跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Debian: CVE-2022-48579: unrar-nonfree -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2022-48579: unrar-nonfree -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/07/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. Solution(s) debian-upgrade-unrar-nonfree References https://attackerkb.com/topics/cve-2022-48579 CVE - 2022-48579 DLA-3535-1
  2. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-4194): Linux kernel (OEM) vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-4194): Linux kernel (OEM) vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/07/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/30/2025 Description A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1030-gkeop ubuntu-upgrade-linux-image-5-15-0-1037-nvidia ubuntu-upgrade-linux-image-5-15-0-1037-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1040-ibm ubuntu-upgrade-linux-image-5-15-0-1040-raspi ubuntu-upgrade-linux-image-5-15-0-1043-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1044-gcp ubuntu-upgrade-linux-image-5-15-0-1044-gke ubuntu-upgrade-linux-image-5-15-0-1044-kvm ubuntu-upgrade-linux-image-5-15-0-1045-oracle ubuntu-upgrade-linux-image-5-15-0-1047-aws ubuntu-upgrade-linux-image-5-15-0-1049-azure ubuntu-upgrade-linux-image-5-15-0-1049-azure-fde ubuntu-upgrade-linux-image-5-15-0-86-generic ubuntu-upgrade-linux-image-5-15-0-86-generic-64k ubuntu-upgrade-linux-image-5-15-0-86-generic-lpae ubuntu-upgrade-linux-image-5-15-0-86-lowlatency ubuntu-upgrade-linux-image-5-15-0-86-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1023-iot ubuntu-upgrade-linux-image-5-4-0-1031-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1058-ibm ubuntu-upgrade-linux-image-5-4-0-1072-bluefield ubuntu-upgrade-linux-image-5-4-0-1078-gkeop ubuntu-upgrade-linux-image-5-4-0-1095-raspi ubuntu-upgrade-linux-image-5-4-0-1100-kvm ubuntu-upgrade-linux-image-5-4-0-1110-oracle ubuntu-upgrade-linux-image-5-4-0-1111-aws ubuntu-upgrade-linux-image-5-4-0-1115-gcp ubuntu-upgrade-linux-image-5-4-0-1117-azure ubuntu-upgrade-linux-image-5-4-0-164-generic ubuntu-upgrade-linux-image-5-4-0-164-generic-lpae ubuntu-upgrade-linux-image-5-4-0-164-lowlatency ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-6-1-0-1021-oem ubuntu-upgrade-linux-image-6-2-0-1006-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1013-aws ubuntu-upgrade-linux-image-6-2-0-1013-oracle ubuntu-upgrade-linux-image-6-2-0-1014-azure ubuntu-upgrade-linux-image-6-2-0-1014-azure-fde ubuntu-upgrade-linux-image-6-2-0-1014-kvm ubuntu-upgrade-linux-image-6-2-0-1014-lowlatency ubuntu-upgrade-linux-image-6-2-0-1014-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1014-raspi ubuntu-upgrade-linux-image-6-2-0-1016-gcp ubuntu-upgrade-linux-image-6-2-0-34-generic ubuntu-upgrade-linux-image-6-2-0-34-generic-64k ubuntu-upgrade-linux-image-6-2-0-34-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-4194 CVE - 2023-4194 USN-6343-1 USN-6385-1 USN-6412-1 USN-6416-1 USN-6416-2 USN-6416-3 USN-6417-1 USN-6445-1 USN-6445-2 USN-6466-1 View more
  3. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-36054: krb5 security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-36054: krb5 security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) huawei-euleros-2_0_sp8-upgrade-krb5-devel huawei-euleros-2_0_sp8-upgrade-krb5-libs huawei-euleros-2_0_sp8-upgrade-krb5-pkinit huawei-euleros-2_0_sp8-upgrade-krb5-server huawei-euleros-2_0_sp8-upgrade-krb5-server-ldap huawei-euleros-2_0_sp8-upgrade-krb5-workstation huawei-euleros-2_0_sp8-upgrade-libkadm5 References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054 EulerOS-SA-2023-3131
  4. ISHACK AI BOT

