?day POC 漏洞数据库

Ubuntu: (Multiple Advisories) (CVE-2024-46826): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-ima…

Amazon Linux 2023: CVE-2023-28486: Important priority package update for sudo Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. Solution(s) …

Red Hat: CVE-2022-36021: redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/01/2023 Created 01/24/2025 Added 01/23/2025 Modified 01/23/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. Solution(s) redhat-upgrade-redi…

Google Chrome Vulnerability: CVE-2025-0995 Use after free in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/13/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description Google Chrome Vulnerability: CVE-2025-0995 Use after free in V8 Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0995 CVE - 2025-0995

Alpine Linux: CVE-2023-27103: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Solution(s) alpine-linux-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27103 CVE - 2023-27103 https://security.alpinelinux.org/vuln/CVE-2023-27103

Alma Linux: CVE-2024-9397: Important: thunderbird security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9397 CVE - 2024-9397 https://errata.…

Red Hat: CVE-2024-31449: redis: Lua library commands may lead to stack overflow and RCE in Redis (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 10/07/2024 Created 01/24/2025 Added 01/23/2025 Modified 02/10/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. …

Red Hat: CVE-2024-8508: unbound: Unbounded name compression could lead to Denial of Service (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 02/04/2025 Added 02/03/2025 Modified 02/10/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestr…

Amazon Linux 2023: CVE-2023-2194: Medium priority package update for kernel Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An out-of-bounds write vulnerability was found in the Linux kernel&apos;s SLIMpro I2C device driver. The userspace &quot;data-&gt;block[0]&quot; variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. An out-of-bounds write vulnerability was found…

Red Hat: CVE-2024-47177: cups-filters/foomatic : Improper Verification of Source of a Communication Channel Severity 6 CVSS (AV:L/AC:L/Au:S/C:P/I:C/A:P) Published 09/27/2024 Created 09/28/2024 Added 09/27/2024 Modified 09/30/2024 Description A security flaw was found in OpenPrinting CUPS. A remote attacker may be able to exploit cups-filters via the FoomaticRIPCommandLine entry in the PPD file, which would trigger the CUPS system to execute any arbitrary commands injected into that file when a print job is sent to the affected device. Solution(s) misc-no-solution-exists References CVE-2024-47177 https://access.redhat.…

Fixed a security vulnerability in the postjournal service which may allow unauthenticated users to execute commands. Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/02/2024 Created 10/05/2024 Added 01/10/2025 Modified 01/21/2025 Description The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-45519 CVE - 2024-45519 https://wiki.zimbra.com/wiki/Security_Center https://…

Red Hat: CVE-2023-28466: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-28466 RHSA-2023:3708 RHSA-2023:3723 RHSA-2023:3819 RHSA-2023:3847 RHSA-2023:4789 RHSA-2…

Debian: CVE-2023-25155: redis -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/02/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) debian-upgrade-redis References https://attackerkb.com/t…

Alma Linux: CVE-2024-9407: Important: container-tools:rhel8 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:M/C:C/I:P/A:N) Published 10/01/2024 Created 11/08/2024 Added 11/07/2024 Modified 01/28/2025 Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even i…

Debian: CVE-2024-46735: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/18/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. Fix it by adding the check in ublk_ctrl_start_recovery() and return immediately in case of zero 'ub-&gt…

Ubuntu: (Multiple Advisories) (CVE-2024-46838): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don't BUG_ON() if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUG_ON()s are wrong - get rid of them. We could also remove the preceding "if (unlikely(...))" block, but then we could reach pte_offset_map_lock() with transhuge pages not just for file mappings…

VMware Photon OS: CVE-2023-28486 Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Sudo before 1.9.13 does not escape control characters in log messages. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28486 CVE - 2023-28486

Huawei EulerOS: CVE-2024-42415: libgsf security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/03/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/28/2025 Description An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) huawei-euleros…

Oracle Linux: CVE-2023-28101: ELSA-2023-6518:flatpak security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 03/16/2023 Created 11/24/2023 Added 11/22/2023 Modified 11/28/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control cha…

Huawei EulerOS: CVE-2024-46826: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 01/15/2025 Added 01/14/2025 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stableli…

Gentoo Linux: CVE-2023-20052: ClamAV: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/01/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/30/2025 Description On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could expl…

Debian: CVE-2022-36021: redis -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/01/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. Solution(s) debian-upgrade-redis References https://attackerkb.com/topics/cve-2022-36021 CVE - 2022-36021 DLA-3361-1

Debian: CVE-2025-21694: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the number of softlockups in __read_vmcore at kdump time have gone down, but they still happen sometimes. In a memory constrained environment like the kdump image, a softlockup is not just a harmless message, but it can interfere with things like RCU freeing memory, causing the c…

Ubuntu: USN-7231-1 (CVE-2023-27783): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27783 CVE - 2023-27783 USN-7231-1

Red Hat: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control cha…