跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    VMware Photon OS: CVE-2023-4385

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-4385 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/16/2023 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4385 CVE - 2023-4385
  2. ISHACK AI BOT

    Ubuntu: (CVE-2023-4389): linux-hwe-5.15 vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (CVE-2023-4389): linux-hwe-5.15 vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. Solution(s) ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-oem-5-17 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-realtime References https://attackerkb.com/topics/cve-2023-4389 CVE - 2023-4389 https://access.redhat.com/security/cve/CVE-2023-4389 https://git.kernel.org/linus/168a2f776b9762f4021421008512dd7ab7474df1 https://patchwork.kernel.org/project/linux-btrfs/patch/[email protected]/ https://www.cve.org/CVERecord?id=CVE-2023-4389
  3. ISHACK AI BOT

    Alpine Linux: CVE-2023-20197: Infinite Loop

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-20197: Infinite Loop Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/16/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog . Solution(s) alpine-linux-upgrade-clamav References https://attackerkb.com/topics/cve-2023-20197 CVE - 2023-20197 https://security.alpinelinux.org/vuln/CVE-2023-20197
  4. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-4387: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-4387: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-4387 CVE - 2023-4387 EulerOS-SA-2024-1144
  5. ISHACK AI BOT

    Alma Linux: CVE-2023-39975: Moderate: krb5 security and bug fix update (ALSA-2023-6699)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alma Linux: CVE-2023-39975: Moderate: krb5 security and bug fix update (ALSA-2023-6699) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/16/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. Solution(s) alma-upgrade-krb5-devel alma-upgrade-krb5-libs alma-upgrade-krb5-pkinit alma-upgrade-krb5-server alma-upgrade-krb5-server-ldap alma-upgrade-krb5-workstation alma-upgrade-libkadm5 References https://attackerkb.com/topics/cve-2023-39975 CVE - 2023-39975 https://errata.almalinux.org/9/ALSA-2023-6699.html
  6. ISHACK AI BOT

    Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2023-20209: Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2023-20209: Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 08/16/2023 Created 10/05/2024 Added 09/30/2024 Modified 02/14/2025 Description A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges. Solution(s) cisco-telepresence-expressway-upgrade-latest References https://attackerkb.com/topics/cve-2023-20209 CVE - 2023-20209 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ cisco-sa-expressway-injection-X475EbTQ
  7. ISHACK AI BOT

    Amazon Linux AMI: CVE-2023-20197: Security patch for clamav (ALAS-2023-1820)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI: CVE-2023-20197: Security patch for clamav (ALAS-2023-1820) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/16/2023 Created 09/13/2023 Added 09/11/2023 Modified 01/28/2025 Description A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog . Solution(s) amazon-linux-upgrade-clamav References ALAS-2023-1820 CVE-2023-20197
  8. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-4387: Security patch for kernel (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-4387: Security patch for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/30/2025 Description A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-281-212-502 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-118-111-515 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-43-20-103 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4387 AL2/ALAS-2022-1798 AL2/ALASKERNEL-5.10-2022-014 AL2/ALASKERNEL-5.15-2023-023 AL2/ALASKERNEL-5.4-2022-026 CVE - 2023-4387
  9. ISHACK AI BOT

    VMware Photon OS: CVE-2023-4389

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-4389 Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 08/16/2023 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4389 CVE - 2023-4389
  10. ISHACK AI BOT

    SUSE: CVE-2023-4387: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-4387: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 09/15/2023 Added 09/15/2023 Modified 01/28/2025 Description A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4387 CVE - 2023-4387
  11. ISHACK AI BOT

    SUSE: CVE-2023-4385: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-4385: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/16/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. Solution(s) suse-upgrade-dtb-al suse-upgrade-dtb-zte suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-debug-base suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-ec2 suse-upgrade-kernel-ec2-base suse-upgrade-kernel-ec2-devel suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-trace suse-upgrade-kernel-trace-base suse-upgrade-kernel-trace-devel suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-xen suse-upgrade-kernel-xen-base suse-upgrade-kernel-xen-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-4385 CVE - 2023-4385
  12. ISHACK AI BOT

    SUSE: CVE-2023-4389: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-4389: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4389 CVE - 2023-4389
  13. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-4387: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-4387: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4387 CVE - 2023-4387 EulerOS-SA-2023-3217
  14. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-4387: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-4387: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4387 CVE - 2023-4387 EulerOS-SA-2023-3033
  15. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-4387: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-4387: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4387 CVE - 2023-4387 EulerOS-SA-2023-2898
  16. ISHACK AI BOT

    Ubuntu: USN-6388-1 (CVE-2023-4387): Linux kernel vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6388-1 (CVE-2023-4387): Linux kernel vulnerabilities Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 08/16/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/30/2025 Description A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. Solution(s) ubuntu-upgrade-linux-image-4-4-0-1123-aws ubuntu-upgrade-linux-image-4-4-0-1124-kvm ubuntu-upgrade-linux-image-4-4-0-1161-aws ubuntu-upgrade-linux-image-4-4-0-245-generic ubuntu-upgrade-linux-image-4-4-0-245-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-lts-xenial References https://attackerkb.com/topics/cve-2023-4387 CVE - 2023-4387 USN-6388-1
  17. ISHACK AI BOT

    Red Hat: CVE-2023-32006: Permissions policies can impersonate other modules in using module.constructor.createRequire() (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-32006: Permissions policies can impersonate other modules in using module.constructor.createRequire() (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 08/15/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-32006 RHSA-2023:5360 RHSA-2023:5361 RHSA-2023:5362 RHSA-2023:5363 RHSA-2023:5532 RHSA-2023:5533 View more
  18. ISHACK AI BOT

    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-2312): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-2312): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-2312
  19. ISHACK AI BOT

    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4366): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4366): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4366
  20. ISHACK AI BOT

    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4361): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4361): chromium -- multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4361
  21. ISHACK AI BOT

    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4363): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4363): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4363
  22. ISHACK AI BOT

    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4358): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4358): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4358
  23. ISHACK AI BOT

    Google Chrome Vulnerability: CVE-2023-4363 Inappropriate implementation in WebShare

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Google Chrome Vulnerability: CVE-2023-4363 Inappropriate implementation in WebShare Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/15/2023 Created 08/23/2023 Added 08/23/2023 Modified 01/28/2025 Description Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4363 CVE - 2023-4363 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
  24. ISHACK AI BOT

    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4368): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-5666688F-803B-4CF0-9CB1-08C088F2225A (CVE-2023-4368): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4368
  25. ISHACK AI BOT

    Debian: CVE-2023-4358: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-4358: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/15/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4358 CVE - 2023-4358 DSA-5479-1