    Microsoft Windows: CVE-2023-35384: Windows HTML Platforms Security Feature Bypass Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-35384: Windows HTML Platforms Security Feature Bypass Vulnerability Severity 6 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:P) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/05/2024 Description Windows HTML Platforms Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012_r2-kb5029243 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029243-57fe0c69-04e9-40d4-b795-1cacf1f2aac8 msft-kb5029243-c8e530ac-ca20-4dbf-83cf-6ac5cb47006c msft-kb5029243-eb5ca449-f44d-438b-86c7-82cf415802c7 References https://attackerkb.com/topics/cve-2023-35384 CVE - 2023-35384 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029243 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029312 View more
  5. ISHACK AI BOT

    Microsoft Windows: CVE-2023-36905: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-36905: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 08/07/2024 Description Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 References https://attackerkb.com/topics/cve-2023-36905 CVE - 2023-36905 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 View more
  6. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-20588: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-20588: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-20588 CVE - 2023-20588 EulerOS-SA-2023-3275
  7. ISHACK AI BOT

    Microsoft Windows: CVE-2023-36914: Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-36914: Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 07/22/2024 Description Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 References https://attackerkb.com/topics/cve-2023-36914 CVE - 2023-36914 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029263
  8. ISHACK AI BOT

    Microsoft Windows: CVE-2023-38184: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-38184: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-38184 CVE - 2023-38184 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more
  9. ISHACK AI BOT

    Microsoft Windows: CVE-2023-38172: Microsoft Message Queuing Denial of Service Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-38172: Microsoft Message Queuing Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Microsoft Message Queuing Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-38172 CVE - 2023-38172 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more
  10. ISHACK AI BOT

    Microsoft Windows: CVE-2023-35381: Windows Fax Service Remote Code Execution Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-35381: Windows Fax Service Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Windows Fax Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-35381 CVE - 2023-35381 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more
  11. ISHACK AI BOT

    Microsoft Windows: CVE-2023-35380: Windows Kernel Elevation of Privilege Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-35380: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-35380 CVE - 2023-35380 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more
  12. ISHACK AI BOT

    Microsoft Windows: CVE-2023-36907: Windows Cryptographic Services Information Disclosure Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-36907: Windows Cryptographic Services Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Windows Cryptographic Services Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-36907 CVE - 2023-36907 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more
  13. ISHACK AI BOT

    Microsoft Windows: CVE-2023-36909: Microsoft Message Queuing Denial of Service Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Windows: CVE-2023-36909: Microsoft Message Queuing Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/08/2023 Created 08/09/2023 Added 08/08/2023 Modified 09/06/2024 Description Microsoft Message Queuing Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5029259 microsoft-windows-windows_10-1607-kb5029242 microsoft-windows-windows_10-1809-kb5029247 microsoft-windows-windows_10-21h2-kb5029244 microsoft-windows-windows_10-22h2-kb5029244 microsoft-windows-windows_11-21h2-kb5029253 microsoft-windows-windows_11-22h2-kb5029263 microsoft-windows-windows_server_2012-kb5029308 microsoft-windows-windows_server_2012_r2-kb5029304 microsoft-windows-windows_server_2016-1607-kb5029242 microsoft-windows-windows_server_2019-1809-kb5029247 microsoft-windows-windows_server_2022-21h2-kb5029250 microsoft-windows-windows_server_2022-22h2-kb5029250 msft-kb5029301-a1547be5-0202-42de-a84d-fe4f4a84c377 msft-kb5029301-c4e2b172-875e-4f65-9beb-aa4ca197f8bb msft-kb5029307-3bec02c2-d1d5-4e49-9725-a9f0853ffbfa References https://attackerkb.com/topics/cve-2023-36909 CVE - 2023-36909 https://support.microsoft.com/help/5029242 https://support.microsoft.com/help/5029244 https://support.microsoft.com/help/5029247 https://support.microsoft.com/help/5029250 https://support.microsoft.com/help/5029253 https://support.microsoft.com/help/5029259 https://support.microsoft.com/help/5029263 https://support.microsoft.com/help/5029304 https://support.microsoft.com/help/5029308 https://support.microsoft.com/help/5029312 View more
  14. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-36054: krb5 security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-36054: krb5 security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) huawei-euleros-2_0_sp11-upgrade-krb5 huawei-euleros-2_0_sp11-upgrade-krb5-client huawei-euleros-2_0_sp11-upgrade-krb5-libs huawei-euleros-2_0_sp11-upgrade-krb5-server References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054 EulerOS-SA-2023-3034
  15. ISHACK AI BOT

