # CVE: CVE-2024-6886 ## Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. ## Steps to Reproduce 1. Log in to the application. 2. Create a new repository or modify an existing repository by clicking the Settings button from the `$username/$…

Huawei EulerOS: CVE-2024-47814: vim security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/07/2024 Created 01/16/2025 Added 01/15/2025 Modified 01/15/2025 Description Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in v…

Debian: CVE-2022-47665: libde265 -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/03/2023 Created 03/09/2023 Added 03/08/2023 Modified 01/28/2025 Description Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2022-47665 CVE - 2022-47665 DLA-3352-1 DSA-5346-1

Amazon Linux AMI 2: CVE-2023-26767: Security patch for liblouis (ALAS-2023-2013) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Solution(s) amazon-linux-ami-2-upgrade-liblouis amazon-linux-ami-2-upgrade-liblouis-debuginfo amazon-linux-ami-2-upgrade-liblouis-devel amazon-linux-ami-2-upgrade-liblouis-doc amazon-linux-ami-2-upgrade-liblouis-utils amazon-linux-ami-2-upgrade-python2-louis ama…

Huawei EulerOS: CVE-2022-27672: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 03/01/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf …

Google Chrome Vulnerability: CVE-2025-0998 Out of bounds memory access in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/13/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description Google Chrome Vulnerability: CVE-2025-0998 Out of bounds memory access in V8 Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0998 CVE - 2025-0998

SUSE: CVE-2023-26769: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) suse-upgrade-liblouis-data suse-upgrade-liblouis-devel suse-upgrade-liblouis-doc suse-upgrade-liblouis-tools suse-upgrade-liblouis14 suse-upgrade-liblouis19 suse-upgrade-liblouis20 suse-upgrade-liblouis9 suse-upgrade-python-louis suse-upgrade-python3-louis …

Huawei EulerOS: CVE-2024-46822: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for t…

Alma Linux: CVE-2024-31228: Important: redis:6 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/07/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/30/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Re…

Rocky Linux: CVE-2024-9355: grafana-pcp (Multiple Advisories) Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:P) Published 10/01/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key t…

SUSE: CVE-2023-28466: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-d…

Huawei EulerOS: CVE-2023-1118: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/02/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf Reference…

Ubuntu: (Multiple Advisories) (CVE-2024-46823): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled. Since this variable is used in one place only, remove it and pass the dev…

Debian: CVE-2024-46819: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-46819 CVE - 2024-46819 DSA-5782-1

Debian: CVE-2024-46735: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/18/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. Fix it by adding the check in ublk_ctrl_start_recovery() and return immediately in case of zero 'ub-&gt…

SUSE: CVE-2024-9393: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Th…

Ubuntu: (Multiple Advisories) (CVE-2023-25751): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-libmozjs-102-0 ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-2575…

Red Hat: CVE-2022-36021: redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/01/2023 Created 01/24/2025 Added 01/23/2025 Modified 01/23/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. Solution(s) redhat-upgrade-redi…

Alma Linux: CVE-2024-9407: Important: container-tools:rhel8 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:M/C:C/I:P/A:N) Published 10/01/2024 Created 11/08/2024 Added 11/07/2024 Modified 01/28/2025 Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even i…

Red Hat: CVE-2024-31449: redis: Lua library commands may lead to stack overflow and RCE in Redis (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 10/07/2024 Created 01/24/2025 Added 01/23/2025 Modified 02/10/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. …

Alpine Linux: CVE-2023-27103: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Solution(s) alpine-linux-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27103 CVE - 2023-27103 https://security.alpinelinux.org/vuln/CVE-2023-27103

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-39355): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-39355

Ubuntu: (Multiple Advisories) (CVE-2024-46826): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-ima…