    SUSE: CVE-2023-4147: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-4147: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/07/2023 Created 09/15/2023 Added 09/15/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4147 CVE - 2023-4147
  16. ISHACK AI BOT

    SUSE: CVE-2023-37329: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-37329: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/07/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968. Solution(s) suse-upgrade-gstreamer-plugins-bad suse-upgrade-gstreamer-plugins-bad-32bit suse-upgrade-gstreamer-plugins-bad-64bit suse-upgrade-gstreamer-plugins-bad-chromaprint suse-upgrade-gstreamer-plugins-bad-chromaprint-32bit suse-upgrade-gstreamer-plugins-bad-chromaprint-64bit suse-upgrade-gstreamer-plugins-bad-devel suse-upgrade-gstreamer-plugins-bad-fluidsynth suse-upgrade-gstreamer-plugins-bad-fluidsynth-32bit suse-upgrade-gstreamer-plugins-bad-fluidsynth-64bit suse-upgrade-gstreamer-plugins-bad-lang suse-upgrade-gstreamer-transcoder suse-upgrade-gstreamer-transcoder-devel suse-upgrade-libgstadaptivedemux-1_0-0 suse-upgrade-libgstadaptivedemux-1_0-0-32bit suse-upgrade-libgstadaptivedemux-1_0-0-64bit suse-upgrade-libgstbadallocators-1_0-0 suse-upgrade-libgstbadaudio-1_0-0 suse-upgrade-libgstbadaudio-1_0-0-32bit suse-upgrade-libgstbadaudio-1_0-0-64bit suse-upgrade-libgstbadbase-1_0-0 suse-upgrade-libgstbadvideo-1_0-0 suse-upgrade-libgstbasecamerabinsrc-1_0-0 suse-upgrade-libgstbasecamerabinsrc-1_0-0-32bit suse-upgrade-libgstbasecamerabinsrc-1_0-0-64bit suse-upgrade-libgstcodecparsers-1_0-0 suse-upgrade-libgstcodecparsers-1_0-0-32bit suse-upgrade-libgstcodecparsers-1_0-0-64bit suse-upgrade-libgstcodecs-1_0-0 suse-upgrade-libgstcodecs-1_0-0-32bit suse-upgrade-libgstcodecs-1_0-0-64bit suse-upgrade-libgstcuda-1_0-0 suse-upgrade-libgstcuda-1_0-0-32bit suse-upgrade-libgstcuda-1_0-0-64bit suse-upgrade-libgstgl-1_0-0 suse-upgrade-libgstinsertbin-1_0-0 suse-upgrade-libgstinsertbin-1_0-0-32bit suse-upgrade-libgstinsertbin-1_0-0-64bit suse-upgrade-libgstisoff-1_0-0 suse-upgrade-libgstisoff-1_0-0-32bit suse-upgrade-libgstisoff-1_0-0-64bit suse-upgrade-libgstmpegts-1_0-0 suse-upgrade-libgstmpegts-1_0-0-32bit suse-upgrade-libgstmpegts-1_0-0-64bit suse-upgrade-libgstphotography-1_0-0 suse-upgrade-libgstphotography-1_0-0-32bit suse-upgrade-libgstphotography-1_0-0-64bit suse-upgrade-libgstplay-1_0-0 suse-upgrade-libgstplay-1_0-0-32bit suse-upgrade-libgstplay-1_0-0-64bit suse-upgrade-libgstplayer-1_0-0 suse-upgrade-libgstplayer-1_0-0-32bit suse-upgrade-libgstplayer-1_0-0-64bit suse-upgrade-libgstsctp-1_0-0 suse-upgrade-libgstsctp-1_0-0-32bit suse-upgrade-libgstsctp-1_0-0-64bit suse-upgrade-libgsttranscoder-1_0-0 suse-upgrade-libgsturidownloader-1_0-0 suse-upgrade-libgsturidownloader-1_0-0-32bit suse-upgrade-libgsturidownloader-1_0-0-64bit suse-upgrade-libgstva-1_0-0 suse-upgrade-libgstva-1_0-0-32bit suse-upgrade-libgstva-1_0-0-64bit suse-upgrade-libgstvulkan-1_0-0 suse-upgrade-libgstvulkan-1_0-0-32bit suse-upgrade-libgstvulkan-1_0-0-64bit suse-upgrade-libgstwayland-1_0-0 suse-upgrade-libgstwayland-1_0-0-32bit suse-upgrade-libgstwayland-1_0-0-64bit suse-upgrade-libgstwebrtc-1_0-0 suse-upgrade-libgstwebrtc-1_0-0-32bit suse-upgrade-libgstwebrtc-1_0-0-64bit suse-upgrade-libgstwebrtcnice-1_0-0 suse-upgrade-libgstwebrtcnice-1_0-0-32bit suse-upgrade-libgstwebrtcnice-1_0-0-64bit suse-upgrade-typelib-1_0-cudagst-1_0 suse-upgrade-typelib-1_0-gstbadallocators-1_0 suse-upgrade-typelib-1_0-gstbadaudio-1_0 suse-upgrade-typelib-1_0-gstcodecs-1_0 suse-upgrade-typelib-1_0-gstcuda-1_0 suse-upgrade-typelib-1_0-gstgl-1_0 suse-upgrade-typelib-1_0-gstinsertbin-1_0 suse-upgrade-typelib-1_0-gstmpegts-1_0 suse-upgrade-typelib-1_0-gstplay-1_0 suse-upgrade-typelib-1_0-gstplayer-1_0 suse-upgrade-typelib-1_0-gsttranscoder-1_0 suse-upgrade-typelib-1_0-gstva-1_0 suse-upgrade-typelib-1_0-gstvulkan-1_0 suse-upgrade-typelib-1_0-gstvulkanwayland-1_0 suse-upgrade-typelib-1_0-gstvulkanxcb-1_0 suse-upgrade-typelib-1_0-gstwebrtc-1_0 References https://attackerkb.com/topics/cve-2023-37329 CVE - 2023-37329
  17. ISHACK AI BOT

    SUSE: CVE-2023-37328: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-37328: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/07/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20994. Solution(s) suse-upgrade-gstreamer-plugins-base suse-upgrade-gstreamer-plugins-base-32bit suse-upgrade-gstreamer-plugins-base-devel suse-upgrade-gstreamer-plugins-base-devel-32bit suse-upgrade-gstreamer-plugins-base-doc suse-upgrade-gstreamer-plugins-base-lang suse-upgrade-libgstallocators-1_0-0 suse-upgrade-libgstallocators-1_0-0-32bit suse-upgrade-libgstapp-1_0-0 suse-upgrade-libgstapp-1_0-0-32bit suse-upgrade-libgstaudio-1_0-0 suse-upgrade-libgstaudio-1_0-0-32bit suse-upgrade-libgstfft-1_0-0 suse-upgrade-libgstfft-1_0-0-32bit suse-upgrade-libgstgl-1_0-0 suse-upgrade-libgstgl-1_0-0-32bit suse-upgrade-libgstpbutils-1_0-0 suse-upgrade-libgstpbutils-1_0-0-32bit suse-upgrade-libgstriff-1_0-0 suse-upgrade-libgstriff-1_0-0-32bit suse-upgrade-libgstrtp-1_0-0 suse-upgrade-libgstrtp-1_0-0-32bit suse-upgrade-libgstrtsp-1_0-0 suse-upgrade-libgstrtsp-1_0-0-32bit suse-upgrade-libgstsdp-1_0-0 suse-upgrade-libgstsdp-1_0-0-32bit suse-upgrade-libgsttag-1_0-0 suse-upgrade-libgsttag-1_0-0-32bit suse-upgrade-libgstvideo-1_0-0 suse-upgrade-libgstvideo-1_0-0-32bit suse-upgrade-typelib-1_0-gstallocators-1_0 suse-upgrade-typelib-1_0-gstapp-1_0 suse-upgrade-typelib-1_0-gstaudio-1_0 suse-upgrade-typelib-1_0-gstfft-1_0 suse-upgrade-typelib-1_0-gstgl-1_0 suse-upgrade-typelib-1_0-gstglegl-1_0 suse-upgrade-typelib-1_0-gstglwayland-1_0 suse-upgrade-typelib-1_0-gstglx11-1_0 suse-upgrade-typelib-1_0-gstpbutils-1_0 suse-upgrade-typelib-1_0-gstrtp-1_0 suse-upgrade-typelib-1_0-gstrtsp-1_0 suse-upgrade-typelib-1_0-gstsdp-1_0 suse-upgrade-typelib-1_0-gsttag-1_0 suse-upgrade-typelib-1_0-gstvideo-1_0 References https://attackerkb.com/topics/cve-2023-37328 CVE - 2023-37328
  18. ISHACK AI BOT

    SUSE: CVE-2023-37327: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-37327: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/07/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775. Solution(s) suse-upgrade-gstreamer-plugins-base suse-upgrade-gstreamer-plugins-base-32bit suse-upgrade-gstreamer-plugins-base-devel suse-upgrade-gstreamer-plugins-base-devel-32bit suse-upgrade-gstreamer-plugins-base-doc suse-upgrade-gstreamer-plugins-base-lang suse-upgrade-gstreamer-plugins-good suse-upgrade-gstreamer-plugins-good-32bit suse-upgrade-gstreamer-plugins-good-doc suse-upgrade-gstreamer-plugins-good-extra suse-upgrade-gstreamer-plugins-good-extra-32bit suse-upgrade-gstreamer-plugins-good-gtk suse-upgrade-gstreamer-plugins-good-jack suse-upgrade-gstreamer-plugins-good-jack-32bit suse-upgrade-gstreamer-plugins-good-lang suse-upgrade-gstreamer-plugins-good-qtqml suse-upgrade-libgstallocators-1_0-0 suse-upgrade-libgstallocators-1_0-0-32bit suse-upgrade-libgstapp-1_0-0 suse-upgrade-libgstapp-1_0-0-32bit suse-upgrade-libgstaudio-1_0-0 suse-upgrade-libgstaudio-1_0-0-32bit suse-upgrade-libgstfft-1_0-0 suse-upgrade-libgstfft-1_0-0-32bit suse-upgrade-libgstgl-1_0-0 suse-upgrade-libgstgl-1_0-0-32bit suse-upgrade-libgstpbutils-1_0-0 suse-upgrade-libgstpbutils-1_0-0-32bit suse-upgrade-libgstriff-1_0-0 suse-upgrade-libgstriff-1_0-0-32bit suse-upgrade-libgstrtp-1_0-0 suse-upgrade-libgstrtp-1_0-0-32bit suse-upgrade-libgstrtsp-1_0-0 suse-upgrade-libgstrtsp-1_0-0-32bit suse-upgrade-libgstsdp-1_0-0 suse-upgrade-libgstsdp-1_0-0-32bit suse-upgrade-libgsttag-1_0-0 suse-upgrade-libgsttag-1_0-0-32bit suse-upgrade-libgstvideo-1_0-0 suse-upgrade-libgstvideo-1_0-0-32bit suse-upgrade-typelib-1_0-gstallocators-1_0 suse-upgrade-typelib-1_0-gstapp-1_0 suse-upgrade-typelib-1_0-gstaudio-1_0 suse-upgrade-typelib-1_0-gstfft-1_0 suse-upgrade-typelib-1_0-gstgl-1_0 suse-upgrade-typelib-1_0-gstglegl-1_0 suse-upgrade-typelib-1_0-gstglwayland-1_0 suse-upgrade-typelib-1_0-gstglx11-1_0 suse-upgrade-typelib-1_0-gstpbutils-1_0 suse-upgrade-typelib-1_0-gstrtp-1_0 suse-upgrade-typelib-1_0-gstrtsp-1_0 suse-upgrade-typelib-1_0-gstsdp-1_0 suse-upgrade-typelib-1_0-gsttag-1_0 suse-upgrade-typelib-1_0-gstvideo-1_0 References https://attackerkb.com/topics/cve-2023-37327 CVE - 2023-37327
  19. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-36054: Security patch for krb5 (ALAS-2023-2225)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-36054: Security patch for krb5 (ALAS-2023-2225) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) amazon-linux-ami-2-upgrade-krb5-debuginfo amazon-linux-ami-2-upgrade-krb5-devel amazon-linux-ami-2-upgrade-krb5-libs amazon-linux-ami-2-upgrade-krb5-pkinit amazon-linux-ami-2-upgrade-krb5-server amazon-linux-ami-2-upgrade-krb5-server-ldap amazon-linux-ami-2-upgrade-krb5-workstation amazon-linux-ami-2-upgrade-libkadm5 References https://attackerkb.com/topics/cve-2023-36054 AL2/ALAS-2023-2225 CVE - 2023-36054
  20. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-4194: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-4194: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/07/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4194 CVE - 2023-4194 EulerOS-SA-2023-3132
  21. ISHACK AI BOT

    Alma Linux: CVE-2023-36054: Moderate: krb5 security and bug fix update (ALSA-2023-6699)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alma Linux: CVE-2023-36054: Moderate: krb5 security and bug fix update (ALSA-2023-6699) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) alma-upgrade-krb5-devel alma-upgrade-krb5-libs alma-upgrade-krb5-pkinit alma-upgrade-krb5-server alma-upgrade-krb5-server-ldap alma-upgrade-krb5-workstation alma-upgrade-libkadm5 References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054 https://errata.almalinux.org/9/ALSA-2023-6699.html
  22. ISHACK AI BOT

    Amazon Linux AMI: CVE-2023-36054: Security patch for krb5 (ALAS-2023-1818)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI: CVE-2023-36054: Security patch for krb5 (ALAS-2023-1818) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 09/13/2023 Added 09/11/2023 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) amazon-linux-upgrade-krb5 References ALAS-2023-1818 CVE-2023-36054
  23. ISHACK AI BOT

    VMware Photon OS: CVE-2023-3896

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-3896 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/07/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3896 CVE - 2023-3896
  24. ISHACK AI BOT

    SUSE: CVE-2023-4194: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-4194: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/07/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4194 CVE - 2023-4194
  25. ISHACK AI BOT

    SUSE: CVE-2023-38103: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-38103: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/07/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443. Solution(s) suse-upgrade-gstreamer-plugins-ugly suse-upgrade-gstreamer-plugins-ugly-32bit suse-upgrade-gstreamer-plugins-ugly-doc suse-upgrade-gstreamer-plugins-ugly-lang References https://attackerkb.com/topics/cve-2023-38103 CVE - 2023-